There has been at least two instances where people submitted a rating of 255 to extensions. The range for the rating should be bounded to the valid values. (Sorry, I'm not sure if that's the right file, but the highlight should illustrate the problem)
The two comments Mook is referring to are: https://addons.mozilla.org/firefox/1202/ https://addons.mozilla.org/firefox/60/ I checked my DB dump from Oct 12 and there were no values above 5. I'll work on a patch for this now, and hopefully we can push with the tshirt update tomorrow (Monday).
Assignee: nobody → fligtar
Severity: normal → major
OS: Windows XP → All
Hardware: PC → All
Created attachment 242375 [details] [diff] [review] patch for addcomment This patch prevents people from giving ratings less than 0 or greater than 5 via post data tampering. Also, the following SQL should be run: UPDATE `feedback` SET `CommentVote`='5' WHERE `CommentVote`>5; (and just out of curiosity, could ops tell us how many rows that affects?)
Attachment #242375 - Flags: first-review?(morgamic)
Comment on attachment 242375 [details] [diff] [review] patch for addcomment Looks good.
Attachment #242375 - Flags: first-review?(morgamic) → first-review+
This has been pushed to production.
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
Verifying - cannot post an out of bounds rating by tampering with form data, and the offending ratings have been reduced to 5.
Status: RESOLVED → VERIFIED
Took some additional prodding to get the add-ons' average ratings to update. Good work getting this fixed fligtar, and thanks for reporting it Mook.
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.