Index: trunk/server/common/patches/httpd-suexec-scripts.patch
===================================================================
--- trunk/server/common/patches/httpd-suexec-scripts.patch	(revision 2184)
+++ trunk/server/common/patches/httpd-suexec-scripts.patch	(revision 2186)
@@ -314,5 +314,5 @@
          exit(121);
      }
-@@ -614,6 +767,23 @@
+@@ -614,6 +767,30 @@
      /*
       * Execute the command, replacing our image with its own.
@@ -331,4 +331,11 @@
 +        argv[1] = PHP_PATH;
 +        argv[2] = "-f";
++        /*
++         * argv[3] is the command to run. argv[4] is either an argument or
++         * already null. We don't want to pass any arguments through from
++         * Apache (since they're untrusted), so we chop off the remainder
++         * of argv here.
++         */
++        argv[4] = 0;
 +        execv(PHP_PATH, &argv[1]);
 +        log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[1]);