Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
There is no validation of the allowed values.
Proposed resolution
Validate whether a value is allowed for a given vote type.
Comment | File | Size | Author |
---|---|---|---|
#2 | rate-3069973-2.patch | 1.09 KB | Krzysztof Domański |
|
Comments
Comment #2
Krzysztof DomańskiComment #4
Krzysztof DomańskiComment #5
JordiK CreditAttribution: JordiK commentedWhy is this necessary?
If, for example, someone has a custom widget based on Yes/No and wants to vote with custom steps, e.g. 5, this validation kills the possibility.
Is there any security or other implication for the values to be limited this way?
Comment #6
JordiK CreditAttribution: JordiK commentedComment #7
Krzysztof DomańskiUsers can manipulate voting results. For example, vote for 500 or -200 is possible.
Is there another way to solve this problem?
Comment #8
JordiK CreditAttribution: JordiK commentedPut a maximum allowed value in the configuration of the widget, for example. If omitted - no limit.
Or disabling right click on the widget.
But hardcoding it is not a good idea imho.
Comment #9
Krzysztof Domański