Package: nm.debian.org Severity: normal I haven't verified the issue, but the report better sits on bugs.debian.org than in my private mail folder.
(Brian Pellin's application which is reported to have been used for testing is ok and doesn't need fixup.) Christoph -- c...@df7cb.de | http://www.df7cb.de/
--- Begin Message ---Hi debian-newmaint! I think I found a little bug with the website... I applied to NM yesterday and send the address [1] to my advocate. [1] https://nm.debian.org/nmadvocate.php?email=rmolina%40udea.edu.co I was curious about the system, so I filled the form using 'test' as debian login... then I returned to [2], and 'test' was my advocate... [2] https://nm.debian.org/nmstatus.php?email=rmolina%40udea.edu.co As I don't want to see test anymore, I return to [1] and just send a blank form... I return to [2] the info is restored to Advocate=None. After I see I can restore to None my advocate, I tried blanking the advocate for another user... so I tried with the first name in the list of 'Un-assigned Applicants': Brian Pellin <bpel...@gmail.com> Using [1] I prepared a URI for bpellin [3] and sent a blank form... [3] https://nm.debian.org/nmadvocate.php?email=bpellin%40gmail.com after return to [4] I found Advocate=None and AdvocateCheck=Passed ! [4] https://nm.debian.org/nmstatus.php?email=bpellin%40gmail.com I return to [3] and sent 'rmolina'... Advocate=rmolina and AdvocateCheck=Passed! BTW, this changes affects the TimeOfLastAction field, so I think changes are included to DB. Well It seems like a bug to me.... not grave, but annoying.... At least a check for blank forms seems to be missing... but then someone can still spoof this field... is better to validate for no more changes in this field after a passed check... Anyway, I think this field should not be set directly from the form and it should be filled using the advocate(s) reply(s)... Thanks, Ruben Molina (Sorry, I don't remember the original value for the bpellin's advocate so I'm setting it to none again...) -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
--- End Message ---
signature.asc
Description: Digital signature
