Permalink
Browse files

Merge pull request #2 from rmorell/master

Fix some security holes
  • Loading branch information...
2 parents 8eefe5a + 94097ef commit 0ff4bd65457fbb74dcf68da7b12b57657d0077a4 @dustball dustball committed May 22, 2012
Showing with 5 additions and 0 deletions.
  1. +3 −0 main.py
  2. +2 −0 models.py
View
@@ -101,6 +101,9 @@ def post(self,urlcode):
self.response.out.write(template.render('templates/edit.html', locals()))
else:#otherwise we are saving changes
+ if issue.vote_count:
+ raise Exception('Unable to change issue text once votes have been cast')
+
duration_amount = int(self.request.get('duration_amount'))
multiplier = int(self.request.get('duration_multiplier'))
issue.duration = duration_amount * multiplier
View
@@ -57,6 +57,8 @@ def register_vote(self,choice,member=None):
return was_changed
def extend_duration(self,hours):
+ if hours <= 0:
+ raise Exception('Negative extensions are not valid.')
self.duration += hours
if self.start_time:
self.end_time = self.start_time + timedelta(hours=self.duration)

0 comments on commit 0ff4bd6

Please sign in to comment.