Defect #28254

issues in incorrect project

Added by Christophe Gosiau 4 months ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution: Affected version:

Description

I came across an issue with redmine:email:receive_imap
As described here (http://www.redmine.org/projects/redmine/wiki/RedmineReceivingEmails), the script accepts a parameter to indicate the project where the new issue will be created in.
However, redmine checks the mail subject for a syntax like "[#123]". If found, the mail will be added as a reply of the given ticket.

It seems now that if the syntax "[#123]" is added in the subject, it is possible to add a reply to a project where the sender has no access to. Wouldn't it be better to check the project parameter and never add a reply if the ticket exists in another project than the one that is passed as a parameter?

Also available in: Atom PDF