Fix unvalidated redirects

author: Gareth Rees <gareth@mysociety.org> 2014-10-01 13:00:01 +0100
committer: Louise Crow <louise.crow@gmail.com> 2014-12-22 17:27:09 +0000
commit: 090122a9fd74aba6074d5e1b52aa54d40a9985d1 (patch)
tree: 8992e6b3454ed05121de8776d17a6bddd7faf15e /app/controllers/track_controller.rb
parent: 029ea37503b3546b65e1e69163129ebd4847a0eb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 15da7f327..cd26af0bc 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -215,7 +215,7 @@ class TrackController < ApplicationController
         end
         flash[:notice] += "</ul>"
 
-        redirect_to params[:r]
+        redirect_to URI.parse(params[:r]).path
     end
author	Gareth Rees <gareth@mysociety.org>	2014-10-01 13:00:01 +0100
committer	Louise Crow <louise.crow@gmail.com>	2014-12-22 17:27:09 +0000
commit	090122a9fd74aba6074d5e1b52aa54d40a9985d1 (patch)
tree	8992e6b3454ed05121de8776d17a6bddd7faf15e /app/controllers/track_controller.rb
parent	029ea37503b3546b65e1e69163129ebd4847a0eb (diff)