Page MenuHomePhabricator

Ancient "slowvote.info" API method bypasses policy checks
Closed, ResolvedPublic

Description

See https://hackerone.com/reports/661978. The ancient slowvote.info API endpoint predates policies and was never updated to use a proper Query; instead, it uses a raw load() call which ignores policy checks.

This call should also be deprecated in favor of a modern slowvote.search call.