Fix Mercurial command injection vulnerability
Summary: See http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html.
Test Plan: Crafted bad remote URL; got error instead of code execution.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D12112