[Project_owners] php Issues
whitedavidp at yahoo.com
Fri Oct 1 15:01:25 PDT 2010
Thanks Pete - The project is ThunderPlunger.
I have just finished putting together a new release which incorporates
the change from POST to GET and uploaded it to addons.mozilla.org. Once
this gets reviewed and approved, I assume that most users will find and
install the update automatically.
I have also updated the addon's home page on Mozdev to tell them that
they must either add .html to the URL for this function (located in the
addon's options) or choose the mirror host for this function. Both of
these changes are passive and rely upon the user to recognize that
something is awry and check the addon's home page or email me.
So if it is possible to permit .php as it originally was on this project
without any significant security risk, that would be great! I have no
idea how long the update will take to get reviewed/approved nor how long
it will take for users to get their updates installed. I can let you
know when the approval makes the update available and then maybe we can
leave it for another 2 weeks after that to permit ample time for the
update to get distributed.
But I don't want to make more work than I already have for you folks nor
do I want to exacerbate any security risks. So just let me know what you
decide and I will take whatever other appropriate steps are required.
Pete Collins wrote:
> On 10/1/10 2:58 PM, David White wrote:
>> 4. So it seems that I have two choices: (a) change my code to GET
>> rather than POST or (b) users can change the addon's options so the
>> addon will post to the .php.html (directly) instead of the .php
>> (redirect). The former requires an addon update for all users while
>> the latter requires that all users somehow figure out that something
>> is wrong and either email me or go to the addon's website where I
>> have posted information about all this. I like the former because it
>> requires no active participation from my users save installing the
>> updated addon (which they should find out about automatically). But
>> the addon update will have to sit for who knows how long before it
>> gets approved.
> Well the only other option is I add a rule for your project ONLY to
> allow php.
> Then when you think everything is good and most of your users have
> updated, then I can remove it.
> What project is it again?
More information about the Project_owners