Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Polls can be edited via right-click menu (even after someone voted) #22018

Closed
waclaw66 opened this issue May 2, 2022 · 2 comments · Fixed by matrix-org/matrix-react-sdk#9253
Closed

Polls can be edited via right-click menu (even after someone voted) #22018

waclaw66 opened this issue May 2, 2022 · 2 comments · Fixed by matrix-org/matrix-react-sdk#9253
Labels
A-Polls O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Tolerable Low/no impact on users T-Defect

Comments

@waclaw66
Copy link
Contributor

waclaw66 commented May 2, 2022

Steps to reproduce

Started poll cannot be edited from context menu of the message...
obrazek
obrazek

Nevertheless it can be edited from right click context menu
obrazek obrazek

Outcome

What did you expect?

Consistency

What happened instead?

Inconsistency

Operating system

Windows 10

Browser information

Firefox 100b9

URL for webapp

No response

Application version

Element version: 1.10.11 Olm version: 3.2.8

Homeserver

own

Will you send logs?

No
@duxovni duxovni added S-Tolerable Low/no impact on users O-Uncommon Most users are unlikely to come across this or unexpected workflow A-Polls labels May 2, 2022
@andybalaam andybalaam changed the title Poll edit inconsistency Polls can be edited via right-click menu (even after someone voted) May 3, 2022
@Zocker1999NET Zocker1999NET mentioned this issue Sep 4, 2022
Merged
Johennes added a commit to Johennes/matrix-react-sdk that referenced this issue Sep 6, 2022
@Johennes
Set relations helper when creating event tile context menu
62732f0 
Fixes element-hq/element-web#22018

Signed-off-by: Johannes Marbach <johannesm@element.io>
@Johennes Johennes mentioned this issue Sep 6, 2022
Merged
3 tasks
@andybalaam
Copy link
Contributor

Did you try editing a poll after votes have been cast? I believe the current implementation in Element changes the poll ID, meaning that the previously-cast votes become invalid. So, while this is an annoying bug, I don't think that it is a "security" bug.

Of course, nothing stops someone from crafting a custom event to edit the poll and keep its ID the same, and polls are explicitly not intended for secure voting.

@waclaw66
Copy link
Contributor Author

I haven't said that is a security bug, but just inconsistency between edit button (edit is disabled) and menu item (edit is enabled). Tested in the current version, still persists.

turt2live added a commit to matrix-org/matrix-react-sdk that referenced this issue Oct 18, 2022
@Johennes @turt2live
Set relations helper when creating event tile context menu (#9253)
26f3d10 
* Set relations helper when creating event tile context menu

