diff options
| -rw-r--r-- | actionpack/lib/action_controller/response.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb index 54a99996ef..b440065482 100644 --- a/actionpack/lib/action_controller/response.rb +++ b/actionpack/lib/action_controller/response.rb @@ -114,8 +114,8 @@ module ActionController # :nodoc: def redirect(url, status) self.status = status - self.location = url - self.body = "<html><body>You are being <a href=\"#{url}\">redirected</a>.</body></html>" + self.location = url.gsub(/[\r\n]/, '') + self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(url)}\">redirected</a>.</body></html>" end def sending_file? |