cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sanitise parameters used in URL generation

Browse source
This commit is contained in:
Tom Hughes 2017-06-04 19:57:27 +01:00
parent 03a9df9288
commit 339d8e46ff
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/geocoder_controller.rb
View file

@ -160,7 +160,9 @@ class GeocoderController < ApplicationController
@results = [] @results = []
# create parameter hash for "more results" link # create parameter hash for "more results" link
@more_params = params.merge(:exclude => more_url_params["exclude_place_ids"].first) @more_params = params
.permit(:query, :minlon, :minlat, :maxlon, :maxlat, :exclude)
.merge(:exclude => more_url_params["exclude_place_ids"].first)
# parse the response # parse the response
results.elements.each("place") do |place| results.elements.each("place") do |place|