[rt-users] Add Cc and Mail ticket with RT ident

Thomas Sibley trs at bestpractical.com
Wed Feb 22 13:55:58 EST 2012


Radek: Keep replies on the list!

On 02/22/2012 01:43 PM, Radek Svoboda wrote:
> Problem is with enabled UnsafeEmailCommands, thats have to be enabled
> for take and resolve command from mail address
> (information from
> http://search.cpan.org/dist/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm)

Ah, yes.

> I made tests with on create scrip
> ---
> my $AttachObj = $self->TransactionObj->Attachments->First;
> 
> my $content = $AttachObj->Content;
> if ( $content =~ s/^\Qaddcc:\E\s*(\S+)\s*$//im ) {
>   $self->TicketObj->AddWatcher( Type => "Cc",Email => "$1");
> }

This is very dangerous as implemented since it lets _anyone_ (like me!)
start getting mail about tickets.

> # silently overwrite attachment content
> $AttachObj->__Set( Field => 'Content', Value => $content );
> 1;
> ----------
> On create new ticket - rt create ticket, send mail to AdminCC and add
> new CC in this order

Yes, your new scrip probably runs after the scrips that send out mail.
You'd need to make sure it runs before.  CommandByMail runs at an
entirely different level than scrips, which is how it works.

Thomas



More information about the rt-users mailing list