aboutsummaryrefslogtreecommitdiff
path: root/js/lib
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2011-10-29 18:44:54 -0700
committerBrett Profitt <brett.profitt@gmail.com>2011-10-29 18:44:54 -0700
commit41842ae982bdea00f8b52a9d610837febe3230ec (patch)
treec6d4c45ce3568004198e9d0adc7197abe4810ce7 /js/lib
parentef0d4ab9c2b037eb76c4f9af0a9220be1fdd72b4 (diff)
downloadelgg-41842ae982bdea00f8b52a9d610837febe3230ec.tar.gz
elgg-41842ae982bdea00f8b52a9d610837febe3230ec.tar.bz2
Fixes #4010, refs #3927. Fixed elgg.security.addToken() to work with query strings, relative URLs, and full URLs.
Diffstat (limited to 'js/lib')
-rw-r--r--js/lib/elgglib.js2
-rw-r--r--js/lib/security.js31
2 files changed, 21 insertions, 12 deletions
diff --git a/js/lib/elgglib.js b/js/lib/elgglib.js
index 0f17eeced..628adccfc 100644
--- a/js/lib/elgglib.js
+++ b/js/lib/elgglib.js
@@ -357,7 +357,7 @@ elgg.forward = function(url) {
*
* @param {String} url The URL to parse
* @param {Int} component A component to return
- * @param {Bool} expand Expand the query into an object? Else it's a string.
+ * @param {Bool} expand Expand the query into an object? Else it's a string.
*
* @return {Object} The parsed URL
*/
diff --git a/js/lib/security.js b/js/lib/security.js
index d14ddff95..726c6b767 100644
--- a/js/lib/security.js
+++ b/js/lib/security.js
@@ -60,7 +60,7 @@ elgg.security.refreshToken = function() {
/**
- * Add elgg action tokens to an object or string (assumed to be url data)
+ * Add elgg action tokens to an object, URL, or query string.
*
* @param {Object|string} data
* @return {Object} The new data object including action tokens
@@ -70,22 +70,31 @@ elgg.security.addToken = function(data) {
// 'http://example.com?data=sofar'
if (elgg.isString(data)) {
- var args = {},
+ // is this a full URL, relative URL, or just the query string?
+ var parts = elgg.parse_url(data),
+ args = {},
base = '';
-
- // check for query strings
- if (data.indexOf('?') != -1) {
- var split = data.split('?');
- base = split[0];
- args = elgg.parse_str(split[1]);
+
+ if (parts['host'] == data) {
+ if (data.indexOf('=') > -1) {
+ // query string
+ args = elgg.parse_str(data);
+ } else {
+ // relative URL
+ base = data + '?';
+ }
} else {
- base = data;
+ // a URL
+ if (typeof parts['query'] != 'undefined') {
+ args = elgg.parse_str(parts['query']);
+ }
+ var split = data.split('?');
+ base = split[0] + '?';
}
-
args["__elgg_ts"] = elgg.security.token.__elgg_ts;
args["__elgg_token"] = elgg.security.token.__elgg_token;
- return base + '?' + jQuery.param(args);
+ return base + jQuery.param(args);
}
// no input! acts like a getter