diff --git a/lib/classes/phpinterface/class.phpinterface_fpm.php b/lib/classes/phpinterface/class.phpinterface_fpm.php
index 07f06c5c..aceef322 100644
--- a/lib/classes/phpinterface/class.phpinterface_fpm.php
+++ b/lib/classes/phpinterface/class.phpinterface_fpm.php
@@ -205,8 +205,8 @@ class phpinterface_fpm
 
 		if(!is_dir($socketdir) && $createifnotexists)
 		{
-			safe_exec('mkdir -p '.$socketdir);
-			safe_exec('chown -R '.$this->_settings['system']['httpuser'].':'.$this->_settings['system']['httpgroup'].' '.$socketdir);
+			safe_exec('mkdir -p '.escapeshellarg($socketdir));
+			safe_exec('chown -R '.$this->_settings['system']['httpuser'].':'.$this->_settings['system']['httpgroup'].' '.escapeshellarg($socketdir));
 		}
 
 		return $socket;
diff --git a/scripts/jobs/cron_tasks.php b/scripts/jobs/cron_tasks.php
index 41e0bb1a..1d75d0ec 100644
--- a/scripts/jobs/cron_tasks.php
+++ b/scripts/jobs/cron_tasks.php
@@ -118,7 +118,7 @@ while($row = $db->fetch_array($result_tasks))
 				// now get rid of old stuff
 				//(but append /* so we don't delete the directory)
 				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				safe_exec('rm -rf '. escapeshellarg(makeCorrectFile($configdir)));
 			}
 		}
 
@@ -132,7 +132,7 @@ while($row = $db->fetch_array($result_tasks))
 				// now get rid of old stuff
 				//(but append /* so we don't delete the directory)
 				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				safe_exec('rm -rf '. escapeshellarg(makeCorrectFile($configdir)));
 			}
 		}