Bug: Internal Server 500 error when there are multiple vote counts per topic


#1

Our whole site went down with the Internal Server 500 error when there were multiple vote count entries in one of the topics that I believe was caused by a SQL race condition. Basically somebody deliberately tried to vote multiple times on a topic at the same time and it ended up creating multiple entries in the topic_custom_fields table. Logs show below for the error:
“NoMethodError (undefined method to_i' for ["1101", "1101", "1105"]:Array Did you mean? to_s to_a to_h) /var/www/discourse/plugins/discourse-voting/plugin.rb:172:invote_c”

To fix the issue, I disabled the plugin in app.yml and rebuild. Delete the two extra rows in the table and re-enabled the plugin.

This is a potential DOS on a system and I have updated the title to be a bug.