1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 17:22:42 +01:00
phorge-phorge/src/applications
epriestley 26081594e2 Fix two very, very minor correctness issues in Slowvote
Summary:
See <https://hackerone.com/reports/492525> and <https://hackerone.com/reports/489531>. I previously awarded a bounty for <https://hackerone.com/reports/434116> so Slowvote is getting "researched" a lot.

  - Prevent users from undoing their vote by submitting the form with nothing selected.
  - Prevent users from racing between the `delete()` and `save()` to vote for multiple options in a plurality poll.

Test Plan:
  - Clicked the vote button with nothing selected in plurality and approval polls, got an error now.
  - Added a `sleep(5)` between `delete()` and `save()`. Submitted different plurality votes in different windows. Before: votes raced, invalid end state. After: votes waited on the lock, arrived in a valid end state.

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D20125
2019-02-07 12:45:11 -08:00
..
almanac When dirtying repository cluster routing caches after an Almanac edit, discover linked bindings from devices 2019-01-21 10:32:48 -08:00
aphlict Add a CLI workflow for testing that notifications are being delivered 2018-12-10 16:05:53 -08:00
arcanist/conduit Remove remaining arcanist project code 2015-07-08 19:37:28 +10:00
audit Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
auth Autofocus form control for adding TOTP codes 2019-02-07 11:56:49 -08:00
badges Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
base Read "$_POST" before hooking the profiler, and remove "aphront.default-application-configuration-class" 2019-01-30 06:22:41 -08:00
cache Remove an old digest in Celerity code and some obsolete configuration options 2019-01-04 13:43:38 -08:00
calendar Allow multiple mail receivers to react to an individual email 2019-01-16 12:28:02 -08:00
celerity Remove an old digest in Celerity code and some obsolete configuration options 2019-01-04 13:43:38 -08:00
chatlog Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
conduit Add icons to Settings 2019-01-23 13:41:41 -08:00
config Clarify "metamta.default-address" instructions and lock the option 2019-02-06 16:03:49 -08:00
conpherence Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
console Fix some minor errors (DarkConsole warning, unstable Ferret sort) 2018-03-18 15:12:25 -07:00
countdown Allow multiple mail receivers to react to an individual email 2019-01-16 12:28:02 -08:00
daemon Continue cleaning up queries in the wake of changes to "%Q" 2018-11-16 12:49:44 -08:00
dashboard Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
differential Improve description text in the "Create Diff" form 2019-02-05 13:47:53 +00:00
diffusion Allow "inactive" repositories to be read over SSH for cluster sync 2019-01-31 22:12:13 -08:00
diviner Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
doorkeeper Allow Doorkeeper references to have multiple display variations (full, short, etc.) 2018-03-13 11:29:52 -07:00
draft/storage When purging drafts after a transaction edit, purge all drafts 2018-02-11 06:01:09 -08:00
drydock Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
fact Remove all application callers to "putInSet()" 2018-12-12 16:41:12 -08:00
favorites Add some missing aural button labels for accessibility 2018-08-17 11:00:29 -07:00
feed Separate "feed" and "notifications" better, allow stories to appear in notifications only 2018-12-10 16:02:43 -08:00
files Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
flag Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
fund Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
guides Rename "PHUIDocumentViewPro" to "PHUIDocumentView" 2018-08-28 14:53:07 -07:00
harbormaster Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
help Redesign header menus and search 2017-01-17 12:13:06 -08:00
herald In Webhooks, give errors human-readable labels and show reminder text for "Silent Mode" 2018-12-28 00:05:46 -08:00
home Update menu item names for Applications -> Favorites 2017-09-05 19:05:03 -07:00
legalpad Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
lipsum Add "--force" and "--quickly" flags to bin/lipsum 2017-02-27 09:09:41 -08:00
macro Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
maniphest Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
meta Modularize Repository transactions 2018-11-28 14:29:18 -08:00
metamta Make the mobile menu available in "/mail/" 2019-02-05 14:10:57 -08:00
multimeter Continue cleaning up queries in the wake of changes to "%Q" 2018-11-16 12:49:44 -08:00
notification Remove obsolete "NotifyTest" feed story 2018-12-10 16:03:42 -08:00
nuance Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
oauthserver Add icons to Settings 2019-01-23 13:41:41 -08:00
owners In Owners Packages, make the API representation of the "Auditing" field more consistent 2019-02-05 14:07:23 -08:00
packages Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
passphrase Replace "Show Secret" in Passphrase with one-shot MFA 2019-01-28 09:44:08 -08:00
paste Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
people Remove one-time login from username change email 2019-02-05 16:01:53 -08:00
phame Allow multiple mail receivers to react to an individual email 2019-01-16 12:28:02 -08:00
phid Truncate package names in diff table of contents views 2018-06-07 13:17:01 -07:00
phlux Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
pholio Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
phortune Allow Phortune accounts to customize their billing address and name 2019-01-16 16:16:27 -08:00
phpast Update phpast for new UI 2016-04-05 13:52:59 -07:00
phragment Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
phrequent Remove old Phrequent propery rendering code and show "Time Spent" in higher precision 2018-12-28 00:07:25 -08:00
phriction Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
phurl Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
policy Extend PhabricatorPolicyCodex interface to handle "interesting" policy defaults 2018-04-27 16:56:11 -07:00
ponder Allow multiple mail receivers to react to an individual email 2019-01-16 12:28:02 -08:00
project Correct a bug where milestone "spacePHID" columns could become desynchronized 2019-01-30 19:41:49 -08:00
releeph Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
remarkup/conduit
repository Make repository daemons periodically check for out-of-sync repositories 2019-01-31 22:12:39 -08:00
search Add "Contact Numbers" so we can send users SMS mesages 2019-01-23 13:39:56 -08:00
settings Allow users to unlink their last external account with a warning, instead of preventing the action 2019-02-06 17:07:41 -08:00
slowvote Fix two very, very minor correctness issues in Slowvote 2019-02-07 12:45:11 -08:00
spaces Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
subscriptions Allow objects to be put in an "MFA required for all interactions" mode, and support "MFA required" statuses in Maniphest 2018-12-28 00:10:54 -08:00
support/application
system Update PhabricatorLiskDAO::chunkSQL() for new %Q semantics 2018-11-13 08:59:18 -08:00
tokens Allow tokens to be awarded to MFA-required objects 2018-12-28 00:14:48 -08:00
transactions Let omnipotent actors skip MFA transactions 2019-02-01 13:32:09 -08:00
typeahead Rename "PHUIDocumentViewPro" to "PHUIDocumentView" 2018-08-28 14:53:07 -07:00
uiexample Reduce the cost of generating default user profile images 2018-03-01 16:53:17 -08:00
xhprof Allow XHProf profiles to be drag-and-dropped to upload them 2017-02-23 11:16:19 -08:00