Avoid possible XSS when displaying the list of invalid plugins fixes #6871 for trunk props xknown.

git-svn-id: https://develop.svn.wordpress.org/trunk@8499 602fd350-edb4-49c9-b593-d223f7449a82

wp-admin/plugins.php

@@ -168,7 +168,7 @@ require_once('admin-header.php');
 $invalid = validate_active_plugins();
 if( !empty($invalid) )
 	foreach($invalid as $plugin_file => $error)
-		echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), $plugin_file, $error->get_error_message()) . '</p></div>';
+		echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), wp_specialchars($plugin_file), $error->get_error_message()) . '</p></div>';
 ?>
 
 <?php if ( isset($_GET['error']) ) : ?>