From 306f4ef46bcbede59b427268fe6d8b5e18c811b2 Mon Sep 17 00:00:00 2001
From: Ian Bradley <marlen.crabapple@gmail.com>
Date: Mon, 15 Sep 2014 16:57:06 -0700
Subject: [PATCH] Added escapeshellarg() for WebM thumbnail generation.

---
 inc/lib/webm/ffmpeg.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inc/lib/webm/ffmpeg.php b/inc/lib/webm/ffmpeg.php
index 7b635b5c..edd2c73a 100644
--- a/inc/lib/webm/ffmpeg.php
+++ b/inc/lib/webm/ffmpeg.php
@@ -49,6 +49,10 @@ function is_valid_webm($ffprobe_out) {
 function make_webm_thumbnail($filename, $thumbnail, $width, $height) {
   global $board, $config;
 
+  $filename = escapeshellarg($filename);
+  $thumbnail = escapeshellarg($thumbnail); // Should be safe by default but you
+                                           // can never be too safe.
+
   $ffmpeg = $config['webm']['ffmpeg_path'];
   $ffmpeg_out = array();