--- old/ext/ftp/ftp.c	2007/02/27 03:28:16	1.112.2.4.2.7
+++ new/ext/ftp/ftp.c	2007/03/24 16:25:42	1.112.2.4.2.8
@@ -1096,10 +1096,16 @@
 	int		size;
 	char		*data;
 
+	if (strpbrk(cmd, "\r\n")) {
+		return 0;
+	} 
 	/* build the output buffer */
 	if (args && args[0]) {
 		/* "cmd args\r\n\0" */
 		if (strlen(cmd) + strlen(args) + 4 > FTP_BUFSIZE) {
+			return 0;
+		}
+		if (strpbrk(args, "\r\n")) {
 			return 0;
 		}
 		size = sprintf(ftp->outbuf, "%s %s\r\n", cmd, args);