From 863722fd75b39f14a2aca10f97c7c12dab49f692 Mon Sep 17 00:00:00 2001
From: Julien Rabier <taziden@flexiden.org>
Date: Wed, 13 Aug 2014 16:18:43 +0200
Subject: [PATCH] [PATCH] by julm - fix missing check that choice belongs to
 current vote

---
 main.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/main.py b/main.py
index 0d673e5..253fb87 100755
--- a/main.py
+++ b/main.py
@@ -467,15 +467,17 @@ def vote(idvote):
     if vote is None:
         abort(404)
     if can_see_vote(idvote, get_userid()):
+        choices = query_db('select name, id from choices where id_vote=?', [idvote])
         if request.method == 'POST':
             if can_vote(idvote, get_userid()):
                 if vote['is_multiplechoice'] == 0:
-                    if query_db('select * from choices where id = ?', [request.form['choice']], one=True) is not None:
-                        g.db.execute('insert into user_choice (id_user, id_choice) values (?, ?)', 
-                                [session.get('user').get('id'), request.form['choice']])
+                    choice = request.form['choice']
+                    if choice in [str(c['id']) for c in choices] \
+                        and query_db('select * from choices where id = ?', [choice], one=True) is not None:
+                        g.db.execute('insert into user_choice (id_user, id_choice) values (?, ?)',
+                        [session.get('user').get('id'), request.form['choice']])
                         g.db.commit()
                 else:
-                    choices = query_db('select name, id from choices where id_vote=?', [idvote])
                     for choice in choices:
                         if str(choice['id']) in request.form.keys():
                             g.db.execute('insert into user_choice (id_user, id_choice) values (?, ?)',
-- 
2.20.1