diff --git a/common/framework/Security.php b/common/framework/Security.php
index 6871af61e..871ce314b 100644
--- a/common/framework/Security.php
+++ b/common/framework/Security.php
@@ -37,13 +37,19 @@ class Security
 			case 'filename':
 				if (!utf8_check($input)) return false;
 				return Filters\FilenameFilter::clean($input);
-
+			
 			// Clean up SVG content to prevent various attacks.
 			case 'svg':
 				if (!utf8_check($input)) return false;
 				$sanitizer = new \enshrined\svgSanitize\Sanitizer();
 				return strval($sanitizer->sanitize($input));
 
+			// Clean up a path to prevent argument injection.
+			case 'command':
+				if (!utf8_check($input)) return false;
+				if (\RX_WINDOWS || preg_match('![^a-z0-9/._-]!', $input)) return escapeshellarg($input);
+				return strval($input);
+
 			// Unknown filters.
 			default:
 				throw new Exception('Unknown filter type for sanitize: ' . $type);
diff --git a/tests/unit/framework/SecurityTest.php b/tests/unit/framework/SecurityTest.php
index 9fb35a2b0..820541703 100644
--- a/tests/unit/framework/SecurityTest.php
+++ b/tests/unit/framework/SecurityTest.php
@@ -25,6 +25,17 @@ class SecurityTest extends \Codeception\Test\Unit
 		$source = '<svg><rect></rect><script></script></svg>';
 		$target = '<?xml version="1.0" encoding="UTF-8"?>' . "\n<svg>\n  <rect></rect>\n</svg>\n";
 		$this->assertEquals($target, Rhymix\Framework\Security::sanitize($source, 'svg'));
+
+		// Command
+		if (!\RX_WINDOWS)
+		{
+			$source = '/usr/bin/ffmpeg';
+			$target = '/usr/bin/ffmpeg';
+			$this->assertEquals($target, Rhymix\Framework\Security::sanitize($source, 'command'));
+			$source = '/usr/bin/path with space/ffmpeg';
+			$target = '\'/usr/bin/path with space/ffmpeg\'';
+			$this->assertEquals($target, Rhymix\Framework\Security::sanitize($source, 'command'));
+		}
 	}
 
 	public function testEncryption()