--- lib/VFS/smb.php.orig.20121129	2012-11-29 20:37:29.821780275 +0100
+++ lib/VFS/smb.php	2012-11-29 20:48:32.447424517 +0100
@@ -688,16 +688,17 @@
         putenv('PASSWD=' . $this->_params['password']);
         $ipoption = (isset($this->_params['ipaddress'])) ? (' -I ' . $this->_params['ipaddress']) : null;
         $fullcmd = $this->_params['smbclient'] .
-            ' "//' . $this->_params['hostspec'] . '/' . $share . '"' .
-            ' "-p' . $this->_params['port'] . '"' .
-            ' "-U' . $this->_params['username'] . '"' .
-            ' -D "' . $path . '" ' .
+            ' //' . escapeshellarg($this->_params['hostspec']) . '/' . escapeshellarg($share) .
+            ' -p' . escapeshellarg($this->_params['port']) . 
+            ' -U' . escapeshellarg($this->_params['username']) .
+            ' -D ' . escapeshellarg($path) . ' ' .
             $ipoption .
-            ' -c "';
+            ' -c ';
+	$smbcmd="";
         foreach ($cmd as $c) {
-            $fullcmd .= $c . ";";
+            $smbcmd .= $c . ";";
         }
-        $fullcmd .= '"';
+        $fullcmd .= escapeshellarg($smbcmd);
         return $this->_execute($fullcmd);
     }