Now that we have fixed the usage of authorize.php when using Installer module for manual module installs (#1920), it's become clear that we should be using authorize.php for all downloading/installing of modules/themes/layouts.
Without using authorize.php, Installer module only works if the owner of web root directory and the web server user are the same. By using authorize.php, we could enable users to more securely set up their site and still allow modules to be downloaded/installed. If the owner of the web root is the web server user (as is the case in most shared hosting environments and Pantheon), then we don't have a problem. But when these users are different, authorize.php could enable the use of the Installer UI.
GitHub Issue #:
2271
Recent comments
Restore Newsletter Subscriptions from a Dev Website In my last comment, I described a way to restore newsletter subscriptions from a database backup. The method involved directly editing...
Re-enable Simplenews newsletter subscriptions that had been erroneously disabled
I am considering migrating my drupal 7 website to backdrop. Hi @seamus, I would like to offer my professional services for migration to BackdropCMS. Please connect If...
drupal 7 to backdrop migration
Restore Newsletter Subscriptions from a Database Backup One of my websites was affected by the Simplenews issue, and there were many incorrectly disabled newsletter subscriptions of '...
Re-enable Simplenews newsletter subscriptions that had been erroneously disabled