replace unprotected redirects

publiclab · Jun 7, 2019 · 528ec09 · 528ec09
1 parent daac614
commit 528ec09
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
@@ -28,7 +28,7 @@ def update
     @comment = Comment.find params[:id]
     if logged_in? && current_user.can_edit?(@comment)
       @comment.update_attributes(comment_params)
-      redirect_to "/maps/#{@comment.map.slug}"
+      redirect_to  @comment.map
     else
       flash[:error] = 'You do not have permissions to update that comment.'
       redirect_to '/login'
@@ -44,7 +44,7 @@ def destroy
     else
       flash[:error] = 'You do not have permission to delete that comment.'
     end
-    redirect_to "/maps/#{@comment.map.slug}"
+    redirect_to  @comment.map
   end
 
   private

diff --git a/app/controllers/maps_controller.rb b/app/controllers/maps_controller.rb
@@ -36,15 +36,15 @@ def create
       @map = current_user.maps.new(map_params)
       @map.author = current_user.login # eventually deprecate
       if @map.save
-        redirect_to "/maps/#{@map.slug}"
+        redirect_to @map
       else
         render 'new'
       end
     else
       @map = Map.new(map_params)
       if Rails.env != 'production' || verify_recaptcha(model: @map, message: "ReCAPTCHA thinks you're not human! Try again!")
         if @map.save
-          redirect_to "/maps/#{@map.slug}"
+          redirect_to @map
         else
           render 'new'
         end
@@ -108,7 +108,7 @@ def destroy
       redirect_to '/'
     else
       flash[:error] = 'Only admins or map owners may delete maps.'
-      redirect_to "/maps/#{@map.slug}"
+      redirect_to @map
     end
   end