Wrap user-supplied arguments with escapeshellarg() for safety

[ShaneMcC]

This prevents commands being executed unexpectedly, and also means that urls containing url parameters (eg ?foo=bar&baz=qux) get handled correctly.

[kelvinzer0]

Your efforts improve the code and bring valuable improvements to the user experience. Thank you, @ShaneMcC! Excited for more collaborations and achievements in the future.