Fix 0012231: XSS vulnerability when uninstalling badly named plugins

John Reese discovered an XSS vulnerability with the uninstall
confirmation message shown when plugins are being uninstalled. The
plugin name is not escaped before being outputted and thus HTML unsafe
characters are not sanitised.

This doesn't actually pose a security risk because it requires someone
to:
a) Have access to the server to rename a plugin in the PHP files
b) Have administrator access to the MantisBT installation