As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact bugzilla-admin@mozilla.org
Last Comment Bug 738112 - Adding editorial plugin to Mozilla Hacks
: Adding editorial plugin to Mozilla Hacks
Status: RESOLVED FIXED
[pending secreview][start yyyy-mm-dd]...
:
Product: mozilla.org
Classification: Other
Component: Security Assurance: Review Request (show other bugs)
: other
: All All
: -- minor (vote)
: ---
Assigned To: Frederik Braun [:freddyb]
:
:
Mentors:
Depends on: 840939 840940 840941
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-21 18:45 PDT by Robert Nyman
Modified: 2013-02-13 11:09 PST (History)
9 users (show)
See Also:
Crash Signature:
(edit)
Due Date:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description User image Robert Nyman 2012-03-21 18:45:38 PDT
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0a2) Gecko/20120313 Firefox/12.0a2
Build ID: 20120313042010

Steps to reproduce:

In bug https://bugzilla.mozilla.org/show_bug.cgi?id=732055 we wanted to add an editorial plugin to Mozilla Hacks. This bug is to get some security testing/evaluation before we enable it.
Comment 1 User image Adam Muntner [:adamm] (use NEEDINFO) 2012-04-12 10:54:05 PDT
To confirm - you want this plugin reviewed:

https://bugzilla.mozilla.org/show_bug.cgi?id=738112

What is the timeline associated with this?
Comment 2 User image Robert Nyman 2012-05-02 00:35:50 PDT
This one, yes: http://wordpress.org/extend/plugins/editorial-calendar/
Thanks!
Comment 3 User image Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]] 2012-09-14 11:00:31 PDT
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings

Priority: N/A

Operational: 1 - Minor
User: 1 - Minor
Privacy: 0 - N/A
Engineering: 0 - N/A
Reputational: 1 - Minor

Priority Score: 0
Comment 4 User image Adam Muntner [:adamm] (use NEEDINFO) 2012-12-17 10:59:06 PST
Robert, can this wait till the beginning of Q1?
Comment 5 User image Robert Nyman 2012-12-18 00:32:54 PST
Well, it has waited since March, so it's not really in a rush. :-)
Comment 6 User image Adam Muntner [:adamm] (use NEEDINFO) 2012-12-18 04:53:33 PST
Thanks Robert, i'll queue it up asap.
Comment 7 User image Frederik Braun [:freddyb] 2013-02-13 03:54:06 PST
I have reached out to the plugin authors and suggested to look into this bug. I have also asked if they would like to work with me on patching the issues that I have found.
Comment 8 User image Robert Nyman 2013-02-13 04:05:58 PST
Thanks!
Comment 9 User image Frederik Braun [:freddyb] 2013-02-13 07:03:32 PST
Robert indicated that there's no hurry to get this plugin deployed.
But we can now hop on, whenever Zack finds the time to release a new version.

Thank you Zack for dealing with this so quickly!
Comment 10 User image Zack Grossbart 2013-02-13 07:14:19 PST
We keep the Editorial Calendar in a constantly releasable state.  I can push out release 2.7 with fixes for all three of these issues as early as tomorrow.  Would you like me to do that or do you want to do more testing?
Comment 11 User image Frederik Braun [:freddyb] 2013-02-13 08:44:46 PST
I'm done with the testing.
Comment 12 User image Zack Grossbart 2013-02-13 11:09:47 PST
I've just released version 2.7 of the calendar and it contains all of these fixes.  Thanks again for all the testing.

http://wordpress.org/extend/plugins/editorial-calendar/changelog

Note You need to log in before you can comment on or make changes to this bug.