I’m amazed. Being a program writer myself … I always use escapeshellarg() in php whenever running a command in a shell. I find this *very* disturbing. Because … It’s just obvious for someone like me. Even if there wasn’t an escapeshellarg() for a c++ app I would write it. It doesn’t take much to find, and replace ` with \` and & with \& as well as ‘ ” ;
Guess it’s just me. A blow to open source that’s for sure 
It’s kinda stupid that they take all those extra pains to obey the rules of CSS, xhtml, and the like but can’t seem to find the intelligence to escape a command line.