]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/friendships_controller.rb
Merge remote-tracking branch 'upstream/pull/2781'
[rails.git] / app / controllers / friendships_controller.rb
index a983bec751442d36a31b26f79b8fca595ad024ea..75e53368d19f05b49a805a8dc46957e3f6e81b85 100644 (file)
@@ -27,7 +27,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end
@@ -50,7 +50,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end