Page MenuHomePhabricator
Differential D20684

Fix policy behavior of "slowvote.info" API method
ClosedPublic
Actions

Authored by epriestley on Jul 30 2019, 6:53 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, May 28, 2:28 PM
Unknown Object (File)
Tue, May 6, 11:42 AM
Unknown Object (File)
Apr 24 2025, 4:24 AM
Unknown Object (File)
Apr 21 2025, 7:51 PM
Unknown Object (File)
Apr 12 2025, 12:12 PM
Unknown Object (File)
Apr 9 2025, 9:33 PM
Unknown Object (File)
Apr 7 2025, 4:55 AM
Unknown Object (File)
Apr 4 2025, 10:26 AM
View All Files
Subscribers
None

Details

Reviewers
None
Maniphest Tasks
T13350: Ancient "slowvote.info" API method bypasses policy checks
Commits
rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method
Summary

Ref T13350. This ancient API method is missing modern policy checks.

Test Plan
  • Set visibility of vote X to "Only: epriestley".
  • Called "slowvote.info" as another user.
  • Before: retrieved poll title and author.
  • After: policy error.
  • Called "slowvote.info" on a visible poll, got information before and after.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Jul 30 2019, 6:53 PM
Harbormaster completed remote builds in B23195: Diff 49331.Jul 30 2019, 6:55 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jul 30 2019, 6:55 PM
epriestley requested review of this revision.
Closed by commit rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.
epriestley added a commit: rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method.

Revision Contents
Changeset List

PathSize
src/
applications/
slowvote/
conduit/
8 lines

Diff 49332

View Options

src/applications/slowvote/conduit/SlowvoteInfoConduitAPIMethod.php

Loading...
Phabricator · Built by Phacility