Merge branch 'MDL-67587-master-1' of git://github.com/mihailges/moodle

Changed PARAM_TEXT to PARAM_NOTAGS to "search" param
because it's the same but WITHOUT lang support and we
don't need lang support there.

Of course, both require to verify that the output is always
escaped. In this case (mustache) it is. Or also p() or s().

Without that XSS on form values are relatively easy!