X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/3786366fdc691320c0a2c6982fe43a8e4b80bcc6..24f6aeda6a1b657d68a4e66f3a34d14ef408d652:/app/controllers/friendships_controller.rb

diff --git a/app/controllers/friendships_controller.rb b/app/controllers/friendships_controller.rb
index a983bec75..5cdb2a4e4 100644
--- a/app/controllers/friendships_controller.rb
+++ b/app/controllers/friendships_controller.rb
@@ -19,15 +19,17 @@ class FriendshipsController < ApplicationController
         friendship.befriendee = @new_friend
         if current_user.is_friends_with?(@new_friend)
           flash[:warning] = t "friendships.make_friend.already_a_friend", :name => @new_friend.display_name
+        elsif current_user.friendships.where("created_at >= ?", Time.now.getutc - 1.hour).count >= current_user.max_friends_per_hour
+          flash.now[:error] = t "friendships.make_friend.limit_exceeded"
         elsif friendship.save
           flash[:notice] = t "friendships.make_friend.success", :name => @new_friend.display_name
-          Notifier.friendship_notification(friendship).deliver_later
+          UserMailer.friendship_notification(friendship).deliver_later
         else
           friendship.add_error(t("friendships.make_friend.failed", :name => @new_friend.display_name))
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end
@@ -50,7 +52,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end