diff --git a/includes/account.php b/includes/account.php
index 88026d6..e004ce2 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -402,7 +402,7 @@ function buildSubjectFromSession() {
 			fclose($fp);
 			$challenge=$_SESSION['spkac_hash'];
 			$CSRname_esc = escapeshellarg($CSRname);
-			$res=`openssl spkac -verify -in $CSRname_esc`;
+			$res=shell_exec("openssl spkac -verify -in $CSRname_esc");
 			if(!strstr($res,"Challenge String: ".$challenge))
 			{
 				$id = $oldid;
@@ -466,7 +466,7 @@ function buildSubjectFromSession() {
 			$tmpname = tempnam("/tmp", "id4csr");
 			$tmpfname_esc = escapeshellarg($tmpfname);
 			$tmpname_esc = escapeshellarg($tmpname);
-			$do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; // -subj "$csr"`;
+			$do = shell_exec("/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc"); // -subj "$csr";
 			@unlink($tmpfname);
 			$csr = "";
 			$fp = fopen($tmpname, "r");
@@ -570,7 +570,7 @@ function buildSubjectFromSession() {
 		$addy = array();
 		$adds = array();
 		if(strtolower(substr($newdom, -4, 3)) != ".jp")
-			$adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
+			$adds = explode("\n", trim(shell_exec("/usr/bin/whois $newdom|grep \"@\"")));
 		if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
 		{
 			if(is_array($adds))
@@ -740,8 +740,8 @@ function buildSubjectFromSession() {
 		fputs($fp, $CSR);
 		fclose($fp);
 		$CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
-		$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
-		$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+		$_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep \"Subject:\""));
+		$bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
 		foreach($bits as $val)
 		{
 			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -911,8 +911,8 @@ function buildSubjectFromSession() {
 				$newfile=generatecertpath("csr","server",$newid);
 				copy($row['csr_name'], $newfile);
 				$newfile_esc = escapeshellarg($newfile);
-				$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep "Subject:"`);
-				$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+				$_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d \"\\0\"|grep \"Subject:\""));
+				$bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
 				foreach($bits as $val)
 				{
 					$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -942,7 +942,7 @@ function buildSubjectFromSession() {
 				} else {
 					$drow = mysql_fetch_assoc($res);
 					$crt_name = escapeshellarg($drow['crt_name']);
-					$cert = `/usr/bin/openssl x509 -in $crt_name`;
+					$cert = shell_exec("/usr/bin/openssl x509 -in $crt_name");
 					echo "<pre>\n$cert\n</pre>\n";
 				}
 			}
@@ -1549,7 +1549,7 @@ function buildSubjectFromSession() {
 			fclose($fp);
 			$challenge=$_SESSION['spkac_hash'];
 			$CSRname_esc = escapeshellarg($CSRname);
-			$res=`openssl spkac -verify -in $CSRname_esc`;
+			$res=shell_exec("openssl spkac -verify -in $CSRname_esc");
 			if(!strstr($res,"Challenge String: ".$challenge))
 			{
 				$id = $oldid;
@@ -1603,7 +1603,7 @@ function buildSubjectFromSession() {
 			$tmpname = tempnam("/tmp", "id17csr");
 			$tmpfname_esc = escapeshellarg($tmpfname);
 			$tmpname_esc = escapeshellarg($tmpname);
-			$do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`;
+			$do = shell_exec("/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc");
 			@unlink($tmpfname);
 			$csr = "";
 			$fp = fopen($tmpname, "r");
@@ -1857,8 +1857,8 @@ function buildSubjectFromSession() {
 		fputs($fp, $CSR);
 		fclose($fp);
 		$CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
-		$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
-		$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+		$_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep \"Subject:\""));
+		$bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
 		foreach($bits as $val)
 		{
 			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -2081,7 +2081,7 @@ function buildSubjectFromSession() {
 				} else {
 					$drow = mysql_fetch_assoc($res);
 					$crtname = escapeshellarg($drow['crt_name']);
-					$cert = `/usr/bin/openssl x509 -in $crtname`;
+					$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
 					echo "<pre>\n$cert\n</pre>\n";
 				}
 			}
@@ -2802,8 +2802,10 @@ function buildSubjectFromSession() {
 	{
 		$CSR = clean_csr($CSR);
 		$_SESSION['_config']['CSR'] = $CSR;
-		$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
-		$bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+		runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep \"Subject:\"", $CSR, $CSRSubjects);
+		runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:", $CSR, $CSRAlts);
+		$_SESSION['_config']['subject'] = trim($CSRSubjects);
+		$bits = explode(",", trim($CSRAlts));
 		foreach($bits as $val)
 		{
 			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -2827,8 +2829,11 @@ function buildSubjectFromSession() {
 	if($process != "" && $oldid == 46)
 	{
 		$CSR = clean_csr($_SESSION['_config']['CSR']);
-		$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
-		$bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+		runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep \"Subject:\"", $CSR, $CSRSubjects);
+		runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:", $CSR, $CSRAlts);
+
+		$_SESSION['_config']['subject'] = trim($CSRSubjects);
+		$bits = explode(",", trim($CSRAlts));
 		foreach($bits as $val)
 		{
 			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
diff --git a/includes/general.php b/includes/general.php
index 26a369e..596cc49 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -219,7 +219,7 @@
 		//echo "Points due to name matches: $points<br/>";
 
