Context Navigation

Modify ↓

#10579 new enhancement

Do not use "anonymous" updater's email in ticket notification From

Reported by:	Mark Potter <mpotter@…>	Owned by:
Priority:	normal	Milestone:	next-major-releases
Component:	notification	Version:
Severity:	normal	Keywords:	updater notification from
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Originally an additional suggestion to #8360 in comment:11:

With the "improvement" mentioned in comment:9, it would be possible for a malefactor to use a Trac system to send emails (new tickets or comments) that would appear to come from someone else.

Suggestion: The new smtp_from_author feature should only use email addresses from authenticated users.

Attachments (0)

Change History (1)

comment:1 by Remy Blank, 13 years ago

Milestone:	→ next-major-0.1X

Modify Ticket

Change Properties

Summary:
Description:	Originally an additional suggestion to #8360 in [comment:11:ticket:8360 comment:11]: With the "improvement" mentioned in [comment:9:ticket:8360 comment:9], it would be possible for a malefactor to use a Trac system to send emails (new tickets or comments) that would appear to come from someone else. Suggestion: The new `smtp_from_author` feature should only use email addresses from authenticated users. You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as new The ticket will remain with no owner.

unassign The ticket will be disowned.

resolve as The resolution will be set. Next status will be 'closed'.

assign The owner will be changed from (none) to anonymous. Next status will be 'assigned'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: