diff --git a/commitpkg b/commitpkg
index 9856df1a3da83e2be973eb4362dc03aad715bb2c..999c35f8cea34ab4b3b60f885911af2f0969bc44 100755
--- a/commitpkg
+++ b/commitpkg
@@ -78,9 +78,9 @@ case "$repo" in
 esac
 
 # check if all local source files are under version control
-for s in ${source[@]}; do
-	echo $s | grep -Fvq '://' && \
-	svn status $s | grep -q '^\?' && \
+for s in "${source[@]}"; do
+	echo "$s" | grep -Fvq '://' && \
+	svn status "$s" | grep -q '^\?' && \
 	abort "$s is not under version control"
 done
 
@@ -90,7 +90,7 @@ for i in 'changelog' 'install'; do
 	for file in $filelist; do
 		# evaluate any bash variables used
 		eval file=${file}
-		if svn status ${file} | grep -q '^\?'; then
+		if svn status "${file}" | grep -q '^\?'; then
 			abort "${file} is not under version control"
 		fi
 	done