Validate any origin passed the auth failure callback

[rails.git] / app / controllers / messages_controller.rb

diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index dea5c3b075eb41502c9185b4b96d02a3988b0b3c..a95e2e5878d6965f31f1ae7b425828c4721017fd 100644 (file)
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -26,7 +26,7 @@ class MessagesController < ApplicationController
     @message.sender = current_user
     @message.sent_on = Time.now.getutc
 
-    if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= Settings.max_messages_per_hour
+    if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= current_user.max_messages_per_hour
       flash.now[:error] = t ".limit_exceeded"
       render :action => "new"
     elsif @message.save
@@ -119,8 +119,10 @@ class MessagesController < ApplicationController
     if @message.save && !request.xhr?
       flash[:notice] = t ".destroyed"
 
-      if params[:referer]
-        redirect_to safe_referer(params[:referer])
+      referer = safe_referer(params[:referer]) if params[:referer]
+
+      if referer
+        redirect_to referer
       else
         redirect_to :action => :inbox
       end