From 2ae760b62e824187b8341e1f58013e1feefea4de Mon Sep 17 00:00:00 2001
From: "Rudolf M. Schreier" <rudolfschreier@gmx.de>
Date: Tue, 14 Aug 2018 11:23:09 +0200
Subject: [PATCH] Add missing escaping of ffmpeg shell command during video
 thumbnail generation

---
 ext/handle_video/main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/handle_video/main.php b/ext/handle_video/main.php
index bb191896..bdde7ea9 100644
--- a/ext/handle_video/main.php
+++ b/ext/handle_video/main.php
@@ -111,7 +111,7 @@ class VideoFileHandler extends DataHandlerExtension {
 				else
 				{
 					$scale = 'scale="' . escapeshellarg("if(gt(a,{$w}/{$h}),{$w},-1)") . ':' . escapeshellarg("if(gt(a,{$w}/{$h}),-1,{$h})") . '"';
-					$cmd = "{$ffmpeg} -y -i {$inname} -vf {$scale} -ss 00:00:00.0 -f image2 -vframes 1 {$outname}";
+					$cmd = escapeshellcmd("{$ffmpeg} -y -i {$inname} -vf {$scale} -ss 00:00:00.0 -f image2 -vframes 1 {$outname}");
 				}
 
 				exec($cmd, $output, $returnValue);