Potential code injection in fun delete_directory

Under /system/ee/legacy/libraries/Functions.php, function delete_directory contains calls to `exec` 3 times using different, potentially "unsanitized" paramateres. As the PHP manual suggest, `escapeshellarg` should be used to sanitize individual arguments [1]. On an implementation in which the attacker controls the file name, arbitrary code execution is achieved. Better to fix it. [1] http://php.net/manual/en/function.escapeshellarg.php