Fix unescaped query on cross-site search results

(fix omeka#1698)

application/view/common/cross-site-search/item-results.phtml

@@ -5,7 +5,7 @@
  ['class' => 'advanced-search']
 ); ?>
 
-<h2><?php echo sprintf($this->translate('Item results for "%s"'), $fulltextSearch); ?></h2>
+<h2><?php echo sprintf($this->translate('Item results for "%s"'), $this->escapeHtml($fulltextSearch)); ?></h2>
 
 <?php echo $this->pagination(); ?>
 

application/view/common/cross-site-search/item-set-results.phtml

@@ -5,7 +5,7 @@
  ['class' => 'advanced-search']
 ); ?>
 
-<h2><?php echo sprintf($this->translate('Item set results for "%s"'), $fulltextSearch); ?></h2>
+<h2><?php echo sprintf($this->translate('Item set results for "%s"'), $this->escapeHtml($fulltextSearch)); ?></h2>
 
 <?php echo $this->pagination(); ?>
 

application/view/common/cross-site-search/results.phtml

@@ -3,7 +3,7 @@ $fulltextSearch = $this->params()->fromQuery('fulltext_search');
 $hasResults = false;
 ?>
 
-<h2><?php echo sprintf($this->translate('Search results for “%s”'), $fulltextSearch); ?></h2>
+<h2><?php echo sprintf($this->translate('Search results for “%s”'), $this->escapeHtml($fulltextSearch)); ?></h2>
 
 <?php
 if ($responseSitePages && $responseSitePages->getTotalResults()):

application/view/common/cross-site-search/site-page-results.phtml

@@ -1,6 +1,6 @@
 <?php $fulltextSearch = $this->params()->fromQuery('fulltext_search'); ?>
 
-<h2><?php echo sprintf($this->translate('Site page results for "%s"'), $fulltextSearch); ?></h2>
+<h2><?php echo sprintf($this->translate('Site page results for "%s"'), $this->escapeHtml($fulltextSearch)); ?></h2>
 
 <div class="site results">
  <ul>
@@ -12,4 +12,4 @@
  </li>
  <?php endforeach; ?>
  </ul>
-</div>
+</div>