app/controllers/ahoy/messages_controller.rb in ahoy_email-0.4.0 vs app/controllers/ahoy/messages_controller.rb in ahoy_email-0.5.0

@@ -25,10 +25,10 @@
       signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha1"), AhoyEmail.secret_token, url)
       publish :click, url: params[:url]
       if secure_compare(params[:signature].to_s, signature)
         redirect_to url
       else
-        redirect_to main_app.root_url
+        redirect_to AhoyEmail.invalid_redirect_url || main_app.root_url
       end
     end
 
     protected