Fix arbitrary execution of code by untrusted user input.

[gipi]

SSH_ORIGINAL_COMMAND was used in an eval() without check: in a normal git push this is not a problem but under the hood this is only an ssh command so a malicious user could do something like the following

$ ssh vagrant -C 'bar "foo;rm -vfr /tmp/"'
/usr/local/bin/gitreceive: eval: line 45: unexpected EOF while looking for matching `"'
/usr/local/bin/gitreceive: eval: line 46: syntax error: unexpected end of file
/usr/local/bin/gitreceive: line 54: /home/git//hooks/pre-receive: No such file or directory
chmod: cannot access `/home/git//hooks/pre-receive': No such file or directory
fatal: unrecognized command 'bar foo'
rm: cannot remove `/tmp': Permission denied

If people have gitreceive live with untrusted users I advice them to update as soon as possible.

I have not extensively tested this patch, comments are welcome.

[ghost]

I'm experiencing the same problem as @philippbosch