Fix for bug 87769 - doeditvotes.cgi can nuke votes

Patch by Christopher Aillon <christopher@aillon.com> r= jake@acutex.net

Fix for bug 87769 - doeditvotes.cgi can nuke votes
406508ea · jake%acutex.net · cc928066 · 406508ea
Commit 406508ea authored Aug 26, 2001 by jake%acutex.net
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

doeditvotes.cgi doeditvotes.cgi +20 -0

No files found.
--- a/doeditvotes.cgi
+++ b/doeditvotes.cgi
@@ -19,6 +19,7 @@
 # Rights Reserved.
 #
 # Contributor(s): Terry Weissman <terry@mozilla.org>
+#                 Christopher Aillon <christopher@aillon.com>
 use diagnostics;
 use strict;
@@ -38,6 +39,25 @@ confirm_login();
 # IDs and the field values are the number of votes.
 my @buglist = grep {/^[1-9][0-9]*$/} keys(%::FORM);
+# If no bugs are in the buglist, let's make sure the user gets notified
+# that their votes will get nuked if they continue.
+if ((0 == @buglist) && (! defined $::FORM{'delete_all_votes'})) {
+    print "Content-type: text/html\n\n";
+    PutHeader("Remove your votes?");
+    print "<p>You are about to remove all of your bug votes. Are you sure you wish to remove your vote from every bug you've voted on?</p>";
+    print qq{<form action="doeditvotes.cgi" method="post">\n};
+    print qq{<p><input type="radio" name="delete_all_votes" value="1"> Yes</p>\n};
+    print qq{<p><input type="radio" name="delete_all_votes" value="0" checked="checked"> No</p>\n};
+    print qq{<p><a href="showvotes.cgi">Review your votes</a></p>\n};
+    print qq{<p><input type="submit" value="Submit"></p></form>\n};
+    PutFooter();
+    exit();
+}
+elsif ($::FORM{'delete_all_votes'} == 0) {
+    print "Location: showvotes.cgi\n\n";
+    exit();
+}
 # Call ValidateBugID on each bug ID to make sure it is a positive
 # integer representing an existing bug that the user is authorized 
 # to access, and make sure the number of votes submitted is also