re: #38 thedopefishlives
Caveat: Not if done properly. A bonehead could eff it up but good, if he/she tried.
Yes - that’s why the $mjml variable is passed through the escapeshellarg() function, to make sure it can’t be used to execute any arbitrary shell commands.