-<% mlon = params['mlon'] %>
-<% mlat = params['mlat'] %>
-<% lon = params['mlon'] %>
-<% lat = params['mlat'] %>
-<% zoom = params['zoom'] || '12' %>
-<script type="text/javascript">
- var mlat = <%= lat %>;
- var mlon = <%= lon %>;
-</script>
-<% elsif @user and params['lon'].nil? and params['lat'].nil? %>
+<% mlon = h(params['mlon']) %>
+<% mlat = h(params['mlat']) %>
+<% end %>
+
+<% if params['minlon'] and params['minlat'] and params['maxlon'] and params['maxlat'] %>
+<% bbox = true %>
+<% minlon = h(params['minlon']) %>
+<% minlat = h(params['minlat']) %>
+<% maxlon = h(params['maxlon']) %>
+<% maxlat = h(params['maxlat']) %>
+<% end %>
+
+<% if params['lon'] and params['lat'] %>
+<% lon = h(params['lon']) %>
+<% lat = h(params['lat']) %>
+<% zoom = h(params['zoom'] || '5') %>
+<% layers = h(params['layers']) %>
+<% elsif params['mlon'] and params['mlat'] %>
+<% lon = h(params['mlon']) %>
+<% lat = h(params['mlat']) %>
+<% zoom = h(params['zoom'] || '12') %>
+<% layers = h(params['layers']) %>
+<% elsif cookies.key?("_osm_location") %>
+<% lon,lat,zoom,layers = cookies["_osm_location"].split("|") %>
+<% elsif @user and !@user.home_lon.nil? and !@user.home_lat.nil? %>