diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-10-02 18:31:46 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-10-02 18:31:46 +0100 |
| commit | 0ce3891bfd26d9ec3580f67a5ec5e904b5151962 (patch) | |
| tree | b0d4da98093cba4f6aa6c1285a3f26c3ffbfb2dc /app/controllers/track_controller.rb | |
| parent | b597d3528ac71d17c57d3ddca9950a4430f75039 (diff) | |
Don't allow redirects to another host.
Diffstat (limited to 'app/controllers/track_controller.rb')
| -rw-r--r-- | app/controllers/track_controller.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 40fa69290..72c092221 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -181,7 +181,8 @@ class TrackController < ApplicationController if new_medium == 'delete' track_thing.destroy flash[:notice] = _("You are no longer following {{track_description}}.", :track_description => track_thing.params[:list_description]) - redirect_to params[:r] + redirect_to URI.parse(params[:r]).path + # Reuse code like this if we let medium change again. #elsif new_medium == 'email_daily' # track_thing.track_medium = new_medium |