Thanks Pete - The project is ThunderPlunger.
I have just finished putting together a new release which incorporates
the change from POST to GET and uploaded it to addons.mozilla.org. Once
this gets reviewed and approved, I assume that most users will find and
install the update automatically.
I have also updated the addon's home page on Mozdev to tell them that
they must either add .html to the URL for this function (located in the
addon's options) or choose the mirror host for this function. Both of
these changes are passive and rely upon the user to recognize that
something is awry and check the addon's home page or email me.
So if it is possible to permit .php as it originally was on this project
without any significant security risk, that would be great! I have no
idea how long the update will take to get reviewed/approved nor how long
it will take for users to get their updates installed. I can let you
know when the approval makes the update available and then maybe we can
leave it for another 2 weeks after that to permit ample time for the
update to get distributed.
But I don't want to make more work than I already have for you folks nor
do I want to exacerbate any security risks. So just let me know what you
decide and I will take whatever other appropriate steps are required.
David
Pete Collins wrote:
On 10/1/10 2:58 PM, David White wrote:
4. So it seems that I have two choices: (a) change my code to GET
rather than POST or (b) users can change the addon's options so the
addon will post to the .php.html (directly) instead of the .php
(redirect). The former requires an addon update for all users while
the latter requires that all users somehow figure out that something
is wrong and either email me or go to the addon's website where I
have posted information about all this. I like the former because it
requires no active participation from my users save installing the
updated addon (which they should find out about automatically). But
the addon update will have to sit for who knows how long before it
gets approved.
Well the only other option is I add a rule for your project ONLY to
allow php.
Then when you think everything is good and most of your users have
updated, then I can remove it.
What project is it again?
Thanks
--pete
_______________________________________________
Project_owners mailing list
[email protected]
https://www.mozdev.org/mailman/listinfo/project_owners
