Skip to content

Commit

Permalink
Disallow editing issue after votes have been cast
Browse files Browse the repository at this point in the history 
Just changing the edit template is not enough, since a malicious user
can still send a POST request.
  • Loading branch information
@rmorell
rmorell committed May 22, 2012
1 parent a003db1 commit 94097ef
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions main.py
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ def post(self,urlcode):
self.response.out.write(template.render('templates/edit.html', locals())) self.response.out.write(template.render('templates/edit.html', locals()))


else:#otherwise we are saving changes else:#otherwise we are saving changes
if issue.vote_count:
raise Exception('Unable to change issue text once votes have been cast')

duration_amount = int(self.request.get('duration_amount')) duration_amount = int(self.request.get('duration_amount'))
multiplier = int(self.request.get('duration_multiplier')) multiplier = int(self.request.get('duration_multiplier'))
issue.duration = duration_amount * multiplier issue.duration = duration_amount * multiplier
Expand Down

0 comments on commit 94097ef

Please sign in to comment.