Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High


Possible unprotected redirect



redirect_to(TopicLinkClick.create_from(track_params.merge(:ip => request.remote_ip)))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/clicks_controller.rb or mark it as false positive.