Fixes #2719. Removing hack from bookmarks add. Now appends http:// to www.example.com and validates that.

git-svn-id: http://code.elgg.org/elgg/trunk@8378 36083f99-b078-4883-b0ff-0f9b5a30f544

3 files changed, 17 insertions, 31 deletions

diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php
index 02280838d..2f4f7b685 100644
--- a/mod/bookmarks/actions/bookmarks/save.php
+++ b/mod/bookmarks/actions/bookmarks/save.php
@@ -18,17 +18,10 @@ $container_guid = get_input('container_guid', elgg_get_logged_in_user_guid());
 
 elgg_make_sticky_form('bookmarks');
 
-$normalized = elgg_normalize_url($address);
-
-// slight hack.  If the original link wasn't to this site, they probably didn't mean to post
-// a relative link.  deny the action.
-$site_url = elgg_get_site_entity()->url;
-$test = str_replace($site_url, '', $normalized);
-
-if (trim($address, '/') == trim($test, '/')) {
-	$address = '';
-} else {
-	$address = $normalized;
+// don't use elgg_normalize_url() because we don't want
+// relative links resolved to this site.
+if ($address && !preg_match("#^((ht|f)tps?:)?//#i", $address)) {
+	$address = "http://$address";
 }
 
 if (!$title || !$address || !filter_var($address, FILTER_VALIDATE_URL)) {
diff --git a/mod/messageboard/actions/add.php b/mod/messageboard/actions/add.php
index 55bc5775a..971dd22fc 100644
--- a/mod/messageboard/actions/add.php
+++ b/mod/messageboard/actions/add.php
@@ -15,24 +15,17 @@ if ($owner && !empty($message_content)) {
 	if ($result) {
 		system_message(elgg_echo("messageboard:posted"));
 
-		// push the newest content out if using ajax
-		$is_ajax = array_key_exists('HTTP_X_REQUESTED_WITH', $_SERVER) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
-		if ($is_ajax) {
-			// always return the entity with the full ul and li
-			// this is parsed out as needed by js.
-			// if this is the only post we need to return the entire ul
-			$options = array(
-				'annotations_name' => 'messageboard',
-				'guid' => $owner->getGUID(),
-				'limit' => $num_display,
-				'pagination' => false,
-				'reverse_order_by' => true,
-				'limit' => 1
-			);
-
-			$output = elgg_list_annotations($options);
-			echo json_encode(array('post' => $output));
-		}
+		$options = array(
+			'annotations_name' => 'messageboard',
+			'guid' => $owner->getGUID(),
+			'limit' => $num_display,
+			'pagination' => false,
+			'reverse_order_by' => true,
+			'limit' => 1
+		);
+
+		$output = elgg_list_annotations($options);
+		echo $output;
 
 	} else {
 		register_error(elgg_echo("messageboard:failure"));
diff --git a/mod/messageboard/views/default/messageboard/js.php b/mod/messageboard/views/default/messageboard/js.php
index 0ec56d7d9..c63804408 100644
--- a/mod/messageboard/views/default/messageboard/js.php
+++ b/mod/messageboard/views/default/messageboard/js.php
@@ -23,9 +23,9 @@ elgg.messageboard.submit = function(e) {
 			var ul = form.next('ul.elgg-annotation-list');
 
 			if (ul.length < 1) {
-				form.parent().append(json.output.post);
+				form.parent().append(json.output);
 			} else {
-				ul.prepend($(json.output.post).find('li:first'));
+				ul.prepend($(json.output).find('li:first'));
 			};
 			form.find('textarea').val('');
 		}