Permalink
Browse files

Disallow editing issue after votes have been cast

Just changing the edit template is not enough, since a malicious user
can still send a POST request.
  • Loading branch information...
1 parent a003db1 commit 94097efc07586f0d6caedc905038185a6541c9ad @rmorell rmorell committed May 22, 2012
Showing with 3 additions and 0 deletions.
  1. +3 −0 main.py
View
@@ -101,6 +101,9 @@ def post(self,urlcode):
self.response.out.write(template.render('templates/edit.html', locals()))
else:#otherwise we are saving changes
+ if issue.vote_count:
+ raise Exception('Unable to change issue text once votes have been cast')
+
duration_amount = int(self.request.get('duration_amount'))
multiplier = int(self.request.get('duration_multiplier'))
issue.duration = duration_amount * multiplier

0 comments on commit 94097ef

Please sign in to comment.