From d386d89179ccc2b86894a8639b658f4ede24c5f6 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sun, 12 Jan 2020 14:17:03 +0100
Subject: Fix invalid votes from the API being accepted (#12601)

* Fix invalid votes from the API being accepted

Fixes #12556

- Ensure `choice` is an integer instead of silently converting to 0
- Ensure `choice` corresponds to an actual choice of the poll

* Please CodeClimate
---
 app/services/vote_service.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/services/vote_service.rb')

diff --git a/app/services/vote_service.rb b/app/services/vote_service.rb
index cb7dce6e8..19e453332 100644
--- a/app/services/vote_service.rb
+++ b/app/services/vote_service.rb
@@ -20,7 +20,7 @@ class VoteService < BaseService
 
         ApplicationRecord.transaction do
           @choices.each do |choice|
-            @votes << @poll.votes.create!(account: @account, choice: choice)
+            @votes << @poll.votes.create!(account: @account, choice: Integer(choice))
           end
         end
       else
-- 
cgit