Closed Bug 273550 Opened 16 years ago Closed 15 years ago

[Submission] GUID from applications should not be allowed as extension GUID

Categories

(addons.mozilla.org Graveyard :: Developer Pages, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: Bugzilla-alanjstrBugs, Assigned: fligtar)

References

Details

Attachments

(1 file)

It is possible for someone to use the GUID from Firefox, Seamonkey, etc, in
their extension or theme.  The bug to limit incoming GUIDs to be unique has
already been fixed.  However, it probably  does not prevent someone from using
the Firefox GUID.  This was discovered in bug 267026 comment 3.
Assignee: nobody → Bugzilla-alanjstrBugs
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attachment #168578 - Flags: first-review?(psychoticwolf)
Status: NEW → ASSIGNED
Comment on attachment 168578 [details] [diff] [review]
Checks the applications table for GUID

At a glance, this patch contains a section that appears to be a result of a CVS
merge, which doesn't belong here.

Otherwise, the patch looks ok.

Though the concept is a bit foggy, as the Apps GUIDs are actually perfectly
valid for 1 extension or theme, as they're not internally confused.
Attachment #168578 - Flags: first-review?(psychoticwolf) → first-review-
Target Milestone: 1.0 → 1.1
Target Milestone: 1.1 → ---
We should also not let people submit extensions with the GUID of the default
theme(s).
Summary: GUID from applications should not be allowed as extension GUID → [Submission] GUID from applications should not be allowed as extension GUID
Yeah, we should create some dummy entries for all the registered UUIDs, or otherwise block them, and reject any that end in @applications.mozilla.org or whatever the canonical form is.

I wonder if there's a list of these UUIDs anywhere...
Assignee: Bugzilla-alanjstrBugs → nobody
Status: ASSIGNED → NEW
OS: Windows XP → All
QA Contact: mozilla.update → developers
Hardware: PC → All
Target Milestone: --- → 2.1
> I wonder if there's a list of these UUIDs anywhere...

http://kb.mozillazine.org/Install.rdf#Target_applications.27_GUIDs
Depends on: remora-dev
Status: NEW → ASSIGNED
Target Milestone: 2.1 → 3.0
Assignee: nobody → fligtar
Status: ASSIGNED → NEW
This has been fixed in Remora (AMO v3). The additem script will not allow any GUIDs found in the applications table to be used as an add-on id.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.