(no commit message)

diff --git a/MagickCore/delegate.c b/MagickCore/delegate.c
index 04defce0e42d24e8471f9867faf5e74076baf9c8..8cf87464eb6b9163c0c5043a73cdbc3bcca56364 100644 (file)
--- a/MagickCore/delegate.c
+++ b/MagickCore/delegate.c
@@ -893,6 +893,30 @@ static MagickBooleanType CopyDelegateFile(const char *source,
   return(IsMagickTrue(i!=0));
 }
 
+static char *SanitizeDelegateCommand(const char *command)
+{
+  char
+    *sanitize_command;
+
+  const char
+    *q;
+
+  register char
+    *p;
+
+  static char
+    whitelist[] =
+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-"
+      ".@&;<>|\\\'\":%";
+
+  sanitize_command=AcquireString(command);
+  p=sanitize_command;
+  q=sanitize_command+strlen(sanitize_command);
+  for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
+    *p='_';
+  return(sanitize_command);
+}
+
 MagickExport MagickBooleanType InvokeDelegate(ImageInfo *image_info,
   Image *image,const char *decode,const char *encode,ExceptionInfo *exception)
 {
@@ -1096,11 +1120,16 @@ MagickExport MagickBooleanType InvokeDelegate(ImageInfo *image_info,
     command=InterpretImageProperties(image_info,image,commands[i],exception);
     if (command != (char *) NULL)
       {
+        char
+          *sanitize_command;
+
         /*
           Execute delegate.
         */
+        sanitize_command=SanitizeDelegateCommand(command);
         status=IsMagickTrue(SystemCommand(delegate_info->spawn,
-          image_info->verbose,command,exception) != 0);
+          image_info->verbose,sanitize_command,exception) != 0);
+        sanitize_command=DestroyString(sanitize_command);
         if (IfMagickTrue(delegate_info->spawn))
           {
             ssize_t