Redirect to referer after destroying an image

The same way we do for documents. This way we avoid a possible
unprotected redirect.

app/controllers/images_controller.rb

@@ -11,7 +11,7 @@ class ImagesController < ApplicationController
         else
           flash[:alert] = t "images.actions.destroy.alert"
         end
-        redirect_to params[:from]
+        redirect_to request.referer
       end
       format.js do
         if @image.destroy

app/views/budgets/investments/_investment_show.html.erb

@@ -26,7 +26,7 @@
           <div class="sidebar-divider"></div>
           <h2><%= t("budgets.investments.show.author") %></h2>
           <div class="show-actions-menu">
-            <%= link_to image_path(investment.image, from: request.url),
+            <%= link_to image_path(investment.image),
                         method: :delete,
                         class: "button hollow alert expanded" do %>
                 <span class="icon-image"></span>

spec/controllers/images_controller_spec.rb

@@ -0,0 +1,17 @@
+require "rails_helper"
+
+describe ImagesController do
+  let(:user) { create(:user) }
+  before { sign_in user }
+
+  describe "DELETE destroy" do
+    it "redirects to the referer URL" do
+      image = create(:image, imageable: create(:proposal, author: user))
+      request.env["HTTP_REFERER"] = "/proposals"
+
+      delete :destroy, params: { id: image, from: "http://evil.dev" }
+
+      expect(response).to redirect_to "/proposals"
+    end
+  end
+end