diff --git a/webroot/ajax.php b/webroot/ajax.php
index ba543284c94610c527811e052215a9d93adebfec..674f8c3e3c854dc7b3a5cd87f74d8ed25cf62c7c 100755
--- a/webroot/ajax.php
+++ b/webroot/ajax.php
@@ -7,7 +7,7 @@
 
   if(isset($_GET["say"]))
   {
-    exec('echo "'.$_GET["say"].'" > tmp/say');
+    exec('echo "'.escapeshellarg($_GET["say"]).'" > tmp/say');
   }
 
 ?>