From: jake%acutex.net <>
Date: Sun, 26 Aug 2001 01:53:31 +0000 (+0000)
Subject: Fix for bug 87769 - doeditvotes.cgi can nuke votes
X-Git-Tag: bugzilla-2.14~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=406508ea8a600b9ed3582b6771cab62de81b9dc5;p=thirdparty%2Fbugzilla.git

Fix for bug 87769 - doeditvotes.cgi can nuke votes
Patch by Christopher Aillon <christopher@aillon.com>
r= jake@acutex.net
---

diff --git a/doeditvotes.cgi b/doeditvotes.cgi
index 155635723b..40d6390dd9 100755
--- a/doeditvotes.cgi
+++ b/doeditvotes.cgi
@@ -19,6 +19,7 @@
 # Rights Reserved.
 #
 # Contributor(s): Terry Weissman <terry@mozilla.org>
+#                 Christopher Aillon <christopher@aillon.com>
 
 use diagnostics;
 use strict;
@@ -38,6 +39,25 @@ confirm_login();
 # IDs and the field values are the number of votes.
 my @buglist = grep {/^[1-9][0-9]*$/} keys(%::FORM);
 
+# If no bugs are in the buglist, let's make sure the user gets notified
+# that their votes will get nuked if they continue.
+if ((0 == @buglist) && (! defined $::FORM{'delete_all_votes'})) {
+    print "Content-type: text/html\n\n";
+    PutHeader("Remove your votes?");
+    print "<p>You are about to remove all of your bug votes. Are you sure you wish to remove your vote from every bug you've voted on?</p>";
+    print qq{<form action="doeditvotes.cgi" method="post">\n};
+    print qq{<p><input type="radio" name="delete_all_votes" value="1"> Yes</p>\n};
+    print qq{<p><input type="radio" name="delete_all_votes" value="0" checked="checked"> No</p>\n};
+    print qq{<p><a href="showvotes.cgi">Review your votes</a></p>\n};
+    print qq{<p><input type="submit" value="Submit"></p></form>\n};
+    PutFooter();
+    exit();
+}
+elsif ($::FORM{'delete_all_votes'} == 0) {
+    print "Location: showvotes.cgi\n\n";
+    exit();
+}
+
 # Call ValidateBugID on each bug ID to make sure it is a positive
 # integer representing an existing bug that the user is authorized 
 # to access, and make sure the number of votes submitted is also