diff --git a/main/inc/lib/group_portal_manager.lib.php b/main/inc/lib/group_portal_manager.lib.php
index 1d0cfa79aa..a5feb06c81 100755
--- a/main/inc/lib/group_portal_manager.lib.php
+++ b/main/inc/lib/group_portal_manager.lib.php
@@ -144,7 +144,7 @@ class GroupPortalManager {
 		$sql = "SELECT id, name, description, picture_uri, url, visibility  FROM $table WHERE id = $group_id ";
 		$res = Database::query($sql);
 		$item = array();
-		if (Database::num_rows($res)>0) {
+		if (Database::num_rows($res)>0) {			
 			$item = Database::fetch_array($res,'ASSOC');
 		}
 		return $item;
@@ -960,7 +960,7 @@ class GroupPortalManager {
 			//echo '<div align="center" class="social-menu-title"><span class="social-menu-text1">'.cut($group_info['name'], GROUP_TITLE_LENGTH, true).'</span></div>';
 			//echo Display::div(get_lang('Actions') ,array('class' => 'social_menu_option'));
 			echo '<ul class="social-menu-groups">';
-			echo Display::tag('li', $group_info['description'], array('class'=>'group_description'));
+			echo Display::tag('li', Security::remove_XSS($group_info['description'], STUDENT, true), array('class'=>'group_description'));
 			echo $links;
 			echo '</ul>';
 		}
diff --git a/main/inc/lib/message.lib.php b/main/inc/lib/message.lib.php
index 85c6b093cc..d1f3fbedf0 100755
--- a/main/inc/lib/message.lib.php
+++ b/main/inc/lib/message.lib.php
@@ -159,7 +159,7 @@ class MessageManager
 			 } else {
 				$message[0] = ($result[0]);
 			 }
-			$result[2] = Security::remove_XSS($result[2]);
+			$result[2] = Security::remove_XSS($result[2], STUDENT, true);
 			$result[2] = cut($result[2], 80,true);
 
 			if ($request===true) {
@@ -708,7 +708,7 @@ class MessageManager
 	public static function show_message_box($message_id, $source = 'inbox') {
 		$table_message 		= Database::get_main_table(TABLE_MESSAGE);
 		$tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
-		$message_id = intval($message_id);
+		$message_id 		= intval($message_id);
 
 		if ($source == 'outbox') {
 			if (isset($message_id) && is_numeric($message_id)) {
@@ -726,8 +726,8 @@ class MessageManager
 			}
 			$path='inbox.php';
 		}
-
-		$row = Database::fetch_array($result);
+		$row = Database::fetch_array($result, 'ASSOC');		
+		$user_sender_id = $row['user_sender_id'];
 
 		// get file attachments by message id
 		$files_attachments = self::get_links_message_attachment_files($message_id,$source);
@@ -736,14 +736,15 @@ class MessageManager
 		$band=0;
 		$reply='';
 		for ($i=0;$i<count($user_con);$i++)
-			if ($row[1]==$user_con[$i])
+			if ($user_sender_id == $user_con[$i])
 				$band=1;
 
-		$row[5] = Security::remove_XSS($row[5]);
+		$title  	= Security::remove_XSS($row['title'], STUDENT, true);
+		$content  	= Security::remove_XSS($row['content'], STUDENT, true);
 		
-		$from_user = UserManager::get_user_info_by_id($row[1]);
-		$name = api_get_person_name($from_user['firstname'], $from_user['lastname']);
-		$user_image = UserManager::get_picture_user($row[1], $from_user['picture_uri'],80);
+		$from_user  = UserManager::get_user_info_by_id($user_sender_id);
+		$name 		= api_get_person_name($from_user['firstname'], $from_user['lastname']);
+		$user_image = UserManager::get_picture_user($row['user_sender_id'], $from_user['picture_uri'],80);
 		$user_image = Display::img($user_image['file'], $name, array('title'=>$name));		
 
