From 6cab78970f212a30ea923835510ffd1fb77a6ad0 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Mon, 17 Jul 2017 13:14:00 +0300
Subject: [ci skip] escapeshellarg on the image src path passed to NetPBM by
 Image_lib

---
 system/libraries/Image_lib.php      | 2 +-
 user_guide_src/source/changelog.rst | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php
index 88c9e7ede..8786d9d02 100644
--- a/system/libraries/Image_lib.php
+++ b/system/libraries/Image_lib.php
@@ -972,7 +972,7 @@ class CI_Image_lib {
 			$cmd_inner = 'pnmscale -xysize '.$this->width.' '.$this->height;
 		}
 
-		$cmd = $this->library_path.$cmd_in.' '.$this->full_src_path.' | '.$cmd_inner.' | '.$cmd_out.' > '.$this->dest_folder.'netpbm.tmp';
+		$cmd = $this->library_path.$cmd_in.' '.escapeshellarg($this->full_src_path).' | '.$cmd_inner.' | '.$cmd_out.' > '.$this->dest_folder.'netpbm.tmp';
 
 		$retval = 1;
 		// exec() might be disabled
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 828c9d30d..d6984bb7b 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -19,6 +19,7 @@ Bug fixes for 3.1.6
 -  Fixed a bug (#5168) - :doc:`Query Builder <database/query_builder>` method ``count_all_results()`` produced erroneous queries on Microsoft SQL Server when ``ORDER BY`` clauses are cached.
 -  Fixed a bug (#5128) - :doc:`Profiler <general/profiling>` didn't wrap ``$_SESSION`` and configuration arrays in ``<pre>`` tags.
 -  Fixed a bug (#5183) - :doc:`Database Library <database/index>` method ``is_write_type()`` didn't return TRUE for ``MERGE`` statements.
+-  Fixed a bug where :doc:`Image Manipulation Library <libraries/image_lib>` didn't escape image source paths passed to NetPBM as shell arguments.
 
 Version 3.1.5
 =============
-- 
cgit v1.2.3-24-g4f1b