Index: t3lib/class.t3lib_stdgraphic.php =================================================================== --- t3lib/class.t3lib_stdgraphic.php (revision 10435) +++ t3lib/class.t3lib_stdgraphic.php (working copy) @@ -2714,6 +2714,11 @@ if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) { setlocale(LC_CTYPE, $currentLocale); } + // if escapeshellarg didn't change anything or if there is no whitespace in the original string + // keep the original for (partial) safe_mode compatibility + if (trim($escapedInputName, '"\'') == $inputName && !preg_match('/[[:space:]]/', $inputName)) { + $escapedInputName = $inputName; + } return $escapedInputName; } Index: t3lib/thumbs.php =================================================================== --- t3lib/thumbs.php (revision 10435) +++ t3lib/thumbs.php (working copy) @@ -405,6 +405,11 @@ if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) { setlocale(LC_CTYPE, $currentLocale); } + // if escapeshellarg didn't change anything or if there is no whitespace in the original string + // keep the original for (partial) safe_mode compatibility + if (trim($escapedInputName, '"\'') == $inputName && !preg_match('/[[:space:]]/', $inputName)) { + $escapedInputName = $inputName; + } return $escapedInputName; } } Index: t3lib/utility/class.t3lib_utility_command.php =================================================================== --- t3lib/utility/class.t3lib_utility_command.php (revision 10435) +++ t3lib/utility/class.t3lib_utility_command.php (working copy) @@ -78,12 +78,39 @@ // Compile the path & command if ($im_version === 'gm') { $switchCompositeParameters = TRUE; - $path = escapeshellarg($path . 'gm' . $isExt) . ' ' . $command; + if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) { + $currentLocale = setlocale(LC_CTYPE, 0); + setlocale(LC_CTYPE, $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemLocale']); + } + $originalPath = $path . 'gm' . $isExt; + $path = escapeshellarg($originalPath); + if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) { + setlocale(LC_CTYPE, $currentLocale); + } + // if escapeshellarg didn't change anything or if there is no whitespace in the original string + // keep the original for (partial) safe_mode compatibility + if (trim($path, '"\'') == $originalPath && !preg_match('/[[:space:]]/', $originalPath)) { + $path = $originalPath; + } + $path .= ' ' . $command; } else { if ($im_version === 'im6') { $switchCompositeParameters = TRUE; } - $path = escapeshellarg($path . (($command == 'composite') ? $combineScript : $command) . $isExt); + if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) { + $currentLocale = setlocale(LC_CTYPE, 0); + setlocale(LC_CTYPE, $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemLocale']); + } + $originalPath = $path . (($command == 'composite') ? $combineScript : $command) . $isExt; + $path = escapeshellarg($originalPath); + if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) { + setlocale(LC_CTYPE, $currentLocale); + } + // if escapeshellarg didn't change anything or if there is no whitespace in the original string + // keep the original for (partial) safe_mode compatibility + if (trim($path, '"\'') == $originalPath && !preg_match('/[[:space:]]/', $originalPath)) { + $path = $originalPath; + } } // strip profile information for thumbnails and reduce their size