 		$message_content =  '<table>
@@ -753,7 +754,7 @@ class MessageManager
 		      	<table>
 		            <tr>
 		              <td valign="top" width="100%">
-		               <h1>'.str_replace("\\","",$row[5]).'</h1>
+		               <h1>'.str_replace("\\","",$title).'</h1>
 		              </td>';
 		if (api_get_setting('allow_social_tool') == 'true') {
             $message_content .='<td width="100%">'.$user_image.'</td>';
@@ -762,20 +763,20 @@ class MessageManager
         $message_content .='<tr>';
     	if (api_get_setting('allow_social_tool') == 'true') {	
     		if ($source == 'outbox') {
-    			$message_content .='<td>'.get_lang('From').' <a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$row[1].'">'.$name.'</a> '.api_strtolower(get_lang('To')).'&nbsp;<b>'.GetFullUserName($row[2]).'</b> </td>';
+    			$message_content .='<td>'.get_lang('From').': <a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$user_sender_id.'">'.$name.'</a> '.api_strtolower(get_lang('To')).'&nbsp;<b>'.GetFullUserName($row[2]).'</b> </td>';
     		} else {
-    			$message_content .='<td>'.get_lang('From').' <a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$row[1].'">'.$name.'</a> '.api_strtolower(get_lang('To')).'&nbsp;<b>'.get_lang('Me').'</b> </td>';
+    			$message_content .='<td>'.get_lang('From').' <a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$user_sender_id.'">'.$name.'</a> '.api_strtolower(get_lang('To')).'&nbsp;<b>'.get_lang('Me').'</b> </td>';
     		}    
     	} else {
     		if ($source == 'outbox') {
-    			$message_content .='<td>'.get_lang('From').'&nbsp;'.$name.'</b> '.api_strtolower(get_lang('To')).' <b>'.GetFullUserName($row[2]).'</b> </td>';
+    			$message_content .='<td>'.get_lang('From').':&nbsp;'.$name.'</b> '.api_strtolower(get_lang('To')).' <b>'.GetFullUserName($row['user_receiver_id']).'</b> </td>';
     		} else {
-    			$message_content .='<td>'.get_lang('From').'&nbsp;'.$name.'</b> '.api_strtolower(get_lang('To')).' <b>'.get_lang('Me').'</b> </td>';
+    			$message_content .='<td>'.get_lang('From').':&nbsp;'.$name.'</b> '.api_strtolower(get_lang('To')).' <b>'.get_lang('Me').'</b> </td>';
     		}
     	}
 		 $message_content .='</tr>
 		              <tr>
-		              <td>'.get_lang('Date').'&nbsp; '.$row[4].'</td>
+		              <td>'.get_lang('Date').':  '.api_get_local_time($row['send_date']).'</td>
 		              </tr>
 		            </tr>
 		        </table>		        
@@ -783,7 +784,7 @@ class MessageManager
 		        <hr style="color:#ddd" />
 		        <table height="209px" width="100%">
 		            <tr>
-		              <td valign=top class="view-message-content">'.str_replace("\\","",$row['content']).'</td>
+		              <td valign=top class="view-message-content">'.str_replace("\\","",$content).'</td>
 		            </tr>
 		        </table>
 		        <div id="message-attach">'.(!empty($files_attachments)?implode('<br />',$files_attachments):'').'</div>
@@ -956,7 +957,7 @@ class MessageManager
 			        if (empty($topic['title'])) {
 			            $topic['title'] = get_lang('Untitled');
 			        } 				
-			        $title = Display::url('<h3>'.Security::remove_XSS($topic['title']).'</h3>', 'group_topics.php?id='.$group_id.'&topic_id='.$topic['id']);
+			        $title = Display::url('<h3>'.Security::remove_XSS($topic['title'], STUDENT, true).'</h3>', 'group_topics.php?id='.$group_id.'&topic_id='.$topic['id']);
                                             
