Thanks for the reply
We've taken a deeper look at this and on windows, it escapes with a caret/circumflex character: ^ whilst on Unix based systems it escapes with a backslash character: \
But by the time the command line executes, the filesystem basically cannot find those files, so it's definitely not quite the right implementation at present, as it leads to some missing thumbnails for PDFs and presumably videos would have a similar problem when ffmpeg is used.
As you've suggested, we have temporarily hacked the PHP code on line 1559 to remove the escapeshellcmd() as we feel it's unncessary here, because what it escapes is already contained within double quotes so the special characters wont be having any effect, they are simply part of the actual filename until the end double quotes. I suppose the 'gotcha' is if someone added a double quote in a filename (however this is already forbidden by the Windows operation system), then potentially it could break out of the filename string and special characters would start doing funky stuff again. So maybe the best solution would be to simply escape double quotes with a backslash instead of using escapeshellcmd()
So currently our hacked code is now:
// get exec command string
$cmd = str_replace(
['%APP_PATH%', '%PATH%', '%CACHE%', '%RESIZE%'],
[$app_path, $this->path, $cachepath, $resize],
self::${"preview_cmd_$type"});
We've tested on both windows and linux and this now handles both the examples of special characters correctly with the PDF thumbnails being generated perfectly. Love the lazy-loading by the way, it feels very efficient too 🙂
It might be worth double checking where you wrap the various paths in double quotes, but we think this is already sufficient to not need to escape the $this->path using escapeshellcmd()
Ps. We've had a successful weekend of integrating files.gallery into our CMS and it's working pretty well, so we're very happy! May have a couple of other minor bits of feedback and little things for the wishlist, so will post these soon