X-Git-Url: https://projects.mako.cc/source/selectricity/blobdiff_plain/40891d8740b77b6d6249e8982f15e2f348725282..8ae0d71896fa022dd80e5a5de993e1382564fcb1:/app/controllers/quickvote_controller.rb

diff --git a/app/controllers/quickvote_controller.rb b/app/controllers/quickvote_controller.rb
index 2847df9..4783eb2 100644
--- a/app/controllers/quickvote_controller.rb
+++ b/app/controllers/quickvote_controller.rb
@@ -15,7 +15,7 @@ class QuickvoteController < ApplicationController
      
       # store the candidate grabbed through ajax and stored in flash
       @quickvote.candidatelist = flash[:candlist]
-
+      @quickvote.description=CGI.escapeHTML(@quickvote.description)
       # try to save, if it fails, show the page again (the flash should
       # still be intact
       if @quickvote.save
@@ -37,7 +37,7 @@ class QuickvoteController < ApplicationController
     candidate_name = CGI.escapeHTML(params[:ajax][:newcandidate])
     unless candidate_name.strip.empty?
       if flash.has_key?(:candlist) and flash[:candlist].instance_of?(Array) 
-        flash[:candlist] << candidate_name
+        flash[:candlist] << candidate_name unless flash[:candlist].index(candidate_name)
      else
        flash[:candlist] = [ candidate_name ]
       end