Replace GNOME favico with Conservancy's: not ideal

This is ostensibly supposed to be an upstream project, so merely
replacing GNOME-isms with Conservancy-isms is not really a way forward,
but at this moment, since Conservancy is the only user of this fork, it
seems this is a reasonable shortcut.

README

@@ -1,10 +1,12 @@
-# Why This Fork of GNOME Foundation's Voting System?
+# What's Conservancy Voting Software Repository For?
 
 When I was setting up Conservancy's ability to run elections for its member
 projects, I surveyed various Open Source and Free Software systems systems to
 handle online voting and elections.  I was mostly looking for something that
 implemented STV algorithm and ballot collection for the same.
 
+## What Open Source and Free Software Election / Voting / Vote Collection Systems Exist
+
 As it turns out, there are precious few Free Software voting systems.
 
   * [Selectricity](http://selectricity.org/) is a good option, but upon
@@ -13,7 +15,7 @@ As it turns out, there are precious few Free Software voting systems.
     multiple winner elections.  So, if you want a preferential voting system
     with just one winner, Selectricity is probably the best choice.
 
-  * [Fedora's election system](https://github.com/fedora-infra/elections)'s
+  * [Fedora's election system](https://github.com/fedora-infra/elections)
     supports only [range voting](http://en.wikipedia.org/wiki/Range_voting).
 
   * Meanwhile, for various STV algorithms,
@@ -29,25 +31,34 @@ As it turns out, there are precious few Free Software voting systems.
     relatively poorly documented and it was unclear upon initial evaluation
     if STV-style ballots were available.
 
+  * The Apache Software Foundation released
+    [Apache Steve](http://steve.apache.org/), which handles STV vote and
+    First-past-the-post ballot collection and appears to be email-centric in
+    its vote collection.
+
   * GNOME Foundation hacked together a system in the
     [GNOME Foundation website repository](https://git.gnome.org/browse/foundation-web/)
     implemented their own little system to collect votes for
     their annual Directorship elections, using OpenSTV on the backend to
     count the votes.
 
+## Why This Fork of GNOME Foundation's Voting System?
+
 Since I needed STV specifically, this seemed like the best option (mainly
 because I didn't know about E-Vote when I started, I'd probably have used
 E-Vote if I'd known about it before I started modifying the GNOME
 Foundation's code).  Thus, this project is a fork of GNOME's work, with
 *just* the voting stuff included.  Most of the GNOME-isms have been removed,
-although a few remain.
+although a few remain, and in some cases, GNOME-isms have merely been
+bulk-replaced with Conservancy-isms (which admittedly is "no help" from the
+point of view of non-Conservancy users).
 
 I've also offered patches back to the GNOME Foundation repository by
 cherry-picking changes that are of use to both projects.
 
 Having spent 10-20 hours poking around this PHP code, I must frankly say that
 this isn't a well-designed system, and I don't really recommend it.  However,
-if you need to run a few elections, using this system, by following the
+if you need to run a few STV elections, using this system, by following the
 instructions below, might be your quickest way to get an election up and
 running.  (Note: the instructions herein are loosely based on
 [instructions available on the GNOME Foundation's wiki](https://wiki.gnome.org/MembershipCommittee/ElectionsHowTo),
@@ -199,5 +210,6 @@ Voters might complain that they haven't received their token.  Likely, it
 either went missing or the email address was wrongly noted in the
 database. In any case, you need to find the ID of the voter With the ID do
 something like:
+
     SELECT * FROM election_tmp_tokens WHERE election_id = 17 AND election_voter_id  = $ID;
 

include/add-header.xsl

@@ -28,7 +28,7 @@
     <head xmlns="http://www.w3.org/1999/xhtml">
       <link rel="stylesheet" type="text/css" href="https://www-old.gnome.org/default.css" />
       <link rel="stylesheet" type="text/css" href="https://foundation-old.gnome.org/foundation.css" />
-      <link rel="icon" type="image/png" href="https://www-old.gnome.org/img/logo/foot-16.png" />
+      <link rel="shortcut icon" href="https://sfconservancy.org/favicon.ico" type="image/x-icon" />
       <xsl:copy-of select="@*" />
       <xsl:apply-templates select="node()" />
     </head>
@@ -45,15 +45,6 @@
 	<div id="logo"><a href="{$root}/"><img src="https://www-old.gnome.org/img/spacer" alt="Home" /></a></div>
         <div id="banner"><img src="https://www-old.gnome.org/img/spacer" alt="" /></div>
 	<p class="none"></p>
-        <div id="hdrNav">
-	  <a href="https://www.gnome.org/about/">About GNOME</a> &middot;
-	  <a href="https://www.gnome.org/start/stable/">Download</a> &middot;
-	  <!--<a href="http://www.gnome.org/contribute/"><i>Get Involved!</i></a> &middot;-->
-	  <a href="https://www.gnome.org/">Users</a> &middot;
-	  <a href="https://developer.gnome.org/">Developers</a> &middot;
-	  <a href="https://foundation.gnome.org/"><b>Foundation</b></a> &middot;
-	  <a href="https://www.gnome.org/contact/">Contact</a>
-	</div>
       </div>
 
       <!-- Piwik -->

vote/include/election-sql.php

@@ -205,7 +205,7 @@ function elec_choices_get_by_anon_token_id ($handle, $anon_token_id) {
   $query = "SELECT c.choice, c.id FROM ";
   $query .=  $choices_table . " c, " . $anon_tokens_table . " a";
   $query .= " WHERE c.election_id = a.election_id";
-  $query .= "   AND a.id = " . $anon_token_id;
+  $query .= "   AND a.id = " . intval($anon_token_id);
   $query .= " ORDER BY c.id";
 
   
@@ -476,7 +476,7 @@ function elec_get_votes_for_anon_token ($handle, $anon_token_id) {
   $escaped_anon_token_id = mysql_real_escape_string ($anon_token_id, $handle);
 
   $query = "SELECT choice_id,preference FROM " . $votes_table;
-  $query .= " WHERE anon_id = $anon_token_id";
+  $query .= " WHERE anon_id = $escaped_anon_token_id";
   /* -1 is not a valid value: it's the default value for referenda.
    * It's a blank vote. There was a bug that let this choice be saved in the
    * votes, but we don't need it there since we already have the anonymous