$NetBSD: patch-aa,v 1.1 2009/11/30 06:16:56 taca Exp $

Fix for http://secunia.com/advisories/37410/:
	refering Debian's patch via http://secunia.com/advisories/37458/

--- Mail/sendmail.php.orig	2006-09-26 21:44:11.000000000 +0900
+++ Mail/sendmail.php
@@ -108,7 +108,7 @@ class Mail_sendmail extends Mail {
         if (PEAR::isError($recipients)) {
             return $recipients;
         }
-        $recipients = escapeShellCmd(implode(' ', $recipients));
+        $recipients = implode(' ', array_map('escapeshellarg', $recipients));
 
         $this->_sanitizeHeaders($headers);
         $headerElements = $this->prepareHeaders($headers);
@@ -126,7 +126,7 @@ class Mail_sendmail extends Mail {
             return PEAR::raiseError('From address specified with dangerous characters.');
         }
 
-        $from = escapeShellCmd($from);
+        $from = escapeShellArg($from);
         $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w');
         if (!$mail) {
             return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.');