                     $date = '';
                     $link = '';
@@ -974,7 +975,7 @@ class MessageManager
 					$user_info .= '<div class="message-group-author"><img src="'.$image_repository.$existing_image.'" alt="'.$name.'"  width="32" height="32" title="'.$name.'" /></div>';
 					$user_info .= '<div class="message-group-author">'.$user.'</div></td>';
 					//$date.								 
-					$html .= Display::div($title.cut($topic['content'], 150).$user_info, array('class'=>'group_discussions_info')).'</td></table>';						
+					$html .= Display::div($title.Security::remove_XSS(cut($topic['content'], 150), STUDENT, true).$user_info, array('class'=>'group_discussions_info')).'</td></table>';						
 		
 				$html .= '</div>'; //rounded_div
 				
@@ -994,11 +995,10 @@ class MessageManager
     public static function display_message_for_group($group_id, $message_id, $is_member) {
         global $my_group_role;
         
-        $main_message = self::get_message_by_id($message_id);
-                
-        $group_info = GroupPortalManager::get_group_data($group_id);
-        $rows = self::get_messages_by_group_by_message($group_id, $message_id);            
-        $rows = self::calculate_children($rows, $message_id);                
+        $main_message 	= self::get_message_by_id($message_id);                
+        $group_info		= GroupPortalManager::get_group_data($group_id);
+        $rows 			= self::get_messages_by_group_by_message($group_id, $message_id);            
+        $rows 			= self::calculate_children($rows, $message_id);                
         
         $current_user_id  = api_get_user_id();
         
@@ -1019,7 +1019,7 @@ class MessageManager
         //$items_page_nr = intval($_GET['items_'.$topic['id'].'_page_nr']);
         $items_page_nr = null;
         
-        echo Display::tag('h2', $main_message['title']);
+        echo Display::tag('h2', Security::remove_XSS($main_message['title'], STUDENT, true));
         $user_sender_info = UserManager::get_user_info_by_id($main_message['user_sender_id']);
         $files_attachments = self::get_links_message_attachment_files($main_message['id']);
         $name = api_get_person_name($user_sender_info['firstname'], $user_sender_info['lastname']);
@@ -1048,7 +1048,8 @@ class MessageManager
             $date = '<div class="message-group-date"> '.get_lang('Created').' '.date_to_str_ago($main_message['send_date']).'</div>';
         }
         $attachment = '<div class="message-attach">'.(!empty($files_attachments)?implode('<br />',$files_attachments):'').'</div>';                
-        $main_content.= '<div class="message-group-content">'.$links.$user_link.' '.$date.$main_message['content'].$attachment.'</div>';          
+        $main_content.= '<div class="message-group-content">'.$links.$user_link.' '.$date.$main_message['content'].$attachment.'</div>';
+        $main_content = Security::remove_XSS($main_content, STUDENT, true);
 
         $html = '';   
         
@@ -1094,7 +1095,7 @@ class MessageManager
                     $date = '<div class="message-group-date"> '.get_lang('Created').' '.date_to_str_ago($topic['send_date']).'</div>';
                 }
                 $attachment = '<div class="message-attach">'.(!empty($files_attachments)?implode('<br />',$files_attachments):'').'</div>';                
-                $html_items.= '<div class="message-group-content">'.$links.$user_link.' '.$date.$topic['content'].$attachment.'</div>';                          
+                $html_items.= '<div class="message-group-content">'.$links.$user_link.' '.$date.Security::remove_XSS($topic['content'], STUDENT, true).$attachment.'</div>';                          
                       
                 $base_padding = 20;
                 
diff --git a/main/inc/lib/notification.lib.php b/main/inc/lib/notification.lib.php
index 6a64cee2cb..489bdede01 100644
--- a/main/inc/lib/notification.lib.php
+++ b/main/inc/lib/notification.lib.php
@@ -66,7 +66,7 @@ class Notification extends Model {
             foreach($notifications as $item_to_send) {
                 
                 //Sending email
-                api_mail_html($item_to_send['dest_mail'], $item_to_send['dest_mail'], $item_to_send['title'], $item_to_send['content'], $this->admin_name, $this->admin_email);                    
+                api_mail_html($item_to_send['dest_mail'], $item_to_send['dest_mail'], Security::filter_terms($item_to_send['title']), Security::filter_terms($item_to_send['content']), $this->admin_name, $this->admin_email);                    
                 if ($this->debug) { error_log('Sending message to: '.$item_to_send['dest_mail']); }
                 
