@quickvote = QuickVote.new(params[:quickvote])
# store the candidate grabbed through ajax and stored in flash
@quickvote.candidatelist = flash[:candlist]
- @quickvote.description=CGI.escapeHTML(@quickvote.description)
+ @quickvote.description=@quickvote.description
# try to save, if it fails, show the page again (the flash should
# still be intact
if @quickvote.save
end
def add_candidate
- candidate_name = CGI.escapeHTML(params[:ajax][:newcandidate])
+ candidate_name = params[:ajax][:newcandidate]
unless candidate_name.strip.empty?
if flash.has_key?(:candlist) and flash[:candlist].instance_of?(Array)
flash[:candlist] << candidate_name unless flash[:candlist].index(candidate_name)
###############################################################
def results
- @election = QuickVote.ident_to_quickvote(params[:ident])
+ unless @election = QuickVote.ident_to_quickvote(params[:ident])
+ flash[:notice] = "Cannot find quickvote #{params[:ident]}."
+ redirect_to :controller => 'site'
+ return
+ end
@election.results
@candidates = {}
@election.candidates.each {|c| @candidates[c.id] = c}