summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjake%acutex.net <>2001-08-26 03:53:31 +0200
committerjake%acutex.net <>2001-08-26 03:53:31 +0200
commit406508ea8a600b9ed3582b6771cab62de81b9dc5 (patch)
tree6e6f318aeb4d91a96b575c07f648bcdcd640bc80
parentcc92806629faf3c3abd43690fd26866688f916f0 (diff)
downloadbugzilla-406508ea8a600b9ed3582b6771cab62de81b9dc5.tar.gz
bugzilla-406508ea8a600b9ed3582b6771cab62de81b9dc5.tar.xz
Fix for bug 87769 - doeditvotes.cgi can nuke votes
Patch by Christopher Aillon <christopher@aillon.com> r= jake@acutex.net
-rwxr-xr-xdoeditvotes.cgi20
1 files changed, 20 insertions, 0 deletions
diff --git a/doeditvotes.cgi b/doeditvotes.cgi
index 155635723..40d6390dd 100755
--- a/doeditvotes.cgi
+++ b/doeditvotes.cgi
@@ -19,6 +19,7 @@
# Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
+# Christopher Aillon <christopher@aillon.com>
use diagnostics;
use strict;
@@ -38,6 +39,25 @@ confirm_login();
# IDs and the field values are the number of votes.
my @buglist = grep {/^[1-9][0-9]*$/} keys(%::FORM);
+# If no bugs are in the buglist, let's make sure the user gets notified
+# that their votes will get nuked if they continue.
+if ((0 == @buglist) && (! defined $::FORM{'delete_all_votes'})) {
+ print "Content-type: text/html\n\n";
+ PutHeader("Remove your votes?");
+ print "<p>You are about to remove all of your bug votes. Are you sure you wish to remove your vote from every bug you've voted on?</p>";
+ print qq{<form action="doeditvotes.cgi" method="post">\n};
+ print qq{<p><input type="radio" name="delete_all_votes" value="1"> Yes</p>\n};
+ print qq{<p><input type="radio" name="delete_all_votes" value="0" checked="checked"> No</p>\n};
+ print qq{<p><a href="showvotes.cgi">Review your votes</a></p>\n};
+ print qq{<p><input type="submit" value="Submit"></p></form>\n};
+ PutFooter();
+ exit();
+}
+elsif ($::FORM{'delete_all_votes'} == 0) {
+ print "Location: showvotes.cgi\n\n";
+ exit();
+}
+
# Call ValidateBugID on each bug ID to make sure it is a positive
# integer representing an existing bug that the user is authorized
# to access, and make sure the number of votes submitted is also