 		$shellpwd = escapeshellarg($pwd);
-		$do = `grep -F -- $shellpwd /usr/share/dict/american-english`;
+		$do = shell_exec("grep -F -- $shellpwd /usr/share/dict/american-english");
 		if($do)
 			$points--;
 
@@ -527,7 +527,8 @@
 		$fp = fopen($tmpfname, "w");
 		fputs($fp, $message);
 		fclose($fp);
-		$do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"`;
+		$to_esc = escapeshellarg($to);
+		$do = shell_exec("/usr/bin/gpg --homedir /home/gpg --clearsign \"$tmpfname\"|/usr/sbin/sendmail ".$to_esc);
 		@unlink($tmpfname);
 	}
 
@@ -538,9 +539,9 @@
 		{
 			list($username,$domain)=explode('@',$email,2);
 			$dom = escapeshellarg($domain);
-			$line = trim(`dig +short MX $dom 2>&1`);
+			$line = trim(shell_exec("dig +short MX $dom 2>&1"));
 #echo $email."-$dom-$line-\n";
-#echo `dig +short mx heise.de 2>&1`."-<br>\n";
+#echo shell_exec("dig +short mx heise.de 2>&1")."-<br>\n";
 
 			$list = explode("\n", $line);
 			foreach($list as $row) {
diff --git a/pages/account/15.php b/pages/account/15.php
index 6cd3115..405cb44 100644
--- a/pages/account/15.php
+++ b/pages/account/15.php
@@ -30,7 +30,7 @@
 	}
 	$row = mysql_fetch_assoc($res);
         $crtname=escapeshellarg($row['crt_name']);
-	$cert = `/usr/bin/openssl x509 -in $crtname`;
+	$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
 ?>
 <h3><?=_("Below is your Server Certificate")?></h3>
 <pre>
diff --git a/pages/account/19.php b/pages/account/19.php
index 6a2749c..959111f 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -31,7 +31,7 @@
 	}
 	$row = mysql_fetch_assoc($res);
         $crtname=escapeshellarg($row['crt_name']);
-	$cert = `/usr/bin/openssl x509 -in $crtname`;
+	$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
 
 	if($row['keytype'] == "NS")
 	{
diff --git a/pages/account/23.php b/pages/account/23.php
index 4ec56c3..4255b47 100644
--- a/pages/account/23.php
+++ b/pages/account/23.php
@@ -30,7 +30,7 @@
 	}
 	$row = mysql_fetch_assoc($res);
         $crtname=escapeshellarg($row['crt_name']);
-	$cert = `/usr/bin/openssl x509 -in $crtname`;
+	$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
 ?>
 <h3><?=_("Below is your Server Certificate")?></h3>
 <pre>
diff --git a/pages/account/6.php b/pages/account/6.php
index 305fccb..de8d1a3 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -60,7 +60,7 @@ if (array_key_exists('format', $_REQUEST)) {
 	}
 
