Missing several shell metacharacters

[joshtriplett]

The UNIX implementation only escapes the following characters:

const SHELL_SPECIAL: &'static str = r#" \$'"`!"#;

It should escape at least the following characters (and possibly others):

const SHELL_SPECIAL: &'static str = "|&;<>()$`\\\"' \t\n*?[#~=%!{}";

[sfackler]

cc @alexcrichton

[sfackler]

According to this stack overflow post, the best approach might actually be to have a simple whitelist and then single-quote the contents since all that then needs to be escaped are single quotes: http://stackoverflow.com/a/20053121

[joshtriplett]

@sfackler Probably safer, and definitely more maintainable, yes.