From 40891d8740b77b6d6249e8982f15e2f348725282 Mon Sep 17 00:00:00 2001 From: John Dong Date: Thu, 16 Aug 2007 13:56:41 -0400 Subject: [PATCH 1/1] Also a part of the previous commit --- app/controllers/quickvote_controller.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/controllers/quickvote_controller.rb b/app/controllers/quickvote_controller.rb index 83a6cc5..2847df9 100644 --- a/app/controllers/quickvote_controller.rb +++ b/app/controllers/quickvote_controller.rb @@ -34,11 +34,13 @@ class QuickvoteController < ApplicationController end def add_candidate - candidate_name = params[:ajax][:newcandidate] - if flash.has_key?(:candlist) and flash[:candlist].instance_of?(Array) - flash[:candlist] << candidate_name - else - flash[:candlist] = [ candidate_name ] + candidate_name = CGI.escapeHTML(params[:ajax][:newcandidate]) + unless candidate_name.strip.empty? + if flash.has_key?(:candlist) and flash[:candlist].instance_of?(Array) + flash[:candlist] << candidate_name + else + flash[:candlist] = [ candidate_name ] + end end flash.keep(:candlist) render_partial 'candidate_list' -- 2.39.5