Fix for bug 95235: variables with untrusted content were being echoed back to the user in error messages.  Those variables are now run through html_quote() first.
Patch by Gavin Shelley <gavins@iplbath.com>
r= justdave@syndicomm.com