From fa8857dfc5375064b377bdda493aafdfbb20e3fd Mon Sep 17 00:00:00 2001
From: Stefan Jonasson <stefan.jonasson@sitedirect.se>
Date: Sun, 14 Feb 2016 22:22:11 +0100
Subject: [PATCH] Changed process communication to use stdin for the message
 because of security concerns.

---
 homeassistant/components/notify/command_line.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/homeassistant/components/notify/command_line.py b/homeassistant/components/notify/command_line.py
index aa753e4f02f..025046f1e7c 100644
--- a/homeassistant/components/notify/command_line.py
+++ b/homeassistant/components/notify/command_line.py
@@ -8,7 +8,6 @@ https://home-assistant.io/components/notify.command_line/
 """
 import logging
 import subprocess
-import shlex
 from homeassistant.helpers import validate_config
 from homeassistant.components.notify import (
     DOMAIN, BaseNotificationService)
@@ -38,10 +37,12 @@ class CommandLineNotificationService(BaseNotificationService):
 
     def send_message(self, message="", **kwargs):
         """ Send a message to a command_line. """
+
         try:
-            subprocess.check_call(
-                "{} {}".format(self.command,
-                               shlex.quote(message)),
-                shell=True)
-        except subprocess.CalledProcessError:
-            _LOGGER.error('Command failed: %s', self.command)
+            proc = subprocess.Popen(self.command, universal_newlines=True,
+                                    stdin=subprocess.PIPE, shell=True)
+            proc.communicate(input=message)
+            if proc.returncode != 0:
+                _LOGGER.error('Command failed: %s', self.command)
+        except subprocess.SubprocessError:
+            _LOGGER.error('Error trying to exec Command: %s', self.command)