]> projects.mako.cc - selectricity/blobdiff - app/controllers/quickvote_controller.rb
fix security issue
[selectricity] / app / controllers / quickvote_controller.rb
index c32d585dd53cc441d8e36d7a72fe74be9edaec90..cd16743fcc16e2095f46b1eff115c47f2cd51d39 100644 (file)
@@ -161,14 +161,16 @@ class QuickvoteController < ApplicationController
     else
       
       # record the ip address for posterity
-      @voter.ipaddress = request.env["REMOTE_ADDR"]
+      @voter.ipaddress = request.env["HTTP_X_FORWARDED_FOR"]
       @voter.save
       
       # toggle the confirmation bit      
-      @voter.vote.confirm!
-     
-      @voter.reload
-      render :action => 'thanks'
+      if @voter.vote.confirm!
+        @voter.reload
+        render :action => 'thanks'
+      else
+        redirect_to :action => 'index'
+      end
     end
   end
  
@@ -186,9 +188,10 @@ class QuickvoteController < ApplicationController
     @election=QuickVote.ident_to_quickvote(params[:id])
     @election.voters.each do |voter|
       next unless voter.ipaddress
+
       location=nil
-      if defined? Cache and location=Cache.get("GEO:#{voter.ipaddress}")
-      elsif defined? Cache
+      if Cache and location=Cache.get("GEO:#{voter.ipaddress}")
+      elsif Cache
         location = GeoKit::Geocoders::IpGeocoder.geocode(voter.ipaddress)
         Cache.set "GEO:#{voter.ipaddress}", location
       else

Benjamin Mako Hill || Want to submit a patch?