]> projects.mako.cc - selectricity-live/blobdiff - app/models/quick_vote.rb
HTML escape description to prevent code injection onto page
[selectricity-live] / app / models / quick_vote.rb
index 0efb5744e62397bd0a1c56a4f59b363d42f2e585..13e616824c58c0a1f3b3610bf7e0322fd49604c6 100644 (file)
@@ -17,6 +17,9 @@ class QuickVote < Election
     if name =~ /[^A-Za-z0-9]/
       errors.add(:name, "must only include numbers and letters.")
     end
+    if name =~ /^[0-9]+$/
+      errors.add(:name, "must not be a number")
+    end
     
     if name =~ /^(create|index|confirm|change|results)$/
       errors.add(:name, " is a reserved word.")

Benjamin Mako Hill || Want to submit a patch?