Fixes element-hq/element-web#22018

Signed-off-by: Johannes Marbach <johannesm@element.io>

* Add e2e tests

* Use idiomatic test names

Signed-off-by: Johannes Marbach <johannesm@element.io>
Co-authored-by: Travis Ralston <travisr@matrix.org>
su-ex added a commit to SchildiChat/matrix-react-sdk that referenced this issue Nov 12, 2022
@su-ex
Merge tag 'v3.60.0' into sc
02ee80b 
* Loading threads with server-side assistance ([\matrix-org#9356](matrix-org#9356)). Fixes element-hq/element-web#21807, element-hq/element-web#21799, element-hq/element-web#21911, element-hq/element-web#22141, element-hq/element-web#22157, element-hq/element-web#22641, element-hq/element-web#22501 element-hq/element-web#22438 and element-hq/element-web#21678. Contributed by @justjanne.
* Make thread replies trigger a room list re-ordering ([\matrix-org#9510](matrix-org#9510)). Fixes element-hq/element-web#21700.
* Device manager - add extra details to device security and renaming ([\matrix-org#9501](matrix-org#9501)). Contributed by @kerryarchibald.
* Add plain text mode to the wysiwyg composer ([\matrix-org#9503](matrix-org#9503)). Contributed by @florianduros.
* Sliding Sync: improve sort order, show subspace rooms, better tombstoned room handling ([\matrix-org#9484](matrix-org#9484)).
* Device manager - add learn more popups to filtered sessions section ([\matrix-org#9497](matrix-org#9497)). Contributed by @kerryarchibald.
* Show thread notification if thread timeline is closed ([\matrix-org#9495](matrix-org#9495)). Fixes element-hq/element-web#23589.
* Add message editing to wysiwyg composer ([\matrix-org#9488](matrix-org#9488)). Contributed by @florianduros.
* Device manager - confirm sign out of other sessions ([\matrix-org#9487](matrix-org#9487)). Contributed by @kerryarchibald.
* Automatically request logs from other users in a call when submitting logs ([\matrix-org#9492](matrix-org#9492)).
* Add thread notification with server assistance (MSC3773) ([\matrix-org#9400](matrix-org#9400)). Fixes element-hq/element-web#21114, element-hq/element-web#21413, element-hq/element-web#21416, element-hq/element-web#21433, element-hq/element-web#21481, element-hq/element-web#21798, element-hq/element-web#21823 element-hq/element-web#23192 and element-hq/element-web#21765.
* Support for login + E2EE set up with QR ([\matrix-org#9403](matrix-org#9403)). Contributed by @hughns.
* Allow pressing Enter to send messages in new composer ([\matrix-org#9451](matrix-org#9451)). Contributed by @andybalaam.
* Fix regressions around media uploads failing and causing soft crashes ([\matrix-org#9549](matrix-org#9549)). Fixes matrix-org/element-web-rageshakes#16831, matrix-org/element-web-rageshakes#16824 matrix-org/element-web-rageshakes#16810 and element-hq/element-web#23641.
* Fix /myroomavatar slash command ([\matrix-org#9536](matrix-org#9536)). Fixes matrix-org/synapse#14321.
* Fix NotificationBadge unsent color ([\matrix-org#9522](matrix-org#9522)). Fixes element-hq/element-web#23646.
* Fix room list sorted by recent on app startup ([\matrix-org#9515](matrix-org#9515)). Fixes element-hq/element-web#23635.
* Reset custom power selector when blurred on empty ([\matrix-org#9508](matrix-org#9508)). Fixes element-hq/element-web#23481.
* Reinstate timeline/redaction callbacks when updating notification state ([\matrix-org#9494](matrix-org#9494)). Fixes element-hq/element-web#23554.
* Only render NotificationBadge when needed ([\matrix-org#9493](matrix-org#9493)). Fixes element-hq/element-web#23584.
* Fix embedded Element Call screen sharing ([\matrix-org#9485](matrix-org#9485)). Fixes element-hq/element-web#23571.
* Send Content-Type: application/json header for integration manager /register API ([\matrix-org#9490](matrix-org#9490)). Fixes element-hq/element-web#23580.
* Fix joining calls without audio or video inputs ([\matrix-org#9486](matrix-org#9486)). Fixes element-hq/element-web#23511.
* Ensure spaces in the spotlight dialog have rounded square avatars ([\matrix-org#9480](matrix-org#9480)). Fixes element-hq/element-web#23515.
* Only show mini avatar uploader in room intro when no avatar yet exists ([\matrix-org#9479](matrix-org#9479)). Fixes element-hq/element-web#23552.
* Fix threads fallback incorrectly targets root event ([\matrix-org#9229](matrix-org#9229)). Fixes element-hq/element-web#23147.
* Align video call icon with banner text ([\matrix-org#9460](matrix-org#9460)).
* Set relations helper when creating event tile context menu ([\matrix-org#9253](matrix-org#9253)). Fixes element-hq/element-web#22018.
* Device manager - put client/browser device metadata in correct section ([\matrix-org#9447](matrix-org#9447)). Contributed by @kerryarchibald.
* Update the room unread notification counter when the server changes the value without any related read receipt ([\matrix-org#9438](matrix-org#9438)).
su-ex added a commit to SchildiChat/element-desktop that referenced this issue Nov 12, 2022
@su-ex
Merge tag 'v1.11.14' into sc
0cbd941 
* Switch to notarytool ([\element-hq#440](element-hq#440)).
