Page MenuHomePhabricator
Differential D20684

Fix policy behavior of "slowvote.info" API method
ClosedPublic
Actions

Authored by epriestley on Jul 30 2019, 6:53 PM.
Tags
None
Referenced Files
F18100630: D20684.id.diff
Sat, Aug 9, 11:58 AM
F17923025: D20684.diff
Wed, Jul 30, 7:38 AM
Unknown Object (File)
Jun 5 2025, 4:38 PM
Unknown Object (File)
May 30 2025, 10:57 AM
Unknown Object (File)
May 28 2025, 2:28 PM
Unknown Object (File)
May 6 2025, 11:42 AM
Unknown Object (File)
Apr 24 2025, 4:24 AM
Unknown Object (File)
Apr 21 2025, 7:51 PM
View All Files
Subscribers
None

Details

Reviewers
None
Maniphest Tasks
T13350: Ancient "slowvote.info" API method bypasses policy checks
Commits
rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method
Summary

Ref T13350. This ancient API method is missing modern policy checks.

Test Plan
  • Set visibility of vote X to "Only: epriestley".
  • Called "slowvote.info" as another user.
  • Before: retrieved poll title and author.
  • After: policy error.
  • Called "slowvote.info" on a visible poll, got information before and after.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Jul 30 2019, 6:53 PM
Harbormaster completed remote builds in B23195: Diff 49331.Jul 30 2019, 6:55 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jul 30 2019, 6:55 PM
epriestley requested review of this revision.
Closed by commit rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.
epriestley added a commit: rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method.

Revision Contents
Changeset List

PathSize
src/
applications/
slowvote/
conduit/
8 lines

Diff 49332

View Options

src/applications/slowvote/conduit/SlowvoteInfoConduitAPIMethod.php

Loading...
Phabricator · Built by Phacility