Download & Extend

calling votingapi_select_single_result_value with no criteria makes it easy to shoot self in foot

Project:Voting API
Version:6.x-2.x-dev
Component:Code
Category:task
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

If you call that with no criteria then votingAPI will graciously return all the rows in the table to you and use PHP to select the top one.

I'm not sure exactly how, but we should ideally make that not happen :)

Comments

#1

Status:active» needs review

_votingapi_select allows a $limit to be specified.

My suggestion is that we use the $limit parameter of votingapi_select_results which gets passed along to _votingapi_select so that votingapi_select_single_result_value will only select a single value.

AttachmentSize
591044_votingapi_single_result_really_single.patch 889 bytes

#2

I just ran into this again. The patch still applies cleanly to 6.x-2.x.

#3

Status:needs review» fixed

I've applied this to the D7 branch and will backport to D6. Thanks!

#4

Status:fixed» patch (to be ported)

Awesome, thanks!

For my own tracking I'd like to keep this in an open state until it's in the 6.x branch.

#5

Status:patch (to be ported)» closed (fixed)

Committed to the 6.x branch -- I still need to do some testing to ensure none of the backported code causes problems. Once I'm comfortable with that I'll roll a new 6.x release. Thanks again!