http://pear.php.net/bugs/bug.php?id=16200

--- Mail-1.2.0b1/Mail/sendmail.php	2008-07-02 02:24:39.000000000 -0400
+++ Mail-1.2.0b1/Mail/sendmail.php.oden	2010-01-25 06:27:54.000000000 -0500
@@ -117,7 +117,7 @@ class Mail_sendmail extends Mail {
         if (is_a($recipients, 'PEAR_Error')) {
             return $recipients;
         }
-        $recipients = escapeShellCmd(implode(' ', $recipients));
+        $recipients = implode(' ', array_map('escapeshellarg', $recipients));
 
         $headerElements = $this->prepareHeaders($headers);
         if (is_a($headerElements, 'PEAR_Error')) {
@@ -141,7 +141,7 @@ class Mail_sendmail extends Mail {
             return PEAR::raiseError('From address specified with dangerous characters.');
         }
 
-        $from = escapeShellCmd($from);
+        $from = escapeShellArg($from);
         $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w');
         if (!$mail) {
             return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.');