Skip to content

Fix some security holes #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 22, 2012
Merged

Fix some security holes #2

merged 2 commits into from
May 22, 2012

Conversation

rmorell
Copy link

@rmorell rmorell commented May 22, 2012

No description provided.

rmorell added 2 commits May 21, 2012 22:30
@rmorell
Disallow negative time extension
a003db1 
Otherwise anyone can just end a vote.
@rmorell
Disallow editing issue after votes have been cast
94097ef 
Just changing the edit template is not enough, since a malicious user
can still send a POST request.
dustball pushed a commit that referenced this pull request May 22, 2012
Merge pull request #2 from rmorell/master
0ff4bd6 
Fix some security holes
@dustball dustball merged commit 0ff4bd6 into hackerdojo:master May 22, 2012
@dustball
Copy link

I have:

  • merged the PR into head
  • deployed to production (vote.hackerdojo.com)

-B

On Mon, May 21, 2012 at 10:35 PM, rmorell <
[email protected]

wrote:

You can merge this Pull Request by running:

git pull https://github.com/rmorell/hd-vote master

Or you can view, comment on it, or merge it online at:

#2

-- Commit Summary --

  • Disallow negative time extension
  • Disallow editing issue after votes have been cast

-- File Changes --

M main.py (3)
M models.py (2)

-- Patch Links --

https://github.com/hackerdojo/hd-vote/pull/2.patch
https://github.com/hackerdojo/hd-vote/pull/2.diff

Reply to this email directly or view it on GitHub:
#2

@dustball
Copy link

merged/deployed the latest update, as well

(also: thanks!)

On Mon, May 21, 2012 at 10:43 PM, Brian Klug [email protected]:

I have:

  • merged the PR into head
  • deployed to production (vote.hackerdojo.com)

-B

On Mon, May 21, 2012 at 10:35 PM, rmorell <
[email protected]

wrote:

You can merge this Pull Request by running:

git pull https://github.com/rmorell/hd-vote master

Or you can view, comment on it, or merge it online at:

#2

-- Commit Summary --

  • Disallow negative time extension
  • Disallow editing issue after votes have been cast

-- File Changes --

M main.py (3)
M models.py (2)

-- Patch Links --

https://github.com/hackerdojo/hd-vote/pull/2.patch
https://github.com/hackerdojo/hd-vote/pull/2.diff

Reply to this email directly or view it on GitHub:
#2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rmorell @dustball