aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-02-21 00:38:27 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-02-21 00:38:27 +0000
commita3febfda7a1bc64ba247a241a2983643ae0b1b16 (patch)
treebccc25ce0dc7e06edd0f4f4a787133e66b6733da /mod
parent4afa50233029dad99d07a2c3e408bf68bbb4fb4e (diff)
downloadelgg-a3febfda7a1bc64ba247a241a2983643ae0b1b16.tar.gz
elgg-a3febfda7a1bc64ba247a241a2983643ae0b1b16.tar.bz2
Fixes #2719. Removing hack from bookmarks add. Now appends http:// to www.example.com and validates that.
git-svn-id: http://code.elgg.org/elgg/trunk@8378 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod')
-rw-r--r--mod/bookmarks/actions/bookmarks/save.php15
-rw-r--r--mod/messageboard/actions/add.php29
-rw-r--r--mod/messageboard/views/default/messageboard/js.php4
3 files changed, 17 insertions, 31 deletions
diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php
index 02280838d..2f4f7b685 100644
--- a/mod/bookmarks/actions/bookmarks/save.php
+++ b/mod/bookmarks/actions/bookmarks/save.php
@@ -18,17 +18,10 @@ $container_guid = get_input('container_guid', elgg_get_logged_in_user_guid());
elgg_make_sticky_form('bookmarks');
-$normalized = elgg_normalize_url($address);
-
-// slight hack. If the original link wasn't to this site, they probably didn't mean to post
-// a relative link. deny the action.
-$site_url = elgg_get_site_entity()->url;
-$test = str_replace($site_url, '', $normalized);
-
-if (trim($address, '/') == trim($test, '/')) {
- $address = '';
-} else {
- $address = $normalized;
+// don't use elgg_normalize_url() because we don't want
+// relative links resolved to this site.
+if ($address && !preg_match("#^((ht|f)tps?:)?//#i", $address)) {
+ $address = "http://$address";
}
if (!$title || !$address || !filter_var($address, FILTER_VALIDATE_URL)) {
diff --git a/mod/messageboard/actions/add.php b/mod/messageboard/actions/add.php
index 55bc5775a..971dd22fc 100644
--- a/mod/messageboard/actions/add.php
+++ b/mod/messageboard/actions/add.php
@@ -15,24 +15,17 @@ if ($owner && !empty($message_content)) {
if ($result) {
system_message(elgg_echo("messageboard:posted"));
- // push the newest content out if using ajax
- $is_ajax = array_key_exists('HTTP_X_REQUESTED_WITH', $_SERVER) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
- if ($is_ajax) {
- // always return the entity with the full ul and li
- // this is parsed out as needed by js.
- // if this is the only post we need to return the entire ul
- $options = array(
- 'annotations_name' => 'messageboard',
- 'guid' => $owner->getGUID(),
- 'limit' => $num_display,
- 'pagination' => false,
- 'reverse_order_by' => true,
- 'limit' => 1
- );
-
- $output = elgg_list_annotations($options);
- echo json_encode(array('post' => $output));
- }
+ $options = array(
+ 'annotations_name' => 'messageboard',
+ 'guid' => $owner->getGUID(),
+ 'limit' => $num_display,
+ 'pagination' => false,
+ 'reverse_order_by' => true,
+ 'limit' => 1
+ );
+
+ $output = elgg_list_annotations($options);
+ echo $output;
} else {
register_error(elgg_echo("messageboard:failure"));
diff --git a/mod/messageboard/views/default/messageboard/js.php b/mod/messageboard/views/default/messageboard/js.php
index 0ec56d7d9..c63804408 100644
--- a/mod/messageboard/views/default/messageboard/js.php
+++ b/mod/messageboard/views/default/messageboard/js.php
@@ -23,9 +23,9 @@ elgg.messageboard.submit = function(e) {
var ul = form.next('ul.elgg-annotation-list');
if (ul.length < 1) {
- form.parent().append(json.output.post);
+ form.parent().append(json.output);
} else {
- ul.prepend($(json.output.post).find('li:first'));
+ ul.prepend($(json.output).find('li:first'));
};
form.find('textarea').val('');
}