Download & Extend
Vote Up/Down » Issues

use votingapi for uid criteria

Posted by Placinta on August 10, 2009 at 2:42pm
Project:Vote Up/Down
Version:6.x-1.x-dev
Component:Code
Category:task
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

Here is a patch that fixes anonymous voting. As I saw, it was commited to the 2.x-dev branch, but not in the 1.x branch.

AttachmentSizeStatusTest resultOperations
vote_up_down_uid_fix.patch1.52 KBIgnored: Check issue status.NoneNone
Login or register to post comments

Comments

#1

Posted by Placinta on August 21, 2009 at 3:05pm

Bumping. Pretty sure this should work, so it's better if it's committed.

#2

Posted by kscheirer on March 17, 2010 at 6:36am
Version:6.x-1.0-beta4» 6.x-1.0-beta6
Status:needs review» needs work

I've applied this patch to the 1.0-beta6 version fine.

It didn't cause any problems and applied cleanly, but I still have a lot of anonymous voting trouble. I think I've tracked it down to the fact that the tokens only get generated once, and then the cached page is served to other anonymous users with the same token. So the initial user can vote fine, but subsequent anonymous users fail token validation and their votes are discarded.

Token validation includes session id, which is unique to each anonymous user.

I'm off to try the dev branch now, just thought I'd report on this issue. Drupal's page caching was set to normal. Turning page caching off resolved the problem. Obviously this isn't that great of a solution :)

#3

Posted by kscheirer on March 17, 2010 at 9:17am
Status:needs work» needs review

I thought about this a little more, and I don't see any reason to be validating tokens for anonymous users at all. By definition, we're allowing anyone at all to vote. VotingAPI still gives some (small) protection against a flood of votes from an IP address.
Applying the patch in #1 and this one solved the problem for me.

To test, turn on normal caching, open 2 different browsers and stay anonymous in both. Whichever one is opened first will generate the token, and it will be used on both pages. After applying the patch, both users should be able to vote normally.

AttachmentSizeStatusTest resultOperations
vote_up_down_no_anonymous_token.patch1.16 KBIgnored: Check issue status.NoneNone

#4

Posted by tormu on April 9, 2010 at 10:36am
Status:needs review» reviewed & tested by the community

Applied this fix (Not the original, but the one in comment 3!) to a production site and so far there hasn't been any drawbacks. I don't see any point in checking the token for anonymous visitors either.

#5

Posted by ionut.alexuc on April 27, 2010 at 9:16am

I have also an issue when allowing vote for anonym.
The crawlers are using the vote_up_down by going to the url.

I see a lots of access to url like: vote_up_down/node/1746/1/vote
Even after I removed the vote_up_down from the .tpl.php pages.

So the google bot can still vote my content :)

I had to remove the permission for anonym to vote in order to stop the voting.
I'm using version = "6.x-1.0-beta6"

#6

Posted by lubnax on May 20, 2010 at 5:56pm

subscribing

#7

Posted by marvil07 on June 8, 2010 at 11:03pm
Title:Anonymous voting fix» use votingapi for uid criteria
Version:6.x-1.0-beta6» 6.x-1.x-dev
Category:bug report» task
Status:reviewed & tested by the community» fixed

thanks for the patches.

I do not have problems with anonymous voting, but I see that the voting s not using a consistent way. So I just cleared and commit it.

kscheirer: if you can tell me how to reproduce the problem, please open a new issue.
ionut.alexuc: you can use robots.txt to prevent crawlers to vote.

#8

Posted by ionut.alexuc on June 9, 2010 at 7:41pm

thanks for the tip.

I use that already :D

#9

Posted by System Message on June 23, 2010 at 7:50pm
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

nobody click here