From 6b6cb8e8f70b254d100ba494ea913d99be95fa7d Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Thu, 10 Nov 2011 21:24:47 -0500
Subject: Fixes #4010 not sending naked query strings into add ajax tokens and
 also fixed a few related bugs in JavaScript

---
 js/lib/ajax.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'js/lib/ajax.js')

diff --git a/js/lib/ajax.js b/js/lib/ajax.js
index 6f6ae052f..b3f39cc42 100644
--- a/js/lib/ajax.js
+++ b/js/lib/ajax.js
@@ -187,7 +187,11 @@ elgg.action = function(action, options) {
 
 	options = elgg.ajax.handleOptions(action, options);
 
-	options.data = elgg.security.addToken(options.data);
+	// This is a misuse of elgg.security.addToken() because it is not always a
+	// full query string with a ?. As such we need a special check for the tokens.
+	if (!elgg.isString(options.data) || options.data.indexOf('__elgg_ts') == -1) {
+		options.data = elgg.security.addToken(options.data);
+	}
 	options.dataType = 'json';
 
 	//Always display system messages after actions
-- 
cgit v1.2.3