From 2a644ab1cfed458a1afe7d0277afdfefa63f6248 Mon Sep 17 00:00:00 2001
From: Alex Dehnert <adehnert@mit.edu>
Date: Tue, 24 May 2011 16:16:21 -0400
Subject: [PATCH] Properly escape the zwrite command line

Thanks to Anders for bringing this issue to my attention.
---
 django/mit/__init__.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/django/mit/__init__.py b/django/mit/__init__.py
index acdb674..78ba4de 100644
--- a/django/mit/__init__.py
+++ b/django/mit/__init__.py
@@ -1,11 +1,16 @@
+import subprocess
+
 from django.contrib.auth.middleware import RemoteUserMiddleware
 from django.contrib.auth.backends import RemoteUserBackend
 from django.contrib import auth
 from django.core.exceptions import ObjectDoesNotExist
 
 def zephyr(msg, clas='remit', instance='log', rcpt='adehnert',):
-    import os
-    os.system("zwrite -d -c '%s' -i '%s' '%s' -m '%s'" % (clas, instance, rcpt, msg, ))
+    proc = subprocess.Popen(
+        ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
+        stdin=subprocess.PIPE, stdout=subprocess.PIPE
+    )
+    proc.communicate(msg)
 
 class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
     header = 'SSL_CLIENT_S_DN_Email'
-- 
2.45.0