external script, nasty characters & argument injection

[k9fr4n]

hello

i defined a command in "[/settings/external scripts/scripts]" section that uses a binary check-ping.exe

check_ping = bin/check-ping.exe /host '$ARG1$'

I set the parameter "allow nasty characters" to false for in the category "[/settings/external scripts]"

but i can pass this kind of command:

./check_nrpe -H X.X.X.X -c check_ping -a "google.fr' || echo coucou ||'''"
coucou

Can you check if the option "allow nasty characters" is fonctionnal for external script ?

Regards