Debian and Ubuntu are shipping updated php-packages with the following patch:
- debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete multibyte chars inside escapeshellcmd()
For this reason the escapeshellcmd calls for converting images (imagemagick) in GlobalFunctions.php fail if there is a non-ascii character in filename. I discovered this failure on rezeptewiki.org after updating php from the ubuntu security repository.
To fix the problem we added the following in GlobalFunctions.php in the lines before escapeshellarg():
setlocale(LC_CTYPE, "UTF8", "de_DE.UTF-8");
The locale depends on the installed locales on the system.