diff --git a/change_log.txt b/change_log.txt
index 39bbfe6d..857ada7e 100644
--- a/change_log.txt
+++ b/change_log.txt
@@ -1,6 +1,7 @@
  ===== 3.1.30-dev ===== (xx.xx.xx)
  19.07.2016
   - bugfix multiple {include} with relative filepath within {block}{/block} could fail https://github.com/smarty-php/smarty/issues/246
+  - bugfix {match} shell injection vulnerability patch provided by Tim Weber
  
  18.07.2016
   - bugfix {foreach} if key variable and item@key attribute have been used both the key variable was not updated https://github.com/smarty-php/smarty/issues/254
diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php
index 98eeddbe..94bfb22c 100644
--- a/libs/Smarty.class.php
+++ b/libs/Smarty.class.php
@@ -121,7 +121,7 @@ class Smarty extends Smarty_Internal_TemplateBase
     /**
      * smarty version
      */
-    const SMARTY_VERSION = '3.1.30-dev/85';
+    const SMARTY_VERSION = '3.1.30-dev/86';
 
     /**
      * define variable scopes
diff --git a/libs/plugins/function.math.php b/libs/plugins/function.math.php
index a6e2a152..655fe728 100644
--- a/libs/plugins/function.math.php
+++ b/libs/plugins/function.math.php
@@ -44,8 +44,22 @@ function smarty_function_math($params, $template)
         return;
     }
 
+    // disallow backticks
+    if (strpos($equation, '`') !== false) {
+        trigger_error("math: backtick character not allowed in equation", E_USER_WARNING);
+
+        return;
+    }
+
+    // also disallow dollar signs
+    if (strpos($equation, '$') !== false) {
+        trigger_error("math: dollar signs not allowed in equation", E_USER_WARNING);
+
+        return;
+    }
+
     // match all vars in equation, make sure all are passed
-    preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]*)!", $equation, $match);
+    preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match);
 
     foreach ($match[ 1 ] as $curr_var) {
         if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) {