diff --git a/scripts/restore b/scripts/restore
index cf0d895d..085b019e 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -20,6 +20,15 @@ ynh_restore_file --origin_path="$install_dir"
 chmod -R o-rwx "$install_dir"
 chown -R $app:www-data "$install_dir"
 
+#=================================================
+# PATCHING SOURCE
+#=================================================
+ynh_script_progression --message="Patching source files..." --weight=1
+
+# Prevent privilege escalation by injecting commands in an email name
+# This described in more detail on the manpage https://www.postfix.org/sendmail.1.html under security
+ynh_replace_string --match_string="'/usr/sbin/sendmail -bs'" --replace_string="'/usr/sbin/sendmail -bs -- '" --target_file=$install_dir/config/mail.php
+
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================