fix some xss vulnerabilities

[dneustadt]

Hi!

This merge request is related to ActionRetro/FrogFind#6 and fixes similar XSS vulnerabilities with unescaped query parameters.

Proof: http://68k.news/index.php?section=nation&loc=%3Cinput+type%3D%22password%22+placeholder%3D%22password%22%3E