From 052c242d74b1aff44b5d08ed664201f17792e5a4 Mon Sep 17 00:00:00 2001
From: Gareth Rees <gareth@mysociety.org>
Date: Wed, 1 Oct 2014 13:00:01 +0100
Subject: Fix unvalidated redirects

---
 app/controllers/track_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers/track_controller.rb')

diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 83700a55b..144f4d55a 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -214,7 +214,7 @@ class TrackController < ApplicationController
             track_thing.destroy
         end
 
-        redirect_to params[:r]
+        redirect_to URI.parse(params[:r]).path
     end
 
 
-- 
cgit v1.2.3