From 090122a9fd74aba6074d5e1b52aa54d40a9985d1 Mon Sep 17 00:00:00 2001
From: Gareth Rees <gareth@mysociety.org>
Date: Wed, 1 Oct 2014 13:00:01 +0100
Subject: Fix unvalidated redirects

---
 app/controllers/track_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers/track_controller.rb')

diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 15da7f327..cd26af0bc 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -215,7 +215,7 @@ class TrackController < ApplicationController
         end
         flash[:notice] += "</ul>"
 
-        redirect_to params[:r]
+        redirect_to URI.parse(params[:r]).path
     end
 
 
-- 
cgit v1.2.3