Also a part of the previous commit

author John Dong <jdong@mit.edu>

Thu, 16 Aug 2007 17:56:41 +0000 (13:56 -0400)

committer John Dong <jdong@mit.edu>

Thu, 16 Aug 2007 17:56:41 +0000 (13:56 -0400)
author John Dong <jdong@mit.edu>
Thu, 16 Aug 2007 17:56:41 +0000 (13:56 -0400)
committer John Dong <jdong@mit.edu>
Thu, 16 Aug 2007 17:56:41 +0000 (13:56 -0400)
diff --git a/app/controllers/quickvote_controller.rb b/app/controllers/quickvote_controller.rb

index 83a6cc5fc659e5bcfabcc75a1d6e31baa7af5474..2847df91890d0ffd9212b1cee8c5281a9d1117f6 100644 (file)
--- a/app/controllers/quickvote_controller.rb
+++ b/app/controllers/quickvote_controller.rb
@@ -34,11 +34,13 @@ class QuickvoteController < ApplicationController
    end
  
    def add_candidate
-    candidate_name = params[:ajax][:newcandidate]
-    if flash.has_key?(:candlist) and flash[:candlist].instance_of?(Array) 
-      flash[:candlist] << candidate_name
-    else
-      flash[:candlist] = [ candidate_name ]
+    candidate_name = CGI.escapeHTML(params[:ajax][:newcandidate])
+    unless candidate_name.strip.empty?
+      if flash.has_key?(:candlist) and flash[:candlist].instance_of?(Array) 
+        flash[:candlist] << candidate_name
+     else
+       flash[:candlist] = [ candidate_name ]
+      end
      end
      flash.keep(:candlist)
      render_partial 'candidate_list'
author	John Dong <jdong@mit.edu>
	Thu, 16 Aug 2007 17:56:41 +0000 (13:56 -0400)
committer	John Dong <jdong@mit.edu>
	Thu, 16 Aug 2007 17:56:41 +0000 (13:56 -0400)