]> projects.mako.cc - selectricity/blobdiff - app/models/vote.rb
fix security issue
[selectricity] / app / models / vote.rb
index cc423110264b43edbefd6ff00e1ec2e9a2230ad6..12dd64d763e1f9fbd47d0bb776c5d118684b1b0b 100644 (file)
@@ -62,14 +62,19 @@ class Vote < ActiveRecord::Base
   end
 
   def confirm!
-    self.confirmed = 1
-    self.time = Time.now
-    self.save
-    
-    unless self.voter.election.quickvote?
-      token.destroy and token.reload if token
-      self.token = Token.new
+    if self.voter.election.candidates.length == self.rankings.length
+      self.confirmed = 1
+      self.time = Time.now
       self.save
+    
+      unless self.voter.election.quickvote?
+        token.destroy and token.reload if token
+        self.token = Token.new
+        self.save
+      end
+      return false
+    else
+      return true
     end
   end
 

Benjamin Mako Hill || Want to submit a patch?