- sendmail = sendmail + " " + " ".join( sys.argv[1:] )
-
- mailpipe = os.popen("%s" % sendmail, 'w')
- mailpipe.write( message_string )
- sys.exit( mailpipe.close() )
+
+ # construct the sendmail pipe more safely (thanks iain murray!)
+ cmd = sys.argv[:]
+ cmd[0] = sendmail
+
+ from subprocess import Popen, PIPE
+ process = Popen(cmd, stdin=PIPE)
+ mailpipe = process.stdin
+ mailpipe.write( message.as_string().encode() )
+ mailpipe.close()
+ sys.exit( process.wait() )