Page MenuHomePhabricator

Fix two very, very minor correctness issues in Slowvote
ClosedPublic

Authored by epriestley on Feb 7 2019, 5:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Mar 26, 1:22 PM
Unknown Object (File)
Tue, Mar 26, 1:22 PM
Unknown Object (File)
Tue, Mar 26, 1:22 PM
Unknown Object (File)
Tue, Mar 26, 1:22 PM
Unknown Object (File)
Mon, Mar 4, 7:27 PM
Unknown Object (File)
Jan 27 2024, 9:34 PM
Unknown Object (File)
Jan 20 2024, 6:11 AM
Unknown Object (File)
Nov 3 2023, 8:39 AM
Subscribers
None

Details

Summary

See https://hackerone.com/reports/492525 and https://hackerone.com/reports/489531. I previously awarded a bounty for https://hackerone.com/reports/434116 so Slowvote is getting "researched" a lot.

  • Prevent users from undoing their vote by submitting the form with nothing selected.
  • Prevent users from racing between the delete() and save() to vote for multiple options in a plurality poll.
Test Plan
  • Clicked the vote button with nothing selected in plurality and approval polls, got an error now.
  • Added a sleep(5) between delete() and save(). Submitted different plurality votes in different windows. Before: votes raced, invalid end state. After: votes waited on the lock, arrived in a valid end state.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable