Index: tests/t3lib/t3lib_stdgraphic_testcase.php
===================================================================
--- tests/t3lib/t3lib_stdgraphic_testcase.php	(revision 0)
+++ tests/t3lib/t3lib_stdgraphic_testcase.php	(revision 0)
@@ -0,0 +1,101 @@
+<?php
+/***************************************************************
+* Copyright notice
+*
+* (c) 2009 Oliver Klee (typo3-coding@oliverklee.de)
+* All rights reserved
+*
+* This script is part of the TYPO3 project. The TYPO3 project is
+* free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* The GNU General Public License can be found at
+* http://www.gnu.org/copyleft/gpl.html.
+*
+* This script is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* This copyright notice MUST APPEAR in all copies of the script!
+***************************************************************/
+
+/**
+ * Testcase for the t3lib_stdGraphic class in the TYPO3 core.
+ *
+ * @package TYPO3
+ * @subpackage t3lib
+ *
+ * @author Oliver Klee <typo3-coding@oliverklee.de>
+ */
+class t3lib_stdGraphic_testcase extends tx_phpunit_testcase {
+	/**
+	 * @var t3lib_stdGraphic
+	 */
+	private $fixture;
+
+	public function setUp() {
+		$className = uniqid('t3lib_stdGraphic');
+		eval(
+			'class ' . $className . ' extends t3lib_stdGraphic {' .
+			'public function wrapFileName($inputName) {' .
+			'return parent::wrapFileName($inputName);' .
+			'}' .
+			'}'
+		);
+
+		$this->fixture = new $className();
+	}
+
+	public function tearDown() {
+		unset($this->fixture);
+	}
+
+
+	//////////////////////////////////
+	// Tests concerning wrapFileName
+	//////////////////////////////////
+
+	/**
+	 * @test
+	 */
+	public function wrapFileNameEscapesSpace() {
+		$this->assertEquals(
+			"'foo bar.jpg'",
+			$this->fixture->wrapFileName('foo bar.jpg')
+		);
+	}
+
+	/**
+	 * @test
+	 */
+	public function wrapFileNameEscapesHyphen() {
+		$this->assertEquals(
+			"'foo-bar.jpg'",
+			$this->fixture->wrapFileName('foo-bar.jpg')
+		);
+	}
+
+	/**
+	 * @test
+	 */
+	public function wrapFileNameEscapesAmpersand() {
+		$this->assertEquals(
+			"'foo&bar.jpg'",
+			$this->fixture->wrapFileName('foo&bar.jpg')
+		);
+	}
+
+	/**
+	 * @test
+	 */
+	public function wrapFileNameEscapesSingleQuote() {
+		$this->assertEquals(
+			"'foo'\\''bar.jpg'",
+			$this->fixture->wrapFileName('foo\'bar.jpg')
+		);
+	}
+}
+?>
\ No newline at end of file

Property changes on: tests/t3lib/t3lib_stdgraphic_testcase.php
___________________________________________________________________
Added: svn:mime-type
   + text/plain

Index: t3lib/class.t3lib_stdgraphic.php
===================================================================
--- t3lib/class.t3lib_stdgraphic.php	(revision 6109)
+++ t3lib/class.t3lib_stdgraphic.php	(working copy)
@@ -2707,17 +2707,14 @@
 	}
 
 	/**
-	 * Wrapping the input filename in double-quotes
+	 * Escapes a file name so it can safely be used on the command line.
 	 *
-	 * @param	string		Input filename
-	 * @return	string		The output wrapped in "" (if there are spaces in the filepath)
-	 * @access private
+	 * @param string $inputName filename to safeguard, must not be empty
+	 *
+	 * @return string $inputName escaped as needed
 	 */
-	function wrapFileName($inputName)	{
-		if (strstr($inputName,' '))	{
-			$inputName='"'.$inputName.'"';
-		}
-		return $inputName;
+	protected function wrapFileName($inputName) {
+		return escapeshellarg($inputName);
 	}