Just as a clarification - Are *.php.html files passed through Mozdev's template system just like *.html files?
Thanks, Jake On 10/01/2010 06:01 PM, David White wrote: > Thanks Pete - The project is ThunderPlunger. > > I have just finished putting together a new release which incorporates > the change from POST to GET and uploaded it to addons.mozilla.org. > Once this gets reviewed and approved, I assume that most users will > find and install the update automatically. > > I have also updated the addon's home page on Mozdev to tell them that > they must either add .html to the URL for this function (located in > the addon's options) or choose the mirror host for this function. Both > of these changes are passive and rely upon the user to recognize that > something is awry and check the addon's home page or email me. > > So if it is possible to permit .php as it originally was on this > project without any significant security risk, that would be great! I > have no idea how long the update will take to get reviewed/approved > nor how long it will take for users to get their updates installed. I > can let you know when the approval makes the update available and then > maybe we can leave it for another 2 weeks after that to permit ample > time for the update to get distributed. > > But I don't want to make more work than I already have for you folks > nor do I want to exacerbate any security risks. So just let me know > what you decide and I will take whatever other appropriate steps are > required. > > David > > Pete Collins wrote: >> >> On 10/1/10 2:58 PM, David White wrote: >>> >>> 4. So it seems that I have two choices: (a) change my code to GET >>> rather than POST or (b) users can change the addon's options so the >>> addon will post to the .php.html (directly) instead of the .php >>> (redirect). The former requires an addon update for all users while >>> the latter requires that all users somehow figure out that something >>> is wrong and either email me or go to the addon's website where I >>> have posted information about all this. I like the former because it >>> requires no active participation from my users save installing the >>> updated addon (which they should find out about automatically). But >>> the addon update will have to sit for who knows how long before it >>> gets approved. >>> >> >> Well the only other option is I add a rule for your project ONLY to >> allow php. >> >> Then when you think everything is good and most of your users have >> updated, then I can remove it. >> >> What project is it again? >> >> Thanks >> >> --pete >> > _______________________________________________ > Project_owners mailing list > [email protected] > https://www.mozdev.org/mailman/listinfo/project_owners > > _______________________________________________ Project_owners mailing list [email protected] https://www.mozdev.org/mailman/listinfo/project_owners
