diff options
author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-02-21 00:38:27 +0000 |
---|---|---|
committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-02-21 00:38:27 +0000 |
commit | a3febfda7a1bc64ba247a241a2983643ae0b1b16 (patch) | |
tree | bccc25ce0dc7e06edd0f4f4a787133e66b6733da | |
parent | 4afa50233029dad99d07a2c3e408bf68bbb4fb4e (diff) | |
download | elgg-a3febfda7a1bc64ba247a241a2983643ae0b1b16.tar.gz elgg-a3febfda7a1bc64ba247a241a2983643ae0b1b16.tar.bz2 |
Fixes #2719. Removing hack from bookmarks add. Now appends http:// to www.example.com and validates that.
git-svn-id: http://code.elgg.org/elgg/trunk@8378 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | mod/bookmarks/actions/bookmarks/save.php | 15 | ||||
-rw-r--r-- | mod/messageboard/actions/add.php | 29 | ||||
-rw-r--r-- | mod/messageboard/views/default/messageboard/js.php | 4 |
3 files changed, 17 insertions, 31 deletions
diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php index 02280838d..2f4f7b685 100644 --- a/mod/bookmarks/actions/bookmarks/save.php +++ b/mod/bookmarks/actions/bookmarks/save.php @@ -18,17 +18,10 @@ $container_guid = get_input('container_guid', elgg_get_logged_in_user_guid()); elgg_make_sticky_form('bookmarks'); -$normalized = elgg_normalize_url($address); - -// slight hack. If the original link wasn't to this site, they probably didn't mean to post -// a relative link. deny the action. -$site_url = elgg_get_site_entity()->url; -$test = str_replace($site_url, '', $normalized); - -if (trim($address, '/') == trim($test, '/')) { - $address = ''; -} else { - $address = $normalized; +// don't use elgg_normalize_url() because we don't want +// relative links resolved to this site. +if ($address && !preg_match("#^((ht|f)tps?:)?//#i", $address)) { + $address = "http://$address"; } if (!$title || !$address || !filter_var($address, FILTER_VALIDATE_URL)) { diff --git a/mod/messageboard/actions/add.php b/mod/messageboard/actions/add.php index 55bc5775a..971dd22fc 100644 --- a/mod/messageboard/actions/add.php +++ b/mod/messageboard/actions/add.php @@ -15,24 +15,17 @@ if ($owner && !empty($message_content)) { if ($result) { system_message(elgg_echo("messageboard:posted")); - // push the newest content out if using ajax - $is_ajax = array_key_exists('HTTP_X_REQUESTED_WITH', $_SERVER) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'; - if ($is_ajax) { - // always return the entity with the full ul and li - // this is parsed out as needed by js. - // if this is the only post we need to return the entire ul - $options = array( - 'annotations_name' => 'messageboard', - 'guid' => $owner->getGUID(), - 'limit' => $num_display, - 'pagination' => false, - 'reverse_order_by' => true, - 'limit' => 1 - ); - - $output = elgg_list_annotations($options); - echo json_encode(array('post' => $output)); - } + $options = array( + 'annotations_name' => 'messageboard', + 'guid' => $owner->getGUID(), + 'limit' => $num_display, + 'pagination' => false, + 'reverse_order_by' => true, + 'limit' => 1 + ); + + $output = elgg_list_annotations($options); + echo $output; } else { register_error(elgg_echo("messageboard:failure")); diff --git a/mod/messageboard/views/default/messageboard/js.php b/mod/messageboard/views/default/messageboard/js.php index 0ec56d7d9..c63804408 100644 --- a/mod/messageboard/views/default/messageboard/js.php +++ b/mod/messageboard/views/default/messageboard/js.php @@ -23,9 +23,9 @@ elgg.messageboard.submit = function(e) { var ul = form.next('ul.elgg-annotation-list'); if (ul.length < 1) { - form.parent().append(json.output.post); + form.parent().append(json.output); } else { - ul.prepend($(json.output.post).find('li:first')); + ul.prepend($(json.output).find('li:first')); }; form.find('textarea').val(''); } |