fix for #1545

[robkooper]

Fix remote code execution in dataset.php, this is only executable by providing a malicious url, and not from the web interface.

Description

Motivation and Context

Types of changes

• Bug fix (non-breaking change which fixes remote code execution #1545)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My change requires a change to the documentation.
• I have updated the CHANGELOG.md.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[robkooper]

This is deployed at http://pecan.ncsa.illinois.edu, and can be tested at http://pecan.ncsa.illinois.edu/pecan/08-finished.php?workflowid=99000000002

[tonygardella]

Assigned myself because I'm matched with Rob this week for code review.

[tonygardella]

Could you change this to: ## [1.5.0]- 2017-07-13

[tonygardella]

If you don't have time to make that edit to the change log I can do that later. I'd rather this get merged asap.