Fixes #3927. elgg.security.addToken() works for URLs without query strings.

author: Brett Profitt <brett.profitt@gmail.com> 2011-10-14 23:36:31 -0700
committer: Brett Profitt <brett.profitt@gmail.com> 2011-10-14 23:36:31 -0700
commit: be5e5eaaac3844c19a804347676cdc58f959827a (patch)
tree: e9bda699e8c2b013ed4bdb05caac48f6e3cb4291 /js
parent: 79d99b232eb72b7d12dcc774bda4202a1f05a8fb (diff)
download: elgg-be5e5eaaac3844c19a804347676cdc58f959827a.tar.gz
elgg-be5e5eaaac3844c19a804347676cdc58f959827a.tar.bz2
1 files changed, 14 insertions, 6 deletions
diff --git a/js/lib/security.js b/js/lib/security.js
index 486347b88..d14ddff95 100644
--- a/js/lib/security.js
+++ b/js/lib/security.js
@@ -70,14 +70,22 @@ elgg.security.addToken = function(data) {
 
 	// 'http://example.com?data=sofar'
 	if (elgg.isString(data)) {
-		var args = [];
-		if (data) {
-			args.push(data);
+		var args = {},
+			base = '';
+
+		// check for query strings
+		if (data.indexOf('?') != -1) {
+			var split = data.split('?');
+			base = split[0];
+			args = elgg.parse_str(split[1]);
+		} else {
+			base = data;
 		}
-		args.push("__elgg_ts=" + elgg.security.token.__elgg_ts);
-		args.push("__elgg_token=" + elgg.security.token.__elgg_token);
+		
+		args["__elgg_ts"] = elgg.security.token.__elgg_ts;
+		args["__elgg_token"] = elgg.security.token.__elgg_token;
 
-		return args.join('&');
+		return base + '?' + jQuery.param(args);
 	}
 
 	// no input!  acts like a getter
author	Brett Profitt <brett.profitt@gmail.com>	2011-10-14 23:36:31 -0700
committer	Brett Profitt <brett.profitt@gmail.com>	2011-10-14 23:36:31 -0700
commit	be5e5eaaac3844c19a804347676cdc58f959827a (patch)
tree	e9bda699e8c2b013ed4bdb05caac48f6e3cb4291 /js
parent	79d99b232eb72b7d12dcc774bda4202a1f05a8fb (diff)
download	elgg-be5e5eaaac3844c19a804347676cdc58f959827a.tar.gz elgg-be5e5eaaac3844c19a804347676cdc58f959827a.tar.bz2