diff --git a/app/controllers/redirect_controller.rb b/app/controllers/redirect_controller.rb
index cbbce9faa..4a3aeb7ad 100644
--- a/app/controllers/redirect_controller.rb
+++ b/app/controllers/redirect_controller.rb
@@ -1,9 +1,23 @@
 # Handle 301 redirects for pages that have changed location.
+# NOTE: Only valid relative urls will be redirected for security reasons
+#       /foo, yes
+#       http://anothersite.com, no, redirects to /
+#       //anothersite.com, no, redirects to /
 class RedirectController < ApplicationController
 
   def index
-    return redirect_to(params[:url], :status => 301) if params[:url]
-    redirect_to '/'
+    if params[:url] && is_relative_url?(params[:url])
+      return redirect_to(params[:url], :status => 301)
+    else
+      redirect_to '/'
+    end
   end
 
-end
\ No newline at end of file
+  def is_relative_url?(url)
+    uri = URI.parse(url)
+    !uri.host && uri.path && uri.path != ''
+  rescue URI::InvalidURIError
+    false
+  end
+
+end