From 513122c48033c3be9c23dcda78c482f360268c90 Mon Sep 17 00:00:00 2001
From: Toks <tttoksss@gmail.com>
Date: Sun, 30 Jun 2013 11:17:19 -0400
Subject: [PATCH] restrict ToS url redirect to local urls; see #1813

---
 app/controllers/static_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index 031df4706..24029a9a1 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -4,7 +4,8 @@ class StaticController < ApplicationController
   
   def accept_terms_of_service
     cookies.permanent[:accepted_tos] = "1"
-    redirect_to(params[:url] || posts_path)
+    url = params[:url] if params[:url].start_with? '/'
+    redirect_to(url || posts_path)
   end
 
   def error