From cd5cd7e22a854e2cce5f5f65418aae88de23d0ba Mon Sep 17 00:00:00 2001
From: e107steved <steved@e107.org>
Date: Tue, 19 Jun 2007 20:16:25 +0000
Subject: [PATCH] extra vetting on input - thanks nlstart

---
 e107_handlers/phpmailer/class.phpmailer.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/e107_handlers/phpmailer/class.phpmailer.php b/e107_handlers/phpmailer/class.phpmailer.php
index ccbcc9fb8..034c5ceb3 100644
--- a/e107_handlers/phpmailer/class.phpmailer.php
+++ b/e107_handlers/phpmailer/class.phpmailer.php
@@ -390,10 +390,9 @@ class PHPMailer
      */
     function SendmailSend($header, $body) {
         if ($this->Sender != "")
-            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+            $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
         else
-            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
-
+            $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
         if(!@$mail = popen($sendmail, "w"))
         {
             $this->SetError($this->Lang("execute") . $this->Sendmail);