It should have been done through the model, but that is somehow not working.
Therefor, make an immediate purge of the results to the specific survey that
is being voted on.
Most of these forms look pretty benign, but the user profile form, which
includes an SSH key field, certainly needs to be protected.
The survey form is unprotected because it's served over insecure HTTP
and the Varnish proxy strips cookies, which is required by the builtin
CSRF protection.
Marti Raudsepp
