diff options
| author | mo <mo.khan@gmail.com> | 2017-09-23 09:26:21 -0600 |
|---|---|---|
| committer | mo <mo.khan@gmail.com> | 2017-09-23 09:26:21 -0600 |
| commit | 96d66bcdb7bad43c3ec08349d2d978aec307ec90 (patch) | |
| tree | 910a6684c99ec39b54594b6523861404b10945a2 /app/views | |
| parent | afc870216e5eb02c1c73ed018d21ec2d027db041 (diff) | |
fix params injection issue.
Diffstat (limited to 'app/views')
| -rw-r--r-- | app/views/cakes/index.html.erb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/app/views/cakes/index.html.erb b/app/views/cakes/index.html.erb index 0977b9e4..20a1c775 100644 --- a/app/views/cakes/index.html.erb +++ b/app/views/cakes/index.html.erb @@ -18,12 +18,12 @@ <div class="row"> <div class="col"> <nav class="nav nav-pills nav-fill"> - <%= link_to "All", url_for(params.merge(category: nil)), class: "nav-item nav-link #{"active" if params["category"].blank?}" %> + <%= link_to "All", cakes_path(sort: params[:sort]), class: "nav-item nav-link #{"active" if params["category"].blank?}" %> <% @categories.each do |category| %> - <%= link_to category.name.pluralize, url_for(params.merge(category: category.slug)), class: "nav-item nav-link #{"active" if params["category"] == category.slug}" %> + <%= link_to category.name.pluralize, cakes_path(category: category.slug, sort: params[:sort]), class: "nav-item nav-link #{"active" if params["category"] == category.slug}" %> <% end %> - <%= link_to "Newest", url_for(params.merge(sort: "newest")), class: "nav-item nav-link #{"active" if "newest" == params["sort"]}" %> - <%= link_to "Oldest", url_for(params.merge(sort: "oldest")), class: "nav-item nav-link #{"active" if "oldest" == params["sort"]}" %> + <%= link_to "Newest", cakes_path(category: params[:category], sort: "newest"), class: "nav-item nav-link #{"active" if "newest" == params["sort"]}" %> + <%= link_to "Oldest", cakes_path(category: params[:category], sort: "oldest"), class: "nav-item nav-link #{"active" if "oldest" == params["sort"]}" %> </nav> </div> </div> |