If a user wants a feature, the feature request is a low priority, but the user finds and exploits a bug allowing to get to the same result as if the feature was present, what should I do as a developer ? Should I fix the bug (and lose a "feature") ?
Note : the bug is not a security threat, nor a data integrity threat.
Scenario #2 : We don't know if users are using the exploit as a "feature". Same question.
I feel like it depends. If they aren't using it maliciously, I'd continue to let them use the exploit and then be sure that whenever the feature is actually implemented you conform it to be similar to how the exploit works while keeping the user safe from crashes and the like.
I mean, if I had been using an exploit to enable a feature and suddenly I can't use any of the work I'd been doing I'd be rather upset. Also, of course be sure to tell the user that the exploit was fixed and replaced with a feature whenever you do get around to doing it.
Well, this is more a question of personal preference rather than coding but...
If people were known to be using the bug/feature AND assuming we are 100% sure that the bug is not a security threat, I would leave it there until such a time as I could implement the feature properly.
I would not want to risk putting users off using a service (even if it meant they had to temporarily use a bug to do what they wanted).
However, if you thought no one was using the bug OR that it may me a security threat, I would fix it.
I think you have 2 options: option 1: Make sure the bug isn't a security threat or a data integrity threat by doing good research into the bug. If you find out it really isn't risky to use the bug you can use it and maybe develop it further to make a good user experience.
option 2: disable it develop it in the way you want and release it.
