Improve fix for issue #15 (Problem to execute file command)

[GoogleCodeExporter]

currently in line 383 in  svn/trunk/timthumb.php (r63):

$mime_type = trim(@shell_exec('file -bi "' . $file . '"'));

suggestion:

$mime_type = trim(@shell_exec('file -bi ' . escapeshellarg($file)));

Why?
If $file somehow contains double quotes, dollar signs or other special 
characters, the current solution could fail or even be dangerous. 

escapeshellarg() puts $file in single quotes and escapes single quotes 
within $file correctly.

Original issue reported on code.google.com by hans.sp...@gmail.com on 7 Aug 2009 at 9:17

[GoogleCodeExporter]

thanks for the report, makes total sense. Have implemented your suggested fix

Original comment by BinaryMoon on 31 Dec 2009 at 7:21

• Changed state: Fixed