                 //Updating
@@ -128,7 +128,7 @@ class Notification extends Model {
                     case NOTIFY_GROUP_AT_ONCE:                     
                         if (!empty($user_info['mail'])) {
                             $name = api_get_person_name($user_info['firstname'], $user_info['lastname']);                            
-                            api_mail_html($name, $user_info['mail'], $title, $content, $this->admin_name, $this->admin_email);
+                            api_mail_html($name, $user_info['mail'], Security::filter_terms($title), Security::filter_terms($content), $this->admin_name, $this->admin_email);
                         }
                         $params['sent_at']       = api_get_utc_datetime();
                     //Saving the notification to be sent some day 
diff --git a/main/inc/lib/security.lib.php b/main/inc/lib/security.lib.php
index a98f95a17b..adddabfc94 100755
--- a/main/inc/lib/security.lib.php
+++ b/main/inc/lib/security.lib.php
@@ -343,7 +343,7 @@ class Security {
     	$replace = '***';    	
     	if (!empty($bad_terms)) {
     		//Fast way
-    		$new_text = str_replace($bad_terms, $replace, $text, $count);
+    		$new_text = str_ireplace($bad_terms, $replace, $text, $count);
     		
     		//We need statistics
     		/*
diff --git a/main/inc/lib/social.lib.php b/main/inc/lib/social.lib.php
index 54ec5154f1..280aca3e78 100755
--- a/main/inc/lib/social.lib.php
+++ b/main/inc/lib/social.lib.php
@@ -634,10 +634,7 @@ class SocialManager extends UserManager {
 			echo '<span>'.get_lang('Optoi').'</span>';
 			echo '</div>';*/
 
-	        echo '<div class="social_menu_items"><ul>';
-	        
-	        
-	        	                	
+	        echo '<div class="social_menu_items"><ul>';	        	                	
             echo '<li><a href="'.api_get_path(WEB_PATH).'main/social/home.php">'.Display::return_icon('home.png',get_lang('Home'),array('hspace'=>'6')).'<span class="'.($show=='home'?'social-menu-text-active':'social-menu-text4').'" >'.get_lang('Home').'</span></a></li>';
             echo '<li><a href="'.api_get_path(WEB_PATH).'main/messages/inbox.php?f=social">'.Display::return_icon('instant_message.png',get_lang('Messages'),array('hspace'=>'6')).'<span class="'.($show=='messages'?'social-menu-text-active':'social-menu-text4').'" >'.get_lang('Messages').$count_unread_message.'</span></a></li>';
 
diff --git a/main/install/db_main.sql b/main/install/db_main.sql
index 3a9255c26c..d436deba77 100755
--- a/main/install/db_main.sql
+++ b/main/install/db_main.sql
@@ -822,7 +822,8 @@ VALUES
 ('hide_courses_in_sessions',NULL,'radio', 'Platform','false','HideCoursesInSessionsTitle',	'HideCoursesInSessionsComment','platform',NULL, 1),
 ('enable_quiz_scenario',  NULL,'radio','Course','false','EnableQuizScenarioTitle','EnableQuizScenarioComment',NULL,NULL, 1),
 ('enable_nanogong',NULL,'radio','Tools','false','EnableNanogongTitle','EnableNanogongComment',NULL,NULL, 0),
-('chamilo_database_version',NULL,'textfield',NULL, '1.8.8.14911','DokeosDatabaseVersion','', NULL, NULL, 0);
+('filter_terms',NULL,'textarea','Security','','FilterTermsTitle','FilterTermsComment',NULL,NULL, 0),
+('chamilo_database_version',NULL,'textfield',NULL, '1.9.0.15605','DokeosDatabaseVersion','', NULL, NULL, 0);
 
 UNLOCK TABLES;
 /*!40000 ALTER TABLE settings_current ENABLE KEYS */;
diff --git a/main/messages/new_message.php b/main/messages/new_message.php
index d97cb42319..28cef46f3e 100755
--- a/main/messages/new_message.php
+++ b/main/messages/new_message.php
@@ -223,7 +223,7 @@ function manage_form ($default, $select_from_user_list = null) {
 
