From 9120d3b3e3625ae786d92dae61fa87002f6cc0cb Mon Sep 17 00:00:00 2001
From: "J. King" <jking@jkingweb.ca>
Date: Wed, 23 Jan 2019 09:32:44 -0500
Subject: [PATCH] Correctly escape shell command in subprocesds service driver

---
 lib/Service/Subprocess/Driver.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Service/Subprocess/Driver.php b/lib/Service/Subprocess/Driver.php
index a657232..5e79ed0 100644
--- a/lib/Service/Subprocess/Driver.php
+++ b/lib/Service/Subprocess/Driver.php
@@ -31,8 +31,8 @@ class Driver implements \JKingWeb\Arsse\Service\Driver {
         $pp = [];
         while ($this->queue) {
             $id = (int) array_shift($this->queue);
-            $php = '"'.\PHP_BINARY.'"';
-            $arsse = '"'.$_SERVER['argv'][0].'"';
+            $php = escapeshellarg(\PHP_BINARY);
+            $arsse = escapeshellarg($_SERVER['argv'][0]);
             array_push($pp, popen("$php $arsse feed refresh $id", "r"));
         }
         while ($pp) {