 	$crtname=escapeshellarg($row['crt_name']);
-	$cert = `/usr/bin/openssl x509 -in $crtname $outform`;
+	$cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform");
 
 	header("Content-Type: application/pkix-cert");
 	header("Content-Length: ".strlen($cert));
@@ -82,7 +82,7 @@ if (array_key_exists('format', $_REQUEST)) {
 	} else {
 		// All other browsers
 		$crtname=escapeshellarg($row['crt_name']);
-		$cert = `/usr/bin/openssl x509 -in $crtname -outform DER`;
+		$cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER");
 
 		header("Content-Type: application/x-x509-user-cert");
 		header("Content-Length: ".strlen($cert));
@@ -111,7 +111,7 @@ if (array_key_exists('format', $_REQUEST)) {
 
 	// Allow to directly copy and paste the cert in PEM format
 	$crtname=escapeshellarg($row['crt_name']);
-	$cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`;
+	$cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM");
 	echo "<pre>$cert</pre>";
 
 	?>
diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php
index 8f607cd..db5da4f 100755
--- a/scripts/cron/warning.php
+++ b/scripts/cron/warning.php
@@ -1,5 +1,5 @@
 #!/usr/bin/php -q
-<? /*
+<?php /*
     LibreSSL - CAcert web application
     Copyright (C) 2004-2008  CAcert Inc.
 
@@ -18,6 +18,7 @@
 */
 
 	require_once(dirname(__FILE__).'/../../includes/mysql.php');
+	require_once(dirname(__FILE__).'/../../includes/lib/general.php');
 
 	$days = array("1" => "3", "15" => "2", "30" => "1", "45" => "0");
 
@@ -39,7 +40,7 @@
 				$row['crt_name'] = str_replace("../", "www/", $row['crt_name']);
 				$row['crt_name'] = "/home/cacert/".$row['crt_name'];
 				$crt_name = escapeshellarg($row['crt_name']);
-				$subject = `openssl x509 -in $crt_name -text -noout|grep Subject:`;
+				$subject = runCommand("openssl x509 -in $crt_name -text -noout|grep Subject:");
 				$bits = explode("/", $subject);
 				foreach($bits as $val)
 				{
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index b223168..3bfe55a 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -75,7 +75,7 @@ require_once '../../includes/lib/check_weak_key.php';
 	fclose($fp);
 	$incsr_esc = escapeshellarg($incsr);
 	$checkedcsr_esc = escapeshellarg($checkedcsr);
-	$do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`;
+	$do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc");
 	@unlink($incsr);
 	if(filesize($checkedcsr) <= 0)
 		die("404,Invalid or missing CSR");
@@ -97,7 +97,7 @@ require_once '../../includes/lib/check_weak_key.php';
 	foreach($emails as $emailid => $email)
 		mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
 
-	$do = `../../scripts/runclient`;
+	$do = shell_exec("../../scripts/runclient");
 	sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
 	$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
 	$res = mysql_query($query);
diff --git a/www/gpg.php b/www/gpg.php
index 80d8f21..cb72475 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -112,7 +112,7 @@ function verifyEmail($email)
 					clean_gpgcsr($CSR),
 					$gpg);
 
-			`rm -r $tmpdir`;
+			shell_exec("rm -r $tmpdir");
 		}
 
 		if ($err)
@@ -340,7 +340,7 @@ function verifyEmail($email)
 
 
 		$cmd_keyid = escapeshellarg($keyid);
-		$gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1`);
+		$gpg = trim(shell_exec("gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1"));
 		$lines = "";
 		$gpgarr = explode("\n", $gpg);
 		foreach($gpgarr as $line)
@@ -525,7 +525,7 @@ function verifyEmail($email)
 
 		$csrname=generatecertpath("csr","gpg",$insert_id);
 		$cmd_keyid = escapeshellarg($keyid);
-		$do=`gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname`;
+		$do=shell_exec("gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname");
 
 		mysql_query("update `gpg` set `csr`='$csrname' where `id`='$insert_id'");
 		waitForResult('gpg', $insert_id);