flaw in php_exec_dir patch

["VeNoMouS" <venom () gen-x co nz>]

Found a issue last night while testing php_exec_dir patch

if you do the following

$blah=`ps aux`;
echo nl2br($blah);

php_exec_dir will block the call if you have set the exec_dir parm in php or apache

anyway.... if you do this

$blah=`;ps aux`;
echo nl2br($blah);

it bypasses the exec block and excutes the ps due to the ';', as bash interrupts ';' as a new cmd, ive emailed the 
author but no response.