From: John Dong <jdong@mit.edu>
Date: Wed, 29 Aug 2007 21:43:11 +0000 (-0400)
Subject: Merge from jdong
X-Git-Url: https://projects.mako.cc/source/selectricity/commitdiff_plain/2fbe78e290a7b405067fddb52cad684fa5c8f3ba?hp=bbacedb4b2728febf97975b7e2ee627e6cac9e43

Merge from jdong
---

diff --git a/.bzrignore b/.bzrignore
index 1e24ca1..57a67d2 100644
--- a/.bzrignore
+++ b/.bzrignore
@@ -6,3 +6,4 @@ test.log
 tmp
 public/engine_files
 .DS_Store
+vendor/plugins/sitealizer/lib/last_update
diff --git a/app/models/full_voter.rb b/app/models/full_voter.rb
index 980fb5c..b82667c 100644
--- a/app/models/full_voter.rb
+++ b/app/models/full_voter.rb
@@ -9,4 +9,12 @@ class FullVoter < Voter
       self.password = token_generator.token
     end
   end
+  
+  protected
+  def validate
+    # E-mail regex, moderate complexity
+    # Stolen from http://www.regular-expressions.info/email.html
+    errors.add(:email, "is not valid") unless email  =~
+                  /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 78266ad..eca592d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -6,13 +6,12 @@ class User < ActiveRecord::Base
   attr_accessor :password
   attr_accessor :current_user
   
-  validates_presence_of     :login, :email
+  validates_presence_of     :email
   validates_presence_of     :password,                   :if => :password_required?
   validates_presence_of     :password_confirmation,      :if => :password_required?
   validates_length_of       :password, :within => 4..40, :if => :password_required?
   validates_confirmation_of :password,                   :if => :password_required?
   validates_length_of       :login,    :within => 3..40
-  validates_length_of       :email,    :within => 3..100
   validates_uniqueness_of   :login, :email, :case_sensitive => false
   before_save :encrypt_password
 
@@ -68,4 +67,12 @@ class User < ActiveRecord::Base
     def password_required?
       crypted_password.blank? || !password.blank?
     end
+    def validate
+      # E-mail regex, moderate complexity
+      # Stolen from http://www.regular-expressions.info/email.html
+      errors.add(:email, "is not valid") unless email  =~
+                  /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
+      errors.add(:login, "should not begin or end with spaces") if login.strip!
+      errors.add(:login, "should contain only letters, numbers, and spaces") unless login =~ /^[A-Za-z0-9 ]*$/
+    end
 end
diff --git a/app/views/election/_candidate_line.rhtml b/app/views/election/_candidate_line.rhtml
index 5145b88..870a2de 100644
--- a/app/views/election/_candidate_line.rhtml
+++ b/app/views/election/_candidate_line.rhtml
@@ -1,6 +1,6 @@
 <% -%>
 <div id="cand<%= @current_candidate.id %>">
-  <li><%= @current_candidate.name -%>
+  <li><%=h @current_candidate.name -%>
     <% if @show_details %>
       (<%= link_to_remote "Hide Details",
                          :update => "cand#{@current_candidate.id}",
diff --git a/app/views/election/_candidate_line_edit.rhtml b/app/views/election/_candidate_line_edit.rhtml
index 78f8580..61a9f63 100644
--- a/app/views/election/_candidate_line_edit.rhtml
+++ b/app/views/election/_candidate_line_edit.rhtml
@@ -1,6 +1,6 @@
 <% -%>
 <div id="cand<%= @current_candidate.id %>">
-<p><strong><%= @current_candidate.name %></strong>
+<p><strong><%=h @current_candidate.name %></strong>
   (<%= link_to_remote "Delete",
                        :complete => "Element.remove('cand#{@current_candidate.id}')",
                        :url => { :action => :delete_candidate,
diff --git a/app/views/election/_winner.rhtml b/app/views/election/_winner.rhtml
index 531e0d2..0e55aa2 100644
--- a/app/views/election/_winner.rhtml
+++ b/app/views/election/_winner.rhtml
@@ -6,7 +6,7 @@
 
   <ul>
   <% for candidate in @winners %>
-    <li><%= @candidates_by_id[candidate].name %></li>
+    <li><%=h @candidates_by_id[candidate].name %></li>
   <% end %>
   </ul>
 
