Description
When creating a new participant under admin mode, the form asks for "number of contributions" and "number of repositories". This is expected to be a positive integer. No form validation is implemented.
This could cause: negative numbers, decimals and weird things to be entered and actually stored.
There is also no upper/lower limit, which could make the server overflow the int (there is validation here to stop this being stored).
Screenshots of bug
Highlighted in yellow: no form validation
Circled in red: overflow causing error
How to reproduce
- Login in using admin/admin, go to participants page, attempt to add a participant.
- When entering numbers, try -5 and -5.3, both passes validation and gets stored as -5.
- Also try enter a huge negative number, say -999999999999999999999, this will cause the server to throw an error (as shown in screenshot)
Acceptance criteria
- There is upper/lower, integer and positive number only constraints applied.
- When the user enters values that are invalid, a red error message should prompt the user about the error. This error message should be styled consistently as other error messages in forms. (such as those in changing the password).
- [updated on 2018/03/18] Validation should also be performed on the email address, see Will's comment below.
- When the user enters values that are invalid, the "save" button is disabled.
Description
When creating a new participant under admin mode, the form asks for "number of contributions" and "number of repositories". This is expected to be a positive integer. No form validation is implemented.
This could cause: negative numbers, decimals and weird things to be entered and actually stored.
There is also no upper/lower limit, which could make the server overflow the int (there is validation here to stop this being stored).
Screenshots of bug
Highlighted in yellow: no form validation
Circled in red: overflow causing error
How to reproduce
Acceptance criteria