Bug 13425 - XSS in intranet facets - Patch for 3.18 and master

Bug 13425 - XSS in intranet facets - Patch for 3.18 and master

To Test
1/ Craft a url like /cgi-bin/koha/catalogue/search.pl?q=smith&sort_by='"><script>prompt('Happy_Holidays')</script>

It is important it must return results and facets

2/ Notice the js is executed
3/ Apply the patch test again

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
No prompts, no functional regressions found.
Checked selecting and undoing facets, show more links and paging.
Signed-off-by: Mason James <mtj@kohaaloha.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>