diff options
author | jake%acutex.net <> | 2001-08-26 03:53:31 +0200 |
---|---|---|
committer | jake%acutex.net <> | 2001-08-26 03:53:31 +0200 |
commit | 406508ea8a600b9ed3582b6771cab62de81b9dc5 (patch) | |
tree | 6e6f318aeb4d91a96b575c07f648bcdcd640bc80 /doeditvotes.cgi | |
parent | cc92806629faf3c3abd43690fd26866688f916f0 (diff) | |
download | bugzilla-406508ea8a600b9ed3582b6771cab62de81b9dc5.tar.gz bugzilla-406508ea8a600b9ed3582b6771cab62de81b9dc5.tar.xz |
Fix for bug 87769 - doeditvotes.cgi can nuke votes
Patch by Christopher Aillon <christopher@aillon.com>
r= jake@acutex.net
Diffstat (limited to 'doeditvotes.cgi')
-rwxr-xr-x | doeditvotes.cgi | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doeditvotes.cgi b/doeditvotes.cgi index 155635723..40d6390dd 100755 --- a/doeditvotes.cgi +++ b/doeditvotes.cgi @@ -19,6 +19,7 @@ # Rights Reserved. # # Contributor(s): Terry Weissman <terry@mozilla.org> +# Christopher Aillon <christopher@aillon.com> use diagnostics; use strict; @@ -38,6 +39,25 @@ confirm_login(); # IDs and the field values are the number of votes. my @buglist = grep {/^[1-9][0-9]*$/} keys(%::FORM); +# If no bugs are in the buglist, let's make sure the user gets notified +# that their votes will get nuked if they continue. +if ((0 == @buglist) && (! defined $::FORM{'delete_all_votes'})) { + print "Content-type: text/html\n\n"; + PutHeader("Remove your votes?"); + print "<p>You are about to remove all of your bug votes. Are you sure you wish to remove your vote from every bug you've voted on?</p>"; + print qq{<form action="doeditvotes.cgi" method="post">\n}; + print qq{<p><input type="radio" name="delete_all_votes" value="1"> Yes</p>\n}; + print qq{<p><input type="radio" name="delete_all_votes" value="0" checked="checked"> No</p>\n}; + print qq{<p><a href="showvotes.cgi">Review your votes</a></p>\n}; + print qq{<p><input type="submit" value="Submit"></p></form>\n}; + PutFooter(); + exit(); +} +elsif ($::FORM{'delete_all_votes'} == 0) { + print "Location: showvotes.cgi\n\n"; + exit(); +} + # Call ValidateBugID on each bug ID to make sure it is a positive # integer representing an existing bug that the user is authorized # to access, and make sure the number of votes submitted is also |