* Loading threads with server-side assistance ([\#9356](matrix-org/matrix-react-sdk#9356)). Fixes element-hq/element-web#21807, element-hq/element-web#21799, element-hq/element-web#21911, element-hq/element-web#22141, element-hq/element-web#22157, element-hq/element-web#22641, element-hq/element-web#22501 element-hq/element-web#22438 and element-hq/element-web#21678. Contributed by @justjanne.
* Make thread replies trigger a room list re-ordering ([\#9510](matrix-org/matrix-react-sdk#9510)). Fixes element-hq/element-web#21700.
* Device manager - add extra details to device security and renaming ([\#9501](matrix-org/matrix-react-sdk#9501)). Contributed by @kerryarchibald.
* Add plain text mode to the wysiwyg composer ([\#9503](matrix-org/matrix-react-sdk#9503)). Contributed by @florianduros.
* Sliding Sync: improve sort order, show subspace rooms, better tombstoned room handling ([\#9484](matrix-org/matrix-react-sdk#9484)).
* Device manager - add learn more popups to filtered sessions section ([\#9497](matrix-org/matrix-react-sdk#9497)). Contributed by @kerryarchibald.
* Show thread notification if thread timeline is closed ([\#9495](matrix-org/matrix-react-sdk#9495)). Fixes element-hq/element-web#23589.
* Add message editing to wysiwyg composer ([\#9488](matrix-org/matrix-react-sdk#9488)). Contributed by @florianduros.
* Device manager - confirm sign out of other sessions ([\#9487](matrix-org/matrix-react-sdk#9487)). Contributed by @kerryarchibald.
* Automatically request logs from other users in a call when submitting logs ([\#9492](matrix-org/matrix-react-sdk#9492)).
* Add thread notification with server assistance (MSC3773) ([\#9400](matrix-org/matrix-react-sdk#9400)). Fixes element-hq/element-web#21114, element-hq/element-web#21413, element-hq/element-web#21416, element-hq/element-web#21433, element-hq/element-web#21481, element-hq/element-web#21798, element-hq/element-web#21823 element-hq/element-web#23192 and element-hq/element-web#21765.
* Support for login + E2EE set up with QR ([\#9403](matrix-org/matrix-react-sdk#9403)). Contributed by @hughns.
* Allow pressing Enter to send messages in new composer ([\#9451](matrix-org/matrix-react-sdk#9451)). Contributed by @andybalaam.
* Fix regressions around media uploads failing and causing soft crashes ([\#9549](matrix-org/matrix-react-sdk#9549)). Fixes matrix-org/element-web-rageshakes#16831, matrix-org/element-web-rageshakes#16824 matrix-org/element-web-rageshakes#16810 and element-hq/element-web#23641.
* Fix /myroomavatar slash command ([\#9536](matrix-org/matrix-react-sdk#9536)). Fixes matrix-org/synapse#14321.
* Fix i18n interpolation ([\element-hq#432](element-hq#432)). Fixes element-hq/element-web#23568.
* Fix config.json failing to load for Jitsi wrapper in non-root deployment ([\#23577](element-hq/element-web#23577)).
* Fix NotificationBadge unsent color ([\#9522](matrix-org/matrix-react-sdk#9522)). Fixes element-hq/element-web#23646.
* Fix room list sorted by recent on app startup ([\#9515](matrix-org/matrix-react-sdk#9515)). Fixes element-hq/element-web#23635.
* Reset custom power selector when blurred on empty ([\#9508](matrix-org/matrix-react-sdk#9508)). Fixes element-hq/element-web#23481.
* Reinstate timeline/redaction callbacks when updating notification state ([\#9494](matrix-org/matrix-react-sdk#9494)). Fixes element-hq/element-web#23554.
* Only render NotificationBadge when needed ([\#9493](matrix-org/matrix-react-sdk#9493)). Fixes element-hq/element-web#23584.
* Fix embedded Element Call screen sharing ([\#9485](matrix-org/matrix-react-sdk#9485)). Fixes element-hq/element-web#23571.
* Send Content-Type: application/json header for integration manager /register API ([\#9490](matrix-org/matrix-react-sdk#9490)). Fixes element-hq/element-web#23580.
* Fix joining calls without audio or video inputs ([\#9486](matrix-org/matrix-react-sdk#9486)). Fixes element-hq/element-web#23511.
* Ensure spaces in the spotlight dialog have rounded square avatars ([\#9480](matrix-org/matrix-react-sdk#9480)). Fixes element-hq/element-web#23515.
* Only show mini avatar uploader in room intro when no avatar yet exists ([\#9479](matrix-org/matrix-react-sdk#9479)). Fixes element-hq/element-web#23552.
* Fix threads fallback incorrectly targets root event ([\#9229](matrix-org/matrix-react-sdk#9229)). Fixes element-hq/element-web#23147.
* Align video call icon with banner text ([\#9460](matrix-org/matrix-react-sdk#9460)).
* Set relations helper when creating event tile context menu ([\#9253](matrix-org/matrix-react-sdk#9253)). Fixes element-hq/element-web#22018.
* Device manager - put client/browser device metadata in correct section ([\#9447](matrix-org/matrix-react-sdk#9447)). Contributed by @kerryarchibald.
* Update the room unread notification counter when the server changes the value without any related read receipt ([\#9438](matrix-org/matrix-react-sdk#9438)).
su-ex added a commit to SchildiChat/element-web that referenced this issue Nov 12, 2022
@su-ex
Merge tag 'v1.11.14' into sc
99c7dc3 