 		//adding reply mail
 		$user_reply_info = UserManager::get_user_info_by_id($message_reply_info['user_sender_id']);		
-		$default['content'] = '<br />'.sprintf(get_lang('XWroteY'), api_get_person_name($user_reply_info['firstname'], $user_reply_info['lastname']), $message_reply_info['content']);
+		$default['content'] = '<br />'.sprintf(get_lang('XWroteY'), api_get_person_name($user_reply_info['firstname'], $user_reply_info['lastname']), Security::filter_terms($message_reply_info['content']));
 	}
 	if (empty($group_id)) {
 		$form->addElement('html','<div class="row"><div class="label">'.get_lang('FilesAttachment').'</div><div class="formw">
diff --git a/main/messages/send_message.php b/main/messages/send_message.php
index 1da477753d..56cb72f475 100755
--- a/main/messages/send_message.php
+++ b/main/messages/send_message.php
@@ -21,6 +21,7 @@ $content_message = $_POST['txt_content'];
 $subject_message = $_POST['txt_subject'];
 
 
+
 $user_info = array();
 $user_info = api_get_user_info($user_id);
 
diff --git a/main/social/group_topics.php b/main/social/group_topics.php
index 6efd642e2e..a1b4025f73 100644
--- a/main/social/group_topics.php
+++ b/main/social/group_topics.php
@@ -132,8 +132,8 @@ echo '<div id="social-content">';
     //this include the social menu div
     SocialManager::show_social_menu('member_list', $group_id);
     echo '</div>';
-    echo '<div id="social-content-right">';    
-         echo '<h1><a href="groups.php?id='.$group_id.'">'.$group_info['name'].'</a> &raquo; '.get_lang('Messages').'</h1>';
+    echo '<div id="social-content-right">';
+         echo '<h1><a href="groups.php?id='.$group_id.'">'.Security::remove_XSS($group_info['name'], STUDENT, true).'</a> &raquo; '.get_lang('Messages').'</h1>';
          
         if (!empty($show_message)){
             Display::display_confirmation_message($show_message);
diff --git a/main/social/groups.php b/main/social/groups.php
index 3e6aa7bac3..dc76e2f5dc 100755
--- a/main/social/groups.php
+++ b/main/social/groups.php
@@ -219,7 +219,7 @@ if ($group_id != 0 ) {
 	echo '<div class="head_group">';    
 		echo '<div id="social-group-details">';
 				//Group's title
-				echo '<h1><a href="groups.php?id='.$group_id.'">'.$group_info['name'].'</a></h1>';
+				echo '<h1><a href="groups.php?id='.$group_id.'">'.Security::remove_XSS($group_info['name'], STUDENT, true).'</a></h1>';
 				
 				//echo '<div class="social-group-details-info"><a target="_blank" href="'.$group_info['url'].'">'.$group_info['url'].'</a></div>';
 				
@@ -329,6 +329,8 @@ if ($group_id != 0 ) {
 		if (is_array($results) && count($results) > 0) {
 			foreach ($results as $result) {
 				$id = $result['id'];
+				$result['name'] = Security::remove_XSS($result['name'], STUDENT, true);
+				$result['description'] = Security::remove_XSS($result['description'], STUDENT, true);
 				$my_group_list[] = $id;
 				$url_open  = '<a href="groups.php?id='.$id.'">';
 				$url_close = '</a>';
@@ -372,7 +374,8 @@ if ($group_id != 0 ) {
 		$results = GroupPortalManager::get_groups_by_age(4,false);
 		$grid_newest_groups = array();
 		foreach ($results as $result) {
-		    
+			$result['name'] = Security::remove_XSS($result['name'], STUDENT, true);
+			$result['description'] = Security::remove_XSS($result['description'], STUDENT, true);
 			$id = $result['id'];
 			$url_open  = '<a href="groups.php?id='.$id.'">';
 			$url_close = '</a>';
@@ -416,6 +419,8 @@ if ($group_id != 0 ) {
 
