[Users] exec_dset with params in URI broken

Hello, Today I stumbled upon an issue while using exec_dset. If the R-URI has a parameter in it like the following: sip:+12125551212@208.1.1.1;dt=180 SIP/2.0 When exec_dset sends the R-URI as a command line param to the command specified when called like: exec_dset("/usr/local/bin/dostuff.pl"); popen is used to exec a new shell passing "/usr/local/bin/dostuff.pl sip:+12125551212@208.1.1.1;dt=180 SIP/2.0" as the command The ; in the RURI is interpreted by the shell as the end of the parameter. This causes the dt=180 portion of the R-URI to passed directly to the shell causing an error. It seems this problem could be exploited by an enterprising hacker. A solution would be to check the param string for semi-colons and if found escape them with a backslash ( \ ). I am working on this code now. Is this a known issue? Is there a better solution? T.R.