diff --git a/lib/QubitFindingAid.class.php b/lib/QubitFindingAid.class.php index 4ff2c7af8f..9beb38325b 100644 --- a/lib/QubitFindingAid.class.php +++ b/lib/QubitFindingAid.class.php @@ -392,7 +392,7 @@ public function extractTranscript(): string sprintf('Extracting finding aid text from "%s"', $this->getPath()) ); - $command = sprintf('pdftotext %s - 2> /dev/null', $this->getPath()); + $command = sprintf('pdftotext %s - 2> /dev/null', escapeshellarg($this->getPath())); exec($command, $output, $status); if (0 !== $status) { diff --git a/lib/model/QubitDigitalObject.php b/lib/model/QubitDigitalObject.php index 3caba68034..291c0e01ec 100644 --- a/lib/model/QubitDigitalObject.php +++ b/lib/model/QubitDigitalObject.php @@ -3067,7 +3067,7 @@ public function extractText($connection = null) return; } - $command = sprintf('pdftotext %s - 2> /dev/null', $path); + $command = sprintf('pdftotext %s - 2> /dev/null', escapeshellarg($path)); exec($command, $output, $status); if (0 == $status && 0 < count($output)) {