Sending email to non-existant voter_id sends email to all voters
Cryptosaurus opened this issue · comments
Cryptosaurus commented
The voters/email
page has an optional parameter voter_id
to send an email to a single voter.
However, if the parameter given does not corresponds to an existing voter, it falls back to sending the mail to all voters. This is probably not what the user intended.
This can be triggers as follows:
- Create a test election with 2 or more voters, open the vote
- In a browser window, open the voter list, and click the link to send an email to voter 1
- In a second browser window, delete voter 1
- Validate the email in the first windows
Proposed fix: #380