fix vulnerability in PHPMailer

phpmailer/class.phpmailer.php

@@ -390,9 +390,11 @@ class PHPMailer
      */
     function SendmailSend($header, $body) {
         if ($this->Sender != "")
-            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+            $sendmail = sprintf("%s -oi -f %s -t", 
+                escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
         else
-            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
+            $sendmail = sprintf("%s -oi -t", 
+                escapeshellcmd($this->Sendmail));
 
         if(!@$mail = popen($sendmail, "w"))
         {