Fix 0012474: bug_report XSS issue when report_stay=1

The "report stay" feature of the bug report page allows the user to
remain on the bug report page after submitting a report. After
submission a new bug_report page is opened and is prefilled with data
from the bug report just completed. The problem is that the hidden input
fields are not properly escaped.

This is not really a security issue as you need a valid one time CSRF
token to access bug_report.php anyhow. It's more a case of users
experiencing broken page output when they submit bug reports containing
HTML characters (using the report stay feature).