]> projects.mako.cc - selectricity/blobdiff - app/controllers/voter_controller.rb
fix security issue
[selectricity] / app / controllers / voter_controller.rb
index afc01039b8e535b7733844f44bf0b5429ed64b2e..78f9a0cdef8da7de802f83800c6484b470500f8e 100644 (file)
@@ -128,16 +128,18 @@ class VoterController < ApplicationController
 
   def confirm
     if authenticate
 
   def confirm
     if authenticate
-      @voter.vote.confirm!
-
-      if @voter.election.embeddable? and params[:embed] == "true" \
-        and @voter.election.early_results?
-        redirect_to :action => :results, :id => @password, :embed => 'true'
+      if @voter.vote.confirm!
+        if @voter.election.embeddable? and params[:embed] == "true" \
+          and @voter.election.early_results?
+          redirect_to :action => :results, :id => @password, :embed => 'true'
+        else
+          render :action => 'thanks'
+        end
       else
       else
-        render :action => 'thanks'
+        redirect_to :action => 'index'
       end
     else
       end
     else
-      redirect_to :action => 'index'
+        redirect_to :action => 'index'
     end
   end
   
     end
   end
   
@@ -153,7 +155,6 @@ class VoterController < ApplicationController
   end
   
   def results
   end
   
   def results
-    debugger
     if authenticate and
       (@voter.election.early_results? \
        or @voter.election.enddate < Time.now)
     if authenticate and
       (@voter.election.early_results? \
        or @voter.election.enddate < Time.now)

Benjamin Mako Hill || Want to submit a patch?