diff --git a/src/Helpers/PrivilegesHelper.php b/src/Helpers/PrivilegesHelper.php
index 0c71d902..2cb7bb64 100644
--- a/src/Helpers/PrivilegesHelper.php
+++ b/src/Helpers/PrivilegesHelper.php
@@ -63,6 +63,16 @@ class PrivilegesHelper
 		if (!$user->email_confirmed)
 			throw new SimpleException('Need e-mail address confirmation to continue');
 	}
+
+	public static function getAllowedSafety()
+	{
+		$context = \Chibi\Registry::getContext();
+		return array_filter(PostSafety::getAll(), function($safety) use ($context)
+		{
+			return PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety)) and
+				$context->user->hasEnabledSafety($safety);
+		});
+	}
 }
 
 PrivilegesHelper::init();
diff --git a/src/Models/Model_Post_QueryBuilder.php b/src/Models/Model_Post_QueryBuilder.php
index b2709e84..8fa19d02 100644
--- a/src/Models/Model_Post_QueryBuilder.php
+++ b/src/Models/Model_Post_QueryBuilder.php
@@ -31,11 +31,7 @@ class Model_Post_QueryBuilder implements AbstractQueryBuilder
 	protected static function filterUserSafety($dbQuery)
 	{
 		$context = \Chibi\Registry::getContext();
-		$allowedSafety = array_filter(PostSafety::getAll(), function($safety) use ($context)
-		{
-			return PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety)) and
-				$context->user->hasEnabledSafety($safety);
-		});
+		$allowedSafety = PrivilegesHelper::getAllowedSafety();
 		$dbQuery->addSql('safety')->in('(' . R::genSlots($allowedSafety) . ')');
 		foreach ($allowedSafety as $s)
 			$dbQuery->put($s);
diff --git a/src/Models/Model_Tag_QueryBuilder.php b/src/Models/Model_Tag_QueryBuilder.php
index 8d311272..111debd2 100644
--- a/src/Models/Model_Tag_QueryBuilder.php
+++ b/src/Models/Model_Tag_QueryBuilder.php
@@ -3,21 +3,34 @@ class model_Tag_QueryBuilder implements AbstractQueryBuilder
 {
 	public static function build($dbQuery, $query)
 	{
+		$allowedSafety = PrivilegesHelper::getAllowedSafety();
 		$limitQuery = false;
-		$dbQuery->addSql(', COUNT(post_tag.post_id)')->as('count');
-		$dbQuery->from('tag');
-		$dbQuery->innerJoin('post_tag');
-		$dbQuery->on('tag.id = post_tag.tag_id');
+		$dbQuery
+			->addSql(', COUNT(post_tag.post_id)')
+			->as('count')
+			->from('tag')
+			->innerJoin('post_tag')
+			->on('tag.id = post_tag.tag_id')
+			->innerJoin('post')
+			->on('post.id = post_tag.post_id')
+			->where('safety IN (' . R::genSlots($allowedSafety) . ')');
+		foreach ($allowedSafety as $s)
+			$dbQuery->put($s);
 		if ($query !== null)
 		{
 			$limitQuery = true;
 			if (strlen($query) >= 3)
 				$query = '%' . $query;
 			$query .= '%';
-			$dbQuery->where('LOWER(tag.name) LIKE LOWER(?)')->put($query);
+			$dbQuery
+				->and('LOWER(tag.name)')
+				->like('LOWER(?)')
+				->put($query);
 		}
-		$dbQuery->groupBy('tag.id');
-		$dbQuery->orderBy('LOWER(tag.name)')->asc();
+		$dbQuery
+			->groupBy('tag.id')
+			->orderBy('LOWER(tag.name)')
+			->asc();
 		if ($limitQuery)
 			$dbQuery->limit(15);
 	}