Openly-accessible whois execution

[wxcafe]

here is an example. I guess the fix there would be to implement a parser for the arguments to pass to whois before sending them off.

This isn't very high priority because it's executed as-is directly in whois (no shell), but if there's a vulnerability in whois it could potentially be abused (also I /guess/ the reply from whois is pasted directly in the page so it's a potential source of XSS if the whois server replies with something that will be executed, but I can't try that)