Validate whether a value is allowed for a given vote type [#3069973]

Comment	File	Size	Author
#2	rate-3069973-2.patch	1.09 KB	Krzysztof Domański
8.x-1.x: PHP 7.1 & MySQL 5.5, D8.7 27 pass

Comment #1

24 July 2019 at 12:36

Krzysztof Domański created an issue. See original summary.

Log in or register to post comments

File	Size
rate-3069973-2.patch	1.09 KB
8.x-1.x: PHP 7.1 & MySQL 5.5, D8.7 27 pass

Comment #4

Krzysztof Domański

Poland

CreditAttribution: Krzysztof Domański at abventor commented 7 August 2019 at 17:30

Status:

Needs review

» Fixed

Log in or register to post comments

Comment #5

JordiK CreditAttribution: JordiK commented 9 August 2019 at 11:32

Why is this necessary?
If, for example, someone has a custom widget based on Yes/No and wants to vote with custom steps, e.g. 5, this validation kills the possibility.
Is there any security or other implication for the values to be limited this way?

Log in or register to post comments

Comment #6

JordiK CreditAttribution: JordiK commented 9 August 2019 at 11:35

Status:

Fixed

» Postponed (maintainer needs more info)

Log in or register to post comments

Comment #7

Krzysztof Domański

Poland

CreditAttribution: Krzysztof Domański at abventor commented 12 August 2019 at 14:46

Users can manipulate voting results. For example, vote for 500 or -200 is possible.

Is there another way to solve this problem?

Log in or register to post comments

Comment #8

JordiK CreditAttribution: JordiK commented 13 August 2019 at 21:26

Put a maximum allowed value in the configuration of the widget, for example. If omitted - no limit.
Or disabling right click on the widget.
But hardcoding it is not a good idea imho.