Page MenuHomePhabricator
Differential D20684

Fix policy behavior of "slowvote.info" API method
ClosedPublic
Actions

Authored by epriestley on Jul 30 2019, 6:53 PM.
Tags
None
Referenced Files
F19514950: D20684.diff
Wed, Jan 14, 6:40 AM
F18855724: D20684.diff
Nov 1 2025, 6:25 AM
F18818804: D20684.id49331.diff
Oct 22 2025, 2:25 AM
F18818223: D20684.id.diff
Oct 21 2025, 10:19 PM
F18812674: D20684.diff
Oct 20 2025, 11:28 AM
F18808780: D20684.id49332.diff
Oct 19 2025, 8:32 AM
F18794392: D20684.id49331.diff
Oct 16 2025, 11:33 PM
F18790811: D20684.id.diff
Oct 15 2025, 7:30 PM
View All Files
Subscribers
None

Details

Reviewers
None
Maniphest Tasks
T13350: Ancient "slowvote.info" API method bypasses policy checks
Commits
rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method
Summary

Ref T13350. This ancient API method is missing modern policy checks.

Test Plan
  • Set visibility of vote X to "Only: epriestley".
  • Called "slowvote.info" as another user.
  • Before: retrieved poll title and author.
  • After: policy error.
  • Called "slowvote.info" on a visible poll, got information before and after.

Diff Detail

Repository
rP Phabricator
Branch
vote1x
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 23195
Build 31860: Run Core Tests
Build 31859: arc lint + arc unit

Event Timeline

epriestley created this revision.Jul 30 2019, 6:53 PM
Harbormaster completed remote builds in B23195: Diff 49331.Jul 30 2019, 6:55 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jul 30 2019, 6:55 PM
epriestley requested review of this revision.
Closed by commit rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.
epriestley added a commit: rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method.

Revision Contents
Changeset List

PathSize
src/
applications/
slowvote/
conduit/
8 lines

Diff 49331

View Options

src/applications/slowvote/conduit/SlowvoteInfoConduitAPIMethod.php

Loading...
Phabricator · Built by Phacility