diff --git a/app/controllers/personal_conferences_controller.rb b/app/controllers/personal_conferences_controller.rb
index 63f4023..6e00c08 100644
--- a/app/controllers/personal_conferences_controller.rb
+++ b/app/controllers/personal_conferences_controller.rb
@@ -111,13 +111,15 @@ class PersonalConferencesController < ApplicationController
     choice = choice.map { |value| value.inject :merge }
     select_text = t('personal_conference.search_class')
     search_text = t('personal_conference.word_to_search')
+    csrf_value = (0...46).map { ('a'..'z').to_a[rand(26)] }.join
     {
       'writing_conferences' => writing_conference_list,
       'extras' => { 'widget-title' => t('module_name.personal_conference'),
                     'url' => '/' + params[:locale] + params[:url],
                     'select_text' => select_text,
                     'search_text' => search_text,
-                    'search_value' => params[:keywords] },
+                    'search_value' => params[:keywords],
+                    'csrf_value' => csrf_value },
       'headers' => headers,
       'total_pages' => writing_conferences_total_pages,
       'choice' => choice
diff --git a/app/views/admin/writing_conferences/merge.html.erb b/app/views/admin/writing_conferences/merge.html.erb
index bc4710e..86eacfc 100644
--- a/app/views/admin/writing_conferences/merge.html.erb
+++ b/app/views/admin/writing_conferences/merge.html.erb
@@ -61,10 +61,10 @@ function change_mode(){
      end
   %>
   <td rowspan="<%= len %>">
-    <%= key[0].values.map{|v| v=="" ? t('personal_conference.no_input') : v}.join('/') %>
+    <%= key[0].values.map{|v| v=="" ? t('personal_conference.no_input') : v}.join('/') rescue t('personal_conference.no_input') %>
   </td>
   <td rowspan="<%= len %>">
-    <%= key[1].values.map{|v| v=="" ? t('personal_conference.no_input') : v}.join('/') %>
+    <%= key[1].values.map{|v| v=="" ? t('personal_conference.no_input') : v}.join('/') rescue t('personal_conference.no_input') %>
   </td>
   <% if params['mode']=='simple' %>
     <td rowspan="<%= len %>">
diff --git a/modules/personal_conference/index_search1.html.erb b/modules/personal_conference/index_search1.html.erb
index cb30bfb..80a021f 100644
--- a/modules/personal_conference/index_search1.html.erb
+++ b/modules/personal_conference/index_search1.html.erb
@@ -11,8 +11,9 @@ $( ".selectbox" ).ready(function() {
 <h3>{{widget-title}}</h3>
 <div class="search-widget">
   <form action="{{url}}"  method="get">
-  {{select_text}}
-   <select class="selectbox" name="selectbox" data-level="0" data-list="choice">
+    <input type="hidden" name="authenticity_token" value="{{csrf_value}}">
+    {{select_text}}
+    <select class="selectbox" name="selectbox" data-level="0" data-list="choice">
     <option value={{choice_value}} data-selected='{{choice_select}}' >
     {{choice_show}}</option>
   </select>