diff options
author | cash <cash.costello@gmail.com> | 2011-11-10 21:24:47 -0500 |
---|---|---|
committer | cash <cash.costello@gmail.com> | 2011-11-10 21:24:47 -0500 |
commit | 8cf115081e7a168eb3f3c74b279dac7f4e258287 (patch) | |
tree | e9a9ed6ac76722bcb6059d1a93e8aa98799a1c41 /js/lib/security.js | |
parent | 2d43e8efdfa4e8281450e683e392091fe4dadf06 (diff) | |
download | elgg-8cf115081e7a168eb3f3c74b279dac7f4e258287.tar.gz elgg-8cf115081e7a168eb3f3c74b279dac7f4e258287.tar.bz2 |
Fixes #4010 not sending naked query strings into add ajax tokens and also fixed a few related bugs in JavaScript
Diffstat (limited to 'js/lib/security.js')
-rw-r--r-- | js/lib/security.js | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/js/lib/security.js b/js/lib/security.js index 726c6b767..61aa1cfcd 100644 --- a/js/lib/security.js +++ b/js/lib/security.js @@ -60,7 +60,7 @@ elgg.security.refreshToken = function() { /** - * Add elgg action tokens to an object, URL, or query string. + * Add elgg action tokens to an object, URL, or query string (with a ?). * * @param {Object|string} data * @return {Object} The new data object including action tokens @@ -75,17 +75,17 @@ elgg.security.addToken = function(data) { args = {}, base = ''; - if (parts['host'] == data) { - if (data.indexOf('=') > -1) { + if (parts['host'] == undefined) { + if (data.indexOf('?') === 0) { // query string - args = elgg.parse_str(data); - } else { - // relative URL - base = data + '?'; + base = '?'; + args = elgg.parse_str(parts['query']); } } else { - // a URL - if (typeof parts['query'] != 'undefined') { + // full or relative URL + + if (parts['query'] != undefined) { + // with query string args = elgg.parse_str(parts['query']); } var split = data.split('?'); |