--- ktorrent-3.1.3/plugins/webinterface/phphandler.cpp	2008-10-06 18:43:01.000000000 +0200
+++ ktorrent-3.1.4/plugins/webinterface/phphandler.cpp	2008-10-19 12:23:34.000000000 +0200
@@ -88,7 +88,9 @@
 		QMap<QString,QString>::const_iterator it;	
 		for ( it = args.begin(); it != args.end(); ++it )
 		{
-			out << QString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.value());
+			// Check for string delimiters, don't want PHP injection attacks
+			if (!containsDelimiters(it.key()) && !containsDelimiters(it.value()))
+				out << QString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.value());
 		}
 			
 		out << php_s.mid(firstphptag + 6) << flush;
@@ -111,6 +113,10 @@
 		}
 	}
 
+	bool PhpHandler::containsDelimiters(const QString & str)
+	{
+		return str.contains("\"") || str.contains("'");
+	}
 }
 
 #include "phphandler.moc"
--- ktorrent-3.1.3/plugins/webinterface/phphandler.h	2008-10-06 18:43:01.000000000 +0200
+++ ktorrent-3.1.4/plugins/webinterface/phphandler.h	2008-10-19 12:23:34.000000000 +0200
@@ -44,6 +44,9 @@
 		void onFinished(int exitCode,QProcess::ExitStatus exitStatus);
 		void onReadyReadStdout();
 		
+	private:
+		bool containsDelimiters(const QString & str);
+		
 	signals:
 		void finished();