Thread:Project:Support desk/How to prevent code injection when executing programs from extesnion/reply

Maybe wfShellExec will be of help. It uses PHP's escapeshellarg function (well, on Linux it does). There is also wfEscapeShellArg, which seems to be a wrapper for escapeshellarg which fixes some issues with that function.