X-Git-Url: https://projects.mako.cc/source/selectricity/blobdiff_plain/08ca43a9196b53ae078f6f7737fa544dd2343923..823d530ba46c1fb3518c4deef0081738503837eb:/app/controllers/quickvote_controller.rb

diff --git a/app/controllers/quickvote_controller.rb b/app/controllers/quickvote_controller.rb
index 41d0dc3..031c075 100644
--- a/app/controllers/quickvote_controller.rb
+++ b/app/controllers/quickvote_controller.rb
@@ -4,7 +4,7 @@ class QuickvoteController < ApplicationController
   require_dependency "quick_vote"
   require_dependency "vote"
   require_dependency "election"
-
+  
   #############################################################
   # the following methods pertain to creating quickvotes
   #############################################################
@@ -12,10 +12,9 @@ class QuickvoteController < ApplicationController
   def create
     if params[:quickvote] 
       @quickvote = QuickVote.new(params[:quickvote])
-     
       # store the candidate grabbed through ajax and stored in flash
       @quickvote.candidatelist = flash[:candlist]
-      @quickvote.description=CGI.escapeHTML(@quickvote.description)
+      @quickvote.description=@quickvote.description
       # try to save, if it fails, show the page again (the flash should
       # still be intact
       if @quickvote.save
@@ -30,11 +29,12 @@ class QuickvoteController < ApplicationController
       # here has not been hitting this page and we can clear any
       # candlist in the flash
       flash.delete(:candlist) if flash.has_key?(:candlist)
+      @quickvote = QuickVote.new
     end
   end
 
   def add_candidate
-    candidate_name = CGI.escapeHTML(params[:ajax][:newcandidate])
+    candidate_name = params[:ajax][:newcandidate]
     unless candidate_name.strip.empty?
       if flash.has_key?(:candlist) and flash[:candlist].instance_of?(Array) 
         flash[:candlist] << candidate_name unless flash[:candlist].index(candidate_name)
@@ -52,11 +52,9 @@ class QuickvoteController < ApplicationController
 
   def index
     @election = QuickVote.ident_to_quickvote(params[:ident])
-    
     # if the person has specified an election, we show them the voting
     # page. otherwise, we redirect back to main the page
     if @election
-
       # look to see that the voter has been created and has voted in
       # this election, and has confirmed their vote
       @voter = QuickVoter.find(:all, :conditions => ["session_id = ? and election_id = ?",
@@ -75,8 +73,8 @@ class QuickvoteController < ApplicationController
         @voter = QuickVoter.new
         @voter.election = @election
         @voter.session_id = session.session_id
-        
-	      # create new vote and make it the defaulted sorted list
+	      
+        # create new vote and make it the defaulted sorted list
         @voter.vote = Vote.new
 	      @voter.save
 	      @voter.vote.set_defaults!
@@ -159,9 +157,16 @@ class QuickvoteController < ApplicationController
   ###############################################################
 
   def results
-    @election = QuickVote.ident_to_quickvote(params[:ident])
-    @election.results
+    unless @election = QuickVote.ident_to_quickvote(params[:ident])
+      flash[:notice] = "Cannot find quickvote #{params[:ident]}."
+      redirect_to :controller => 'site'
+      return
+    end
+    @results = @election.results
     @candidates = {}
     @election.candidates.each {|c| @candidates[c.id] = c}
   end
+  
+  
 end
+