diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2011-10-29 18:44:54 -0700 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2011-10-29 18:44:54 -0700 |
commit | 41842ae982bdea00f8b52a9d610837febe3230ec (patch) | |
tree | c6d4c45ce3568004198e9d0adc7197abe4810ce7 /js | |
parent | ef0d4ab9c2b037eb76c4f9af0a9220be1fdd72b4 (diff) | |
download | elgg-41842ae982bdea00f8b52a9d610837febe3230ec.tar.gz elgg-41842ae982bdea00f8b52a9d610837febe3230ec.tar.bz2 |
Fixes #4010, refs #3927. Fixed elgg.security.addToken() to work with query strings, relative URLs, and full URLs.
Diffstat (limited to 'js')
-rw-r--r-- | js/lib/elgglib.js | 2 | ||||
-rw-r--r-- | js/lib/security.js | 31 |
2 files changed, 21 insertions, 12 deletions
diff --git a/js/lib/elgglib.js b/js/lib/elgglib.js index 0f17eeced..628adccfc 100644 --- a/js/lib/elgglib.js +++ b/js/lib/elgglib.js @@ -357,7 +357,7 @@ elgg.forward = function(url) { * * @param {String} url The URL to parse * @param {Int} component A component to return - * @param {Bool} expand Expand the query into an object? Else it's a string. + * @param {Bool} expand Expand the query into an object? Else it's a string. * * @return {Object} The parsed URL */ diff --git a/js/lib/security.js b/js/lib/security.js index d14ddff95..726c6b767 100644 --- a/js/lib/security.js +++ b/js/lib/security.js @@ -60,7 +60,7 @@ elgg.security.refreshToken = function() { /** - * Add elgg action tokens to an object or string (assumed to be url data) + * Add elgg action tokens to an object, URL, or query string. * * @param {Object|string} data * @return {Object} The new data object including action tokens @@ -70,22 +70,31 @@ elgg.security.addToken = function(data) { // 'http://example.com?data=sofar' if (elgg.isString(data)) { - var args = {}, + // is this a full URL, relative URL, or just the query string? + var parts = elgg.parse_url(data), + args = {}, base = ''; - - // check for query strings - if (data.indexOf('?') != -1) { - var split = data.split('?'); - base = split[0]; - args = elgg.parse_str(split[1]); + + if (parts['host'] == data) { + if (data.indexOf('=') > -1) { + // query string + args = elgg.parse_str(data); + } else { + // relative URL + base = data + '?'; + } } else { - base = data; + // a URL + if (typeof parts['query'] != 'undefined') { + args = elgg.parse_str(parts['query']); + } + var split = data.split('?'); + base = split[0] + '?'; } - args["__elgg_ts"] = elgg.security.token.__elgg_ts; args["__elgg_token"] = elgg.security.token.__elgg_token; - return base + '?' + jQuery.param(args); + return base + jQuery.param(args); } // no input! acts like a getter |