Index: ktorrent-2.2.7/plugins/webinterface/php_handler.cpp
===================================================================
--- ktorrent-2.2.7.orig/plugins/webinterface/php_handler.cpp
+++ ktorrent-2.2.7/plugins/webinterface/php_handler.cpp
@@ -82,7 +82,9 @@ namespace kt
 			
 		for ( it = args.begin(); it != args.end(); ++it )
 		{
-			ts << QString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data());
+			// Check for string delimiters, don't want PHP injection attacks
+			if (!containsDelimiters(it.key()) && !containsDelimiters(it.data()))
+				ts << QString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data());
 		}
 		ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script
 		ts << flush;
@@ -116,6 +118,10 @@ namespace kt
 		}
 	}
 
+	bool PhpHandler::containsDelimiters(const QString & str)
+	{
+		return str.contains("\"") || str.contains("'");
+	}
 }
 
 #include "php_handler.moc"
Index: ktorrent-2.2.7/plugins/webinterface/php_handler.h
===================================================================
--- ktorrent-2.2.7.orig/plugins/webinterface/php_handler.h
+++ ktorrent-2.2.7/plugins/webinterface/php_handler.h
@@ -43,6 +43,9 @@ namespace kt
 		void onExited();
 		void onReadyReadStdout();
 		
+	private:
+		bool containsDelimiters(const QString & str);
+		
 	signals:
 		void finished();