]> projects.mako.cc - selectricity-live/blobdiff - app/controllers/quickvote_controller.rb
fix security issue
[selectricity-live] / app / controllers / quickvote_controller.rb
index 4b3c0c988d75544b3b9f93945a48e8a016f3fec0..701005d08ed03f1835326cf2f598aaa663ea6ac7 100644 (file)
@@ -158,14 +158,16 @@ class QuickvoteController < ApplicationController
     else
       
       # record the ip address for posterity
-      @voter.ipaddress = request.env["REMOTE_ADDR"]
+      @voter.ipaddress = request.env["HTTP_X_FORWARDED_FOR"]
       @voter.save
       
       # toggle the confirmation bit      
-      @voter.vote.confirm!
-     
-      @voter.reload
-      render :action => 'thanks'
+      if @voter.vote.confirm!
+        @voter.reload
+        render :action => 'thanks'
+      else
+        redirect_to :action => 'index'
+      end
     end
   end
  
@@ -183,9 +185,10 @@ class QuickvoteController < ApplicationController
     @election=QuickVote.ident_to_quickvote(params[:id])
     @election.voters.each do |voter|
       next unless voter.ipaddress
+
       location=nil
-      if defined? Cache and location=Cache.get("GEO:#{voter.ipaddress}")
-      elsif defined? Cache
+      if Cache and location=Cache.get("GEO:#{voter.ipaddress}")
+      elsif Cache
         location = GeoKit::Geocoders::IpGeocoder.geocode(voter.ipaddress)
         Cache.set "GEO:#{voter.ipaddress}", location
       else

Benjamin Mako Hill || Want to submit a patch?