aboutsummaryrefslogtreecommitdiff
path: root/js/lib/security.js
diff options
context:
space:
mode:
authorSem <sembrestels@riseup.net>2011-11-18 07:32:27 +0100
committerSem <sembrestels@riseup.net>2011-11-18 07:32:27 +0100
commite53d410129701ea1c9d19529afa493f11b5f5b70 (patch)
treed9963b24bf8932654b4a47e36602c75975e50dba /js/lib/security.js
parent377da25d2965c64941f83baae119fc970ec60982 (diff)
parent08a962c98e2923724f8013d6eaae89101243752a (diff)
downloadelgg-e53d410129701ea1c9d19529afa493f11b5f5b70.tar.gz
elgg-e53d410129701ea1c9d19529afa493f11b5f5b70.tar.bz2
Merge github.com:Elgg/Elgg
Conflicts: engine/lib/input.php
Diffstat (limited to 'js/lib/security.js')
-rw-r--r--js/lib/security.js31
1 files changed, 24 insertions, 7 deletions
diff --git a/js/lib/security.js b/js/lib/security.js
index 486347b88..61aa1cfcd 100644
--- a/js/lib/security.js
+++ b/js/lib/security.js
@@ -60,7 +60,7 @@ elgg.security.refreshToken = function() {
/**
- * Add elgg action tokens to an object or string (assumed to be url data)
+ * Add elgg action tokens to an object, URL, or query string (with a ?).
*
* @param {Object|string} data
* @return {Object} The new data object including action tokens
@@ -70,14 +70,31 @@ elgg.security.addToken = function(data) {
// 'http://example.com?data=sofar'
if (elgg.isString(data)) {
- var args = [];
- if (data) {
- args.push(data);
+ // is this a full URL, relative URL, or just the query string?
+ var parts = elgg.parse_url(data),
+ args = {},
+ base = '';
+
+ if (parts['host'] == undefined) {
+ if (data.indexOf('?') === 0) {
+ // query string
+ base = '?';
+ args = elgg.parse_str(parts['query']);
+ }
+ } else {
+ // full or relative URL
+
+ if (parts['query'] != undefined) {
+ // with query string
+ args = elgg.parse_str(parts['query']);
+ }
+ var split = data.split('?');
+ base = split[0] + '?';
}
- args.push("__elgg_ts=" + elgg.security.token.__elgg_ts);
- args.push("__elgg_token=" + elgg.security.token.__elgg_token);
+ args["__elgg_ts"] = elgg.security.token.__elgg_ts;
+ args["__elgg_token"] = elgg.security.token.__elgg_token;
- return args.join('&');
+ return base + jQuery.param(args);
}
// no input! acts like a getter