[Project_owners] php Issues

David White whitedavidp at yahoo.com
Fri Oct 1 15:01:25 PDT 2010

Thanks Pete - The project is ThunderPlunger.

I have just finished putting together a new release which incorporates 
the change from POST to GET and uploaded it to addons.mozilla.org. Once 
this gets reviewed and approved, I assume that most users will find and 
install the update automatically.

I have also updated the addon's home page on Mozdev to tell them that 
they must either add .html to the URL for this function (located in the 
addon's options) or choose the mirror host for this function. Both of 
these changes are passive and rely upon the user to recognize that 
something is awry and check the addon's home page or email me.

So if it is possible to permit .php as it originally was on this project 
without any significant security risk, that would be great! I have no 
idea how long the update will take to get reviewed/approved nor how long 
it will take for users to get their updates installed. I can let you 
know when the approval makes the update available and then maybe we can 
leave it for another 2 weeks after that to permit ample time for the 
update to get distributed.

But I don't want to make more work than I already have for you folks nor 
do I want to exacerbate any security risks. So just let me know what you 
decide and I will take whatever other appropriate steps are required.


Pete Collins wrote:
> On 10/1/10 2:58 PM, David White wrote:
>> 4. So it seems that I have two choices: (a) change my code to GET 
>> rather than POST or (b) users can change the addon's options so the 
>> addon will post to the .php.html (directly) instead of the .php 
>> (redirect). The former requires an addon update for all users while 
>> the latter requires that all users somehow figure out that something 
>> is wrong and either email me or go to the addon's website where I 
>> have posted information about all this. I like the former because it 
>> requires no active participation from my users save installing the 
>> updated addon (which they should find out about automatically). But 
>> the addon update will have to sit for who knows how long before it 
>> gets approved.
> Well the only other option is I add a rule for your project ONLY to 
> allow php.
> Then when you think everything is good and most of your users have 
> updated, then I can remove it.
> What project is it again?
> Thanks
> --pete

More information about the Project_owners mailing list