Filter HTML characters from user input #14
Description
Users are starting to game the system and put rogue HTML characters into the search box.
This is probably a simple matter of running html_entities() on any user input before it is allowed to propogate further through the code.