Pawe? Grzesik: > IO.popen("/usr/sbin/sendmail -G -i #{my_str}", "w") do |pipe|
And there you have a giant security hole. What happens if an email address contains shell special characters? You specify flags=Rq in the pipe daemon command, but that quotes email addresses according to RFC822, not to make them resistant against shell command injection. (Note that the shell script example in FILTER_README does not have this issue becasue that does not re-parse its arguments). Wietse