- sendmail = sendmail + " " + " ".join( sys.argv[1:] )
-
- mailpipe = os.popen("%s" % sendmail, 'w')
+
+ # construct the sendmail pipe more safely (thanks iain murray!)
+ cmd = sys.argv[:]
+ cmd[0] = sendmail
+
+ from subprocess import Popen, PIPE
+ process = Popen(cmd, stdin=PIPE)
+ mailpipe = process.stdin