diff options
| -rw-r--r-- | lib/class/stream.class.php | 2 | ||||
| -rw-r--r-- | lib/general.lib.php | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/lib/class/stream.class.php b/lib/class/stream.class.php index bc23d28b..4d7b44c5 100644 --- a/lib/class/stream.class.php +++ b/lib/class/stream.class.php @@ -691,7 +691,7 @@ class Stream { $eofss = floor($song->time - ($eofmm * 60)); $eof = sprintf('%02d.%02d', $eofmm, $eofss); - $song_file = escapeshellarg($song->file); + $song_file = scrub_arg($song->file); $transcode_command = $song->stream_cmd(); if ($transcode_command == null) { diff --git a/lib/general.lib.php b/lib/general.lib.php index a8e4e909..fb7ab1a4 100644 --- a/lib/general.lib.php +++ b/lib/general.lib.php @@ -117,6 +117,20 @@ function unhtmlentities($string) { } //unhtmlentities /** + * scrub_arg + * + * This function behaves like escapeshellarg, but isn't broken + */ +function scrub_arg($arg) +{ + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { + return '"' . str_replace(array('"', '%'), array('', ''), $arg) . '"'; + } else { + return "'" . str_replace("'", "'\\''", $arg) . "'"; + } +} + +/** * format_bytes * Turns a size in bytes into a human-readable value */ |