Fix #308 Unauthenticated SQL injection. Use sanitized `$_REQUEST` + Move Portal Poll vote code to modfunc