[DCoder]

That added call to escapeshellarg sanitizes the "From" address before passing it to PHP's mail() function as an additional parameter. That function will invoke a preconfigured executable (sendmail or a compatible wrapper) and pass that parameter to it along with the rest of the email data. It is worth noting that:

1) PHPMailer can be configured to send mail through raw SMTP, by directly invoking sendmail, or by calling PHP's mail() function. The changes in this commit only affect the last mode.

2) The "From" address is typically chosen by the site operator/server administrator, not customizable by a site visitor. I have built sites with "share this page with a friend" functionality that sent email from one given email address to another, but this practice seems to have fallen out of favour when SPF became popular.