Command injection through URL in Pidgin

[Mark Doliner]

Hey John, just wanted to update you on our status.

Tomasz cleaned up our browser launching code quite a bit. Again, on
correctly-functioning systems our previous code worked fine and there
was no problem (we WERE correctly shell escaping the URL before
passing it to the browser).

We added code so now we'll proactively percent-encode characters like
$ and ! to make it less likely that they'll cause problems with
whatever script is used to launch a browser.

This should get released in about 2 weeks.