issues in incorrect project
I came across an issue with redmine:email:receive_imap
As described here (http://www.redmine.org/projects/redmine/wiki/RedmineReceivingEmails), the script accepts a parameter to indicate the project where the new issue will be created in.
However, redmine checks the mail subject for a syntax like "[#123]". If found, the mail will be added as a reply of the given ticket.
It seems now that if the syntax "[#123]" is added in the subject, it is possible to add a reply to a project where the sender has no access to. Wouldn't it be better to check the project parameter and never add a reply if the ticket exists in another project than the one that is passed as a parameter?