> The email interface only accepts emails that are correctly formatted perl > RFC2822. s/perl/per/ ? Also, the CAUTION section could probably stand to be reworded a little bit... it's clear enough to me, but playing devil's advocate for some of the folks who commonly ask us tech support questions, I think the fact that it treats the email like it came from the user on the From: line needs to be explicitly stated... We should probably also advertise that future versions will probably have mechanisms available to assist in authenticating the emails. A possible suggestion: ----- The script does not do any validation that the user is who they say they are. That is, it accepts any 'From' address, as long as it's a valid Bugzilla account, and treats the changes resulting from the email as if they were made by the user named in that 'From' address. If this bothers you, but you still want to use it, the best option for the time being is to have your MTA validate that the message is actually coming from who it says it's coming from (SMTP Auth or client certs), and only allow access to the inbound email system from people you trust. Future versions will probably provide mechanisms to assist in authenticating emails such as bounce-back confirmations or validating GPG signatures.
:Max, is this bug still an issue in the current code base? Reading this I have no idea where the code is, how to submit a patch, what files to look in. A bit of guidance for a good first bug would help out!
1) Go to http://www.bugzilla.org/download/ 2) Download code from code repository 3) grep the codebase to find the place 4) https://wiki.mozilla.org/Bugzilla:Developers $:andre\> grep -r "only accepts emails that are" . ./email_in.pl:The email interface only accepts emails that are correctly formatted