* Loading threads with server-side assistance ([\element-hq#9356](matrix-org/matrix-react-sdk#9356)). Fixes element-hq#21807, element-hq#21799, element-hq#21911, element-hq#22141, element-hq#22157, element-hq#22641, element-hq#22501 element-hq#22438 and element-hq#21678. Contributed by @justjanne.
* Make thread replies trigger a room list re-ordering ([\element-hq#9510](matrix-org/matrix-react-sdk#9510)). Fixes element-hq#21700.
* Device manager - add extra details to device security and renaming ([\element-hq#9501](matrix-org/matrix-react-sdk#9501)). Contributed by @kerryarchibald.
* Add plain text mode to the wysiwyg composer ([\element-hq#9503](matrix-org/matrix-react-sdk#9503)). Contributed by @florianduros.
* Sliding Sync: improve sort order, show subspace rooms, better tombstoned room handling ([\element-hq#9484](matrix-org/matrix-react-sdk#9484)).
* Device manager - add learn more popups to filtered sessions section ([\element-hq#9497](matrix-org/matrix-react-sdk#9497)). Contributed by @kerryarchibald.
* Show thread notification if thread timeline is closed ([\element-hq#9495](matrix-org/matrix-react-sdk#9495)). Fixes element-hq#23589.
* Add message editing to wysiwyg composer ([\element-hq#9488](matrix-org/matrix-react-sdk#9488)). Contributed by @florianduros.
* Device manager - confirm sign out of other sessions ([\element-hq#9487](matrix-org/matrix-react-sdk#9487)). Contributed by @kerryarchibald.
* Automatically request logs from other users in a call when submitting logs ([\element-hq#9492](matrix-org/matrix-react-sdk#9492)).
* Add thread notification with server assistance (MSC3773) ([\element-hq#9400](matrix-org/matrix-react-sdk#9400)). Fixes element-hq#21114, element-hq#21413, element-hq#21416, element-hq#21433, element-hq#21481, element-hq#21798, element-hq#21823 element-hq#23192 and element-hq#21765.
* Support for login + E2EE set up with QR ([\element-hq#9403](matrix-org/matrix-react-sdk#9403)). Contributed by @hughns.
* Allow pressing Enter to send messages in new composer ([\element-hq#9451](matrix-org/matrix-react-sdk#9451)). Contributed by @andybalaam.
* Fix regressions around media uploads failing and causing soft crashes ([\element-hq#9549](matrix-org/matrix-react-sdk#9549)). Fixes matrix-org/element-web-rageshakes#16831, matrix-org/element-web-rageshakes#16824 matrix-org/element-web-rageshakes#16810 and element-hq#23641.
* Fix /myroomavatar slash command ([\element-hq#9536](matrix-org/matrix-react-sdk#9536)). Fixes matrix-org/synapse#14321.
* Fix config.json failing to load for Jitsi wrapper in non-root deployment ([\element-hq#23577](element-hq#23577)).
* Fix NotificationBadge unsent color ([\element-hq#9522](matrix-org/matrix-react-sdk#9522)). Fixes element-hq#23646.
* Fix room list sorted by recent on app startup ([\element-hq#9515](matrix-org/matrix-react-sdk#9515)). Fixes element-hq#23635.
* Reset custom power selector when blurred on empty ([\element-hq#9508](matrix-org/matrix-react-sdk#9508)). Fixes element-hq#23481.
* Reinstate timeline/redaction callbacks when updating notification state ([\element-hq#9494](matrix-org/matrix-react-sdk#9494)). Fixes element-hq#23554.
* Only render NotificationBadge when needed ([\element-hq#9493](matrix-org/matrix-react-sdk#9493)). Fixes element-hq#23584.
* Fix embedded Element Call screen sharing ([\element-hq#9485](matrix-org/matrix-react-sdk#9485)). Fixes element-hq#23571.
* Send Content-Type: application/json header for integration manager /register API ([\element-hq#9490](matrix-org/matrix-react-sdk#9490)). Fixes element-hq#23580.
* Fix joining calls without audio or video inputs ([\element-hq#9486](matrix-org/matrix-react-sdk#9486)). Fixes element-hq#23511.
* Ensure spaces in the spotlight dialog have rounded square avatars ([\element-hq#9480](matrix-org/matrix-react-sdk#9480)). Fixes element-hq#23515.
* Only show mini avatar uploader in room intro when no avatar yet exists ([\element-hq#9479](matrix-org/matrix-react-sdk#9479)). Fixes element-hq#23552.
* Fix threads fallback incorrectly targets root event ([\element-hq#9229](matrix-org/matrix-react-sdk#9229)). Fixes element-hq#23147.
* Align video call icon with banner text ([\element-hq#9460](matrix-org/matrix-react-sdk#9460)).
* Set relations helper when creating event tile context menu ([\element-hq#9253](matrix-org/matrix-react-sdk#9253)). Fixes element-hq#22018.
* Device manager - put client/browser device metadata in correct section ([\element-hq#9447](matrix-org/matrix-react-sdk#9447)). Contributed by @kerryarchibald.
* Update the room unread notification counter when the server changes the value without any related read receipt ([\element-hq#9438](matrix-org/matrix-react-sdk#9438)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Polls O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Tolerable Low/no impact on users T-Defect
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set relations helper when creating event tile context menu Johennes/matrix-react-sdk
3 participants
@andybalaam @duxovni @waclaw66