How to edit redmine code for notification mail don't have plain text contents

1. For example about notification mail:

Issue #223 has been reported by ABC.
________________________________
Issue #223: security issue of notification mails
• Author: ABC
• Status: New
• Priority: High
• Assignee: CDE
• Category: Management
• Target version: Iteration#11

Dear CDE,
Redmine notification mails are plain texts and thus have security issue.
Could you make Redmine notification mails not include plain text contents?
I think you may modify the Redmine's Ruby code to do it.

2. Because of security, we want to edit redmine code for notification mail don't have plain text contents. That means notification mails as below:

Could you please show me how to do this?
Thanks

About redmine: redmine-1.3.0.tar.gz
Link: http://rubyforge.org/frs/download.php/75597/redmine-1.3.0.tar.gz

Replies (4)

RE: How to edit redmine code for notification mail don't have plain text contents - Added by Jan Niggemann (redmine.org team member) about 11 years ago

First of all: Your version has security issues, please read Security_Advisories and update if possible.

RE: How to edit redmine code for notification mail don't have plain text contents - Added by Le Son Phat about 11 years ago

No. We only want to disable content for notification mail.

RE: How to edit redmine code for notification mail don't have plain text contents - Added by Jan Niggemann (redmine.org team member) about 11 years ago

No.

"No"? I acknowledge that it's your own problem, but don't say that you haven't been warned, if someone messes up your installation or takes over your whole server!

RE: How to edit redmine code for notification mail don't have plain text contents - Added by Le Son Phat about 11 years ago

Solved.
In
/var/www/redmine/app/views/mailer
At files:
document_added.html.erb
issue_edit.html.erb
_issue.html.erb
message_posted.html.erb
news_comment_added.html.erb

Remove lines have text "textilizable"

(1-4/4)

Project

General

Profile

Redmine