As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 738112 - Adding editorial plugin to Mozilla Hacks
: Adding editorial plugin to Mozilla Hacks
[pending secreview][start yyyy-mm-dd]...
Classification: Other
Component: Security Assurance: Review Request (show other bugs)
: other
: All All
: -- minor (vote)
: ---
Assigned To: Frederik Braun [:freddyb]
Depends on: 840939 840940 840941
  Show dependency treegraph
Reported: 2012-03-21 18:45 PDT by Robert Nyman
Modified: 2013-02-13 11:09 PST (History)
9 users (show)
See Also:
Crash Signature:
Due Date:
QA Whiteboard:
Iteration: ---
Points: ---


Description User image Robert Nyman 2012-03-21 18:45:38 PDT
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0a2) Gecko/20120313 Firefox/12.0a2
Build ID: 20120313042010

Steps to reproduce:

In bug we wanted to add an editorial plugin to Mozilla Hacks. This bug is to get some security testing/evaluation before we enable it.
Comment 1 User image Adam Muntner [:adamm] (use NEEDINFO) 2012-04-12 10:54:05 PDT
To confirm - you want this plugin reviewed:

What is the timeline associated with this?
Comment 2 User image Robert Nyman 2012-05-02 00:35:50 PDT
This one, yes:
Comment 3 User image Curtis Koenig [:curtisk-use]] 2012-09-14 11:00:31 PDT
Risk/Priority Ranking Exercise

Priority: N/A

Operational: 1 - Minor
User: 1 - Minor
Privacy: 0 - N/A
Engineering: 0 - N/A
Reputational: 1 - Minor

Priority Score: 0
Comment 4 User image Adam Muntner [:adamm] (use NEEDINFO) 2012-12-17 10:59:06 PST
Robert, can this wait till the beginning of Q1?
Comment 5 User image Robert Nyman 2012-12-18 00:32:54 PST
Well, it has waited since March, so it's not really in a rush. :-)
Comment 6 User image Adam Muntner [:adamm] (use NEEDINFO) 2012-12-18 04:53:33 PST
Thanks Robert, i'll queue it up asap.
Comment 7 User image Frederik Braun [:freddyb] 2013-02-13 03:54:06 PST
I have reached out to the plugin authors and suggested to look into this bug. I have also asked if they would like to work with me on patching the issues that I have found.
Comment 8 User image Robert Nyman 2013-02-13 04:05:58 PST
Comment 9 User image Frederik Braun [:freddyb] 2013-02-13 07:03:32 PST
Robert indicated that there's no hurry to get this plugin deployed.
But we can now hop on, whenever Zack finds the time to release a new version.

Thank you Zack for dealing with this so quickly!
Comment 10 User image Zack Grossbart 2013-02-13 07:14:19 PST
We keep the Editorial Calendar in a constantly releasable state.  I can push out release 2.7 with fixes for all three of these issues as early as tomorrow.  Would you like me to do that or do you want to do more testing?
Comment 11 User image Frederik Braun [:freddyb] 2013-02-13 08:44:46 PST
I'm done with the testing.
Comment 12 User image Zack Grossbart 2013-02-13 11:09:47 PST
I've just released version 2.7 of the calendar and it contains all of these fixes.  Thanks again for all the testing.

Note You need to log in before you can comment on or make changes to this bug.