fwiw, that's not a correct use of
escapeshellcmd. it doesn't modify the string in-place, it returns the escaped string, so you would need something like
$safe_filename = escapeshellcmd($filename).
however in this case i think you actually want
escapeshellarg instead, since the filename is a single argument.
Viewing a single comment thread. View all comments