Emergency patch for http://bugs.cacert.org/view.php?id=1070

This issue is deemed to require emergency fixing since leaving it unpatched
would allow an attacker to execute arbitrary shell commands as the web server
user inside the chroot (note 003056 in the above bug).

includes/general.php

@@ -215,7 +215,8 @@
 
 		//echo "Points due to name matches: $points<br/>";
 
-		$do = `grep '$pwd' /usr/share/dict/american-english`;
+		$shellpwd = escapeshellarg($pwd);
+		$do = `grep $shellpwd /usr/share/dict/american-english`;
 		if($do)
 			$points--;