From c1edc681b7fde94b7c03c88d22f739cdcb7caa42 Mon Sep 17 00:00:00 2001
From: Joe Sapp <joe@babyjoe>
Date: Sun, 20 Jan 2013 12:37:06 -0400
Subject: [PATCH] Use escapeshellarg() in jhead module to quote new file name

---
 3.0/modules/jhead/helpers/jhead_event.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/3.0/modules/jhead/helpers/jhead_event.php b/3.0/modules/jhead/helpers/jhead_event.php
index 8d24e2f4..0a56defa 100644
--- a/3.0/modules/jhead/helpers/jhead_event.php
+++ b/3.0/modules/jhead/helpers/jhead_event.php
@@ -39,7 +39,7 @@ class jhead_event_Core {
     }
 
     // Invoke jhead
-    if ($error = exec(escapeshellcmd($binary).' -q -autorot '.$item->file_path())) {
+    if ($error = exec(escapeshellcmd($binary).' -q -autorot '.escapeshellarg($item->file_path()))) {
       // @todo throw an exception ?
       Kohana::log('error', 'Error during execution of jhead');
     }