 		if (is_array($results) && count($results) > 0) {
 			foreach ($results as $result) {
+				$result['name'] = Security::remove_XSS($result['name'], STUDENT, true);
+				$result['description'] = Security::remove_XSS($result['description'], STUDENT, true);
 				$id = $result['id'];
 				$url_open  = '<a href="groups.php?id='.$id.'">';
 				$url_close = '</a>';
diff --git a/main/social/invitations.php b/main/social/invitations.php
index b53b7124ad..e5da1e0258 100755
--- a/main/social/invitations.php
+++ b/main/social/invitations.php
@@ -137,8 +137,8 @@ echo '<div id="social-content">';
 				   		$picture = UserManager::get_user_picture_path_by_id($sender_user_id,'web',false,true);
 				   		$friends_profile = SocialManager::get_picture_user($sender_user_id, $picture['file'], 92);
 				        $user_info	= api_get_user_info($sender_user_id);
-				        $title 		= Security::remove_XSS($invitation['title']);	        
-				        $content 	= Security::remove_XSS($invitation['content']);				        
+				        $title 		= Security::remove_XSS($invitation['title'], STUDENT, true);	        
+				        $content 	= Security::remove_XSS($invitation['content'], STUDENT, true);				        
 				        $date		= api_convert_and_format_date($invitation['send_date'], DATE_TIME_FORMAT_LONG);  				                        
 				    ?>	   	
 					<table cellspacing="0" border="0">
@@ -182,9 +182,9 @@ echo '<div id="social-content">';
 				   		$friends_profile = SocialManager::get_picture_user($sender_user_id, $picture['file'], 92);
 				        $user_info	= api_get_user_info($sender_user_id);	  
 				              
-				        $title		= Security::remove_XSS($invitation['title']);
-						$content	= Security::remove_XSS($invitation['content']);
-				        $date		= api_convert_and_format_date($invitation['send_date'], $invitation['send_date'], DATE_TIME_FORMAT_LONG); 		               
+				        $title		= Security::remove_XSS($invitation['title'], STUDENT, true);
+						$content	= Security::remove_XSS($invitation['content'], STUDENT, true);
+				        $date		= api_convert_and_format_date($invitation['send_date'], DATE_TIME_FORMAT_LONG); 		               
 				    ?>	   	
 					<table cellspacing="0" border="0">
 					<tbody>
diff --git a/main/social/message_for_group_form.inc.php b/main/social/message_for_group_form.inc.php
index 7fae2da149..94911b9376 100755
--- a/main/social/message_for_group_form.inc.php
+++ b/main/social/message_for_group_form.inc.php
@@ -24,10 +24,10 @@ $tok = Security::get_token();
 if (isset($_REQUEST['user_friend'])) {
 	$info_user_friend=array();
 	$info_path_friend=array();
- 	$userfriend_id=Security::remove_XSS($_REQUEST['user_friend']);
+ 	$userfriend_id = intval($_REQUEST['user_friend']);
  	// panel=1  send message
  	// panel=2  send invitation
- 	$panel=Security::remove_XSS($_REQUEST['view_panel']);
+ 	$panel = Security::remove_XSS($_REQUEST['view_panel']);
  	$info_user_friend = api_get_user_info($userfriend_id);
  	$info_path_friend = UserManager::get_user_picture_path_by_id($userfriend_id,'web',false,true);
 }
@@ -43,7 +43,7 @@ $to_group = '';
 $subject = '';
 $message = '';
 if (!empty($group_id) && $allowed_action) {
-	$group_info = GroupPortalManager::get_group_data($group_id);
+	$group_info = GroupPortalManager::get_group_data($group_id);	
 	$is_member = GroupPortalManager::is_group_member($group_id);
 	
     if ($group_info['visibility'] == GROUP_PERMISSION_CLOSED && !$is_member) {
@@ -52,9 +52,10 @@ if (!empty($group_id) && $allowed_action) {
 
