maybe a bug?
Hi debian-newmaint!
I think I found a little bug with the website...
I applied to NM yesterday and send the address [1] to my advocate.
[1] https://nm.debian.org/nmadvocate.php?email=rmolina%40udea.edu.co
I was curious about the system, so I filled the form using 'test' as
debian login... then I returned to [2], and 'test' was my advocate...
[2] https://nm.debian.org/nmstatus.php?email=rmolina%40udea.edu.co
As I don't want to see test anymore, I return to [1] and just send a
blank form... I return to [2] the info is restored to Advocate=None.
After I see I can restore to None my advocate, I tried blanking the
advocate for another user... so I tried with the first name in the list
of 'Un-assigned Applicants': Brian Pellin <bpellin@gmail.com>
Using [1] I prepared a URI for bpellin [3] and sent a blank form...
[3] https://nm.debian.org/nmadvocate.php?email=bpellin%40gmail.com
after return to [4] I found Advocate=None and AdvocateCheck=Passed !
[4] https://nm.debian.org/nmstatus.php?email=bpellin%40gmail.com
I return to [3] and sent 'rmolina'...
Advocate=rmolina and AdvocateCheck=Passed!
BTW, this changes affects the TimeOfLastAction field, so I think changes
are included to DB.
Well It seems like a bug to me.... not grave, but annoying....
At least a check for blank forms seems to be missing... but then someone
can still spoof this field... is better to validate for no more changes
in this field after a passed check...
Anyway, I think this field should not be set directly from the form and
it should be filled using the advocate(s) reply(s)...
Thanks,
Ruben Molina
(Sorry, I don't remember the original value for the bpellin's advocate
so I'm setting it to none again...)
Reply to: