diff --git a/core/trunk/core/docservers_tools.php b/core/trunk/core/docservers_tools.php
index 9b2da1e8a2ea29e828ad597f180002e81c97e427..a823e96de10d13807c9b86fe3e0e18b811404a2c 100644
--- a/core/trunk/core/docservers_tools.php
+++ b/core/trunk/core/docservers_tools.php
@@ -470,7 +470,10 @@ function Ds_setRights($dest)
         && (isset($GLOBALS['apacheUserAndGroup'])
         && $GLOBALS['apacheUserAndGroup'] <> '')
     ) {
-        exec('chown ' . $GLOBALS['apacheUserAndGroup'] . ' ' . $dest);
+        exec('chown ' 
+            . escapeshellarg($GLOBALS['apacheUserAndGroup']) . ' ' 
+            . escapeshellarg($dest)
+        );
     }
     umask(0022);
     chmod($dest, 0770);