Sanitise parameters used in URL generation

[rails.git] / app / views / geocoder / search.html.erb

diff --git a/app/views/geocoder/search.html.erb b/app/views/geocoder/search.html.erb
index ac655147a9a4f367df4f18fc1d0f3ed59fc0f395..21484d4c072a76dd48dbff8340cd93e29658647b 100644 (file)
--- a/app/views/geocoder/search.html.erb
+++ b/app/views/geocoder/search.html.erb
@@ -4,7 +4,7 @@
 </h2>
 <% @sources.each do |source| %>
   <h4 class="inner12"><%= raw(t "geocoder.search.title.#{source}") %></h4>
-  <div class="search_results_entry" data-href="<%= url_for params.merge(:action => "search_#{source}") %>">
+  <div class="search_results_entry" data-href="<%= url_for @params.merge(:action => "search_#{source}") %>">
     <%= image_tag "searching.gif", :class => "loader" %>
   </div>
 <% end %>