From 8c959fcd64f2d6fcbfb6ca3b0fe103c2994d89db Mon Sep 17 00:00:00 2001 From: David Vaughan Date: Fri, 6 Feb 2026 15:45:48 -0800 Subject: Prevent voting via mastoapi if closed or we already voted --- mastoapi.c | 64 +++++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/mastoapi.c b/mastoapi.c index 16cab27..b13375c 100644 --- a/mastoapi.c +++ b/mastoapi.c @@ -3693,41 +3693,57 @@ int mastoapi_post_handler(const xs_dict *req, const char *q_path, if (found) { const char *id = xs_dict_get(msg, "id"); const char *atto = get_atto(msg); + int closed = 0; + const char *f_closed = NULL; - const xs_list *opts = xs_dict_get(msg, "oneOf"); - if (opts == NULL) - opts = xs_dict_get(msg, "anyOf"); + if ((f_closed = xs_dict_get(msg, "closed")) != NULL) { + /* it has a closed date... but is it in the past? */ + time_t t0 = time(NULL); + time_t t1 = xs_parse_iso_date(f_closed, 0); - if (op == NULL) { + if (t1 < t0) + closed = 1; } - else - if (strcmp(op, "votes") == 0) { - const xs_list *choices = xs_dict_get(args, "choices[]"); - if (xs_is_null(choices)) - choices = xs_dict_get(args, "choices"); + if (closed || was_question_voted(&snac, id)) + status = HTTP_STATUS_UNPROCESSABLE_CONTENT; + else { + const xs_list *opts = xs_dict_get(msg, "oneOf"); + if (opts == NULL) + opts = xs_dict_get(msg, "anyOf"); + + if (op == NULL) { + } + else { + if (strcmp(op, "votes") == 0) { + const xs_list *choices = xs_dict_get(args, "choices[]"); - if (xs_type(choices) == XSTYPE_LIST) { - const xs_str *v; + if (xs_is_null(choices)) + choices = xs_dict_get(args, "choices"); - int c = 0; - while (xs_list_next(choices, &v, &c)) { - int io = atoi(v); - const xs_dict *o = xs_list_get(opts, io); + if (xs_type(choices) == XSTYPE_LIST) { + const xs_str *v; - if (o) { - const char *name = xs_dict_get(o, "name"); + int c = 0; + while (xs_list_next(choices, &v, &c)) { + int io = atoi(v); + const xs_dict *o = xs_list_get(opts, io); - xs *msg = msg_note(&snac, "", atto, (char *)id, NULL, 1, NULL, NULL); - msg = xs_dict_append(msg, "name", name); + if (o) { + const char *name = xs_dict_get(o, "name"); - xs *c_msg = msg_create(&snac, msg); - enqueue_message(&snac, c_msg); - timeline_add(&snac, xs_dict_get(msg, "id"), msg); + xs *msg = msg_note(&snac, "", atto, (char *)id, NULL, 1, NULL, NULL); + msg = xs_dict_append(msg, "name", name); + + xs *c_msg = msg_create(&snac, msg); + enqueue_message(&snac, c_msg); + timeline_add(&snac, xs_dict_get(msg, "id"), msg); + } + } + + out = mastoapi_poll(&snac, msg); } } - - out = mastoapi_poll(&snac, msg); } } } -- cgit v1.2.3