From 637a781f24c0cf67b253b09e7f6a34afdc9b1268 Mon Sep 17 00:00:00 2001
From: Christian Haschek <christian@haschek.at>
Date: Tue, 8 Mar 2022 22:00:58 +0100
Subject: [PATCH] changed the way the url is escaped. should fix #14

---
 api.php            | 2 +-
 http2pic.class.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/api.php b/api.php
index 396a468..f48c818 100644
--- a/api.php
+++ b/api.php
@@ -10,7 +10,7 @@ $resizewidth = $_GET['width'];
 $cache = $_GET['cache'];
 $onfail = rawurldecode($_GET['onfail']);
 
-$params = array('url'=>$url,
+$params = array('url'=>trim($url),
 				'type'=>$type,
 				'timeout'=>$timeout,
 				'viewport'=>$viewport,
diff --git a/http2pic.class.php b/http2pic.class.php
index e1bfe49..dad82a1 100644
--- a/http2pic.class.php
+++ b/http2pic.class.php
@@ -210,7 +210,7 @@ class http2pic
 			$cmd.=' -f png';
 		
 		//add url to cmd
-		$cmd.=' '.escapeshellarg($this->params['url']);
+		$cmd.=' \''.addslashes($this->params['url']).'\'';
 		
 		//add storage path to cmd
 		$cmd.=' '.escapeshellarg($this->params['file']);