Use proc_open to avoid spawning a shell

The use of `exec` will spawn a shell, using `/bin/sh` on POSIX platforms. But in restricted environment, such as AppArmor, this means giving execution to `/bin/sh`, which renders the execution restriction quite useless.
Using an array with `proc_open` reduces this, and paved the way for file streaming instead of temporary file.

Signed-off-by: Glandos <bugs-github@antipoul.fr>

lib/private/Preview/Movie.php

@@ -125,23 +125,30 @@ class Movie extends ProviderV2 {
 		$binaryType = substr(strrchr($this->binary, '/'), 1);
 
 		if ($binaryType === 'avconv') {
-			$cmd = $this->binary . ' -y -ss ' . escapeshellarg((string)$second) .
-				' -i ' . escapeshellarg($absPath) .
-				' -an -f mjpeg -vframes 1 -vsync 1 ' . escapeshellarg($tmpPath) .
-				' 2>&1';
+            $cmd = [$this->binary, '-y', '-ss', (string)$second,
+                    '-i', $absPath,
+                    '-an', '-f', 'mjpeg', '-vframes', '1', '-vsync', '1',
+                    $tmpPath];
 		} elseif ($binaryType === 'ffmpeg') {
-			$cmd = $this->binary . ' -y -ss ' . escapeshellarg((string)$second) .
-				' -i ' . escapeshellarg($absPath) .
-				' -f mjpeg -vframes 1' .
-				' ' . escapeshellarg($tmpPath) .
-				' 2>&1';
+            $cmd = [$this->binary, '-y', '-ss', (string)$second,
+                    '-i', $absPath,
+                    '-f', 'mjpeg', '-vframes', '1',
+                    $tmpPath];
 		} else {
 			// Not supported
 			unlink($tmpPath);
 			return null;
 		}
 
-		exec($cmd, $output, $returnCode);
+		$proc = proc_open($cmd, [1 => ['pipe', 'w'], 2 => ['pipe', 'w']], $pipes);
+		$returnCode = -1;
+		$output = "";
+		if (is_resource($proc)) {
+				$stdout = trim(stream_get_contents($pipes[1]));
+				$stderr = trim(stream_get_contents($pipes[2]));
+				$returnCode = proc_close($proc);
+				$output = $stdout . $stderr;
+		}
 
 		if ($returnCode === 0) {
 			$image = new \OCP\Image();