diff options
author | cash <cash.costello@gmail.com> | 2011-11-10 21:24:47 -0500 |
---|---|---|
committer | cash <cash.costello@gmail.com> | 2011-11-10 21:24:47 -0500 |
commit | 8cf115081e7a168eb3f3c74b279dac7f4e258287 (patch) | |
tree | e9a9ed6ac76722bcb6059d1a93e8aa98799a1c41 /js/lib/ajax.js | |
parent | 2d43e8efdfa4e8281450e683e392091fe4dadf06 (diff) | |
download | elgg-8cf115081e7a168eb3f3c74b279dac7f4e258287.tar.gz elgg-8cf115081e7a168eb3f3c74b279dac7f4e258287.tar.bz2 |
Fixes #4010 not sending naked query strings into add ajax tokens and also fixed a few related bugs in JavaScript
Diffstat (limited to 'js/lib/ajax.js')
-rw-r--r-- | js/lib/ajax.js | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/js/lib/ajax.js b/js/lib/ajax.js index 6f6ae052f..b3f39cc42 100644 --- a/js/lib/ajax.js +++ b/js/lib/ajax.js @@ -187,7 +187,11 @@ elgg.action = function(action, options) { options = elgg.ajax.handleOptions(action, options); - options.data = elgg.security.addToken(options.data); + // This is a misuse of elgg.security.addToken() because it is not always a + // full query string with a ?. As such we need a special check for the tokens. + if (!elgg.isString(options.data) || options.data.indexOf('__elgg_ts') == -1) { + options.data = elgg.security.addToken(options.data); + } options.dataType = 'json'; //Always display system messages after actions |