From 6b6cb8e8f70b254d100ba494ea913d99be95fa7d Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Thu, 10 Nov 2011 21:24:47 -0500
Subject: Fixes #4010 not sending naked query strings into add ajax tokens and
 also fixed a few related bugs in JavaScript

---
 js/lib/security.js | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'js/lib/security.js')

diff --git a/js/lib/security.js b/js/lib/security.js
index 726c6b767..61aa1cfcd 100644
--- a/js/lib/security.js
+++ b/js/lib/security.js
@@ -60,7 +60,7 @@ elgg.security.refreshToken = function() {
 
 
 /**
- * Add elgg action tokens to an object, URL, or query string.
+ * Add elgg action tokens to an object, URL, or query string (with a ?).
  *
  * @param {Object|string} data
  * @return {Object} The new data object including action tokens
@@ -75,17 +75,17 @@ elgg.security.addToken = function(data) {
 			args = {},
 			base = '';
 		
-		if (parts['host'] == data) {
-			if (data.indexOf('=') > -1) {
+		if (parts['host'] == undefined) {
+			if (data.indexOf('?') === 0) {
 				// query string
-				args = elgg.parse_str(data);
-			} else {
-				// relative URL
-				base = data + '?';
+				base = '?';
+				args = elgg.parse_str(parts['query']);
 			}
 		} else {
-			// a URL
-			if (typeof parts['query'] != 'undefined') {
+			// full or relative URL
+
+			if (parts['query'] != undefined) {
+				// with query string
 				args = elgg.parse_str(parts['query']);
 			}
 			var split = data.split('?');
-- 
cgit v1.2.3