 	$to_group   = $group_info['name'];
 	if (!empty($message_id)) {
-		$message_info = MessageManager::get_message_by_id($message_id);
+		$message_info = MessageManager::get_message_by_id($message_id);		
 		if ($allowed_action == 'reply_message_group') {				
 			$subject  = get_lang('Reply').': '.api_xml_http_response_encode($message_info['title']);
+			//$message  = api_xml_http_response_encode($message_info['content']);
 		} else {
 			$subject  = api_xml_http_response_encode($message_info['title']);
 			$message  = api_xml_http_response_encode($message_info['content']);
@@ -96,7 +97,8 @@ $page_topic  = !empty($_GET['topics_page_nr'])?intval($_GET['topics_page_nr']):1
 			$oFCKeditor->ToolbarSet = 'messages';
 			$oFCKeditor->Width		= '100%';
 			$oFCKeditor->Height		= $height;
-			$oFCKeditor->Value		= $message;					
+			$oFCKeditor->Value		= $message;
+								
 			$return =	$oFCKeditor->CreateHtml();	
 			echo $return;
 			if ($allowed_action == 'add_message_group') {
diff --git a/main/social/profile.php b/main/social/profile.php
index 9a812e3857..46c95b8ca3 100755
--- a/main/social/profile.php
+++ b/main/social/profile.php
@@ -16,7 +16,6 @@ if (api_get_setting('allow_social_tool') !='true') {
     api_not_allowed();
 }
 
-
 $user_id = api_get_user_id();
 
 $show_full_profile = true;
@@ -569,7 +568,7 @@ if ($show_full_profile) {
         					$user_invitation_info = api_get_user_info($user_invitation_id);
         					echo '<a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$user_invitation_id.'">'.api_get_person_name($user_invitation_info['firstname'], $user_invitation_info['lastname']).'</a>';
         					echo '<br />';
-        					echo ' '.(substr($pending_invitations[$i]['content'],0,50));
+        					echo Security::remove_XSS(cut($pending_invitations[$i]['content'], 50), STUDENT, true);
         					echo '<br />';
         					echo '<a id="btn_accepted_'.$user_invitation_id.'" onclick="register_friend(this)" href="javascript:void(0)">'.get_lang('SocialAddToFriends').'</a>';
         					echo '<div id="id_response"></div>';
diff --git a/main/social/search.php b/main/social/search.php
index d5c96bedc5..a62a193f12 100755
--- a/main/social/search.php
+++ b/main/social/search.php
@@ -43,7 +43,7 @@ echo '<div id="social-content">';
 			//get users from tags
 			$users  = UserManager::get_all_user_tags($_GET['q'], 0, 0, 5);
 			$groups = GroupPortalManager::get_all_group_tags($_GET['q']);
-			
+						
 			if (empty($users) && empty($groups)) {
 				echo get_lang('SorryNoResults');	
 			}
@@ -79,10 +79,12 @@ echo '<div id="social-content">';
 				echo '</div>';											
 			}
 								
-			//Get users from tags
+			//Get users from tags this loop does not make sense for now ... 
+			/*
 			if (is_array($results) && count($results) > 0) {				
-				foreach ($results as $result) {					
-					$id = $result['id'];
+				foreach ($results as $result) {
+							
+					$id = $result['id'];					
 					$url_open  = '<a href="groups.php?id='.$id.'">';
 					$url_close = '</a>';
 						
@@ -116,12 +118,14 @@ echo '<div id="social-content">';
 					$grid_item_2 = $item_1.$item_2.$item_3.$item_4;				
 					$grid_my_groups[]= array($grid_item_1,$grid_item_2);
 				}
-			}
+			}*/
 				
 			$grid_groups = array();
 			if (is_array($groups) && count($groups)>0) {
 				echo '<h2>'.get_lang('Groups').'</h2>';
-				foreach($groups as $group) {						
+				foreach($groups as $group) {	
+					$group['name'] = Security::remove_XSS($group['name'], STUDENT, true);
+					$$group['description'] = Security::remove_XSS($group['description'], STUDENT, true);
 					$id = $group['id'];
 					$url_open  = '<a href="groups.php?id='.$id.'">';
 					$url_close = '</a>';