Page MenuHomePhabricator
Differential D20684

Fix policy behavior of "slowvote.info" API method
ClosedPublic
Actions

Authored by epriestley on Jul 30 2019, 6:53 PM.
Tags
None
Referenced Files
F18818804: D20684.id49331.diff
Wed, Oct 22, 2:25 AM
F18818223: D20684.id.diff
Tue, Oct 21, 10:19 PM
F18812674: D20684.diff
Mon, Oct 20, 11:28 AM
F18808780: D20684.id49332.diff
Sun, Oct 19, 8:32 AM
F18794392: D20684.id49331.diff
Thu, Oct 16, 11:33 PM
F18790811: D20684.id.diff
Wed, Oct 15, 7:30 PM
F18658237: D20684.id49332.diff
Sep 23 2025, 5:27 AM
F18599277: D20684.id49331.diff
Sep 13 2025, 7:06 AM
View All Files
Subscribers
None

Details

Reviewers
None
Maniphest Tasks
T13350: Ancient "slowvote.info" API method bypasses policy checks
Commits
rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method
Summary

Ref T13350. This ancient API method is missing modern policy checks.

Test Plan
  • Set visibility of vote X to "Only: epriestley".
  • Called "slowvote.info" as another user.
  • Before: retrieved poll title and author.
  • After: policy error.
  • Called "slowvote.info" on a visible poll, got information before and after.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Jul 30 2019, 6:53 PM
Harbormaster completed remote builds in B23195: Diff 49331.Jul 30 2019, 6:55 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jul 30 2019, 6:55 PM
epriestley requested review of this revision.
Closed by commit rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.
epriestley added a commit: rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method.

Revision Contents
Changeset List

PathSize
src/
applications/
slowvote/
conduit/
8 lines

Diff 49332

View Options

src/applications/slowvote/conduit/SlowvoteInfoConduitAPIMethod.php

Loading...
Phabricator · Built by Phacility