@@ -14,7 +14,7 @@
 
   <% winner = @winners[0] %>
   <p>The winner of the election was:
-     <strong><%= @candidates_by_id[winner].name %></strong>
+     <strong><%=h @candidates_by_id[winner].name %></strong>
   </p>
 
 <% end %>
diff --git a/app/views/election/_winner_details.rhtml b/app/views/election/_winner_details.rhtml
index 0903952..36877ae 100644
--- a/app/views/election/_winner_details.rhtml
+++ b/app/views/election/_winner_details.rhtml
@@ -6,12 +6,12 @@ preferred to any other candidates is listed here:</p>
 <tr>
 <th></th>
 <% for candidate in @election.candidates.sort %>
-  <th><%= candidate.name %></th>
+  <th><%=h candidate.name %></th>
 <% end %>
 </tr>
 <% for cand1 in @election.candidates.sort %>
   <tr>
-  <th><%= cand1.name %></th>
+  <th><%=h cand1.name %></th>
   <% for cand2 in @election.candidates.sort %>
     <td>
     <% if cand1 == cand2 %>
diff --git a/app/views/election/edit.rhtml b/app/views/election/edit.rhtml
index 968d157..40aaad2 100644
--- a/app/views/election/edit.rhtml
+++ b/app/views/election/edit.rhtml
@@ -1,4 +1,4 @@
-<h1><strong><%= @election.name %>:</strong> Edit Overview</h1>
+<h1><strong><%=h @election.name %>:</strong> Edit Overview</h1>
 
 <% form_tag(:action => 'update', :id => @election) do %>
   <%= render :partial => 'overview_form' %>
diff --git a/app/views/election/edit_candidate.rhtml b/app/views/election/edit_candidate.rhtml
index fe56aa0..7e1dd65 100644
--- a/app/views/election/edit_candidate.rhtml
+++ b/app/views/election/edit_candidate.rhtml
@@ -1,4 +1,4 @@
-<h1>Editing <%= @candidate.name %></h1>
+<h1>Editing <%=h @candidate.name %></h1>
 
 <%= error_messages_for :candidate %>
 <% form_tag( { :action => :update_candidate, :id => @candidate.id },
diff --git a/app/views/election/list.rhtml b/app/views/election/list.rhtml
index 83be6c6..321bf46 100644
--- a/app/views/election/list.rhtml
+++ b/app/views/election/list.rhtml
@@ -5,9 +5,9 @@
 
 <% for election in @elections %>
   <tr>
-    <td valign="top"><h2><%= link_to election.name, :action => 'show', :id => election %></h2>
+    <td valign="top"><h2><%=h link_to election.name, :action => 'show', :id => election %></h2>
         <p><strong>Description:</strong></p>
-	<blockquote><%= election.description %></blockquote>
+	<blockquote><%=h election.description %></blockquote>
        
         <p><strong>Election Information:</strong></p>
 	<ul>
diff --git a/app/views/election/new_voters.rhtml b/app/views/election/new_voters.rhtml
index d1f0fab..5f06446 100644
--- a/app/views/election/new_voters.rhtml
+++ b/app/views/election/new_voters.rhtml
@@ -1,5 +1,5 @@
 <% @edit = true %>
-<h1><strong><%= @election.name %>:</strong> Enter List of Voter Email Addresses</h1>
+<h1><strong><%=h @election.name %>:</strong> Enter List of Voter Email Addresses</h1>
 
 <%= render :partial => 'voter_list' %>
 
diff --git a/app/views/site/index.rhtml b/app/views/site/index.rhtml
index 046228d..c828403 100644
--- a/app/views/site/index.rhtml
+++ b/app/views/site/index.rhtml
@@ -46,7 +46,7 @@
 
   <ul>
    <li><%= link_to( "Create a QuickVote", :controller => 'quickvote', :action => 'create') %></li>
-   <li><%= link_to( "Recent QuickVotes", :controller => 'quickvote', :action => 'my_quickvotes')%></li>
+   <li><%= link_to( "My Recent QuickVotes", :controller => 'quickvote', :action => 'my_quickvotes')%></li>
   </ul>
 
   <p>Recently created <em>QuickVotes</em> include:</p>
diff --git a/vendor/plugins/sitealizer/lib/last_update b/vendor/plugins/sitealizer/lib/last_update
deleted file mode 100644
index d393158..0000000
--- a/vendor/plugins/sitealizer/lib/last_update
+++ /dev/null
@@ -1 +0,0 @@
-Wed Aug 29 13:54:03 -0400 2007