X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/293fe68eff1923a00992e0a195ba025ab7bd9efa..c1c459734d96736d1f4a5a14ec2570bcfd2cf83d:/app/controllers/friendships_controller.rb

diff --git a/app/controllers/friendships_controller.rb b/app/controllers/friendships_controller.rb
index a983bec75..75e53368d 100644
--- a/app/controllers/friendships_controller.rb
+++ b/app/controllers/friendships_controller.rb
@@ -27,7 +27,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end
@@ -50,7 +50,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end