Page MenuHomePhabricator

Fix two very, very minor correctness issues in Slowvote
ClosedPublic

Authored by epriestley on Feb 7 2019, 5:29 PM.

Details

Summary

See https://hackerone.com/reports/492525 and https://hackerone.com/reports/489531. I previously awarded a bounty for https://hackerone.com/reports/434116 so Slowvote is getting "researched" a lot.

  • Prevent users from undoing their vote by submitting the form with nothing selected.
  • Prevent users from racing between the delete() and save() to vote for multiple options in a plurality poll.
Test Plan
  • Clicked the vote button with nothing selected in plurality and approval polls, got an error now.
  • Added a sleep(5) between delete() and save(). Submitted different plurality votes in different windows. Before: votes raced, invalid end state. After: votes waited on the lock, arrived in a valid end state.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Feb 7 2019, 5:29 PM
epriestley requested review of this revision.Feb 7 2019, 5:31 PM
amckinley accepted this revision.Feb 7 2019, 8:44 PM
This revision is now accepted and ready to land.Feb 7 2019, 8:44 PM
This revision was automatically updated to reflect the committed changes.