X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/86428201ddda4963855f01e768fb1e1813a7c86a..d4130bcac83015564f0326457f2bb67d1b5ebab6:/app/controllers/friendships_controller.rb

diff --git a/app/controllers/friendships_controller.rb b/app/controllers/friendships_controller.rb
index a983bec75..75e53368d 100644
--- a/app/controllers/friendships_controller.rb
+++ b/app/controllers/friendships_controller.rb
@@ -27,7 +27,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end
@@ -50,7 +50,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end