From be5e5eaaac3844c19a804347676cdc58f959827a Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Fri, 14 Oct 2011 23:36:31 -0700
Subject: Fixes #3927. elgg.security.addToken() works for URLs without query
 strings.

---
 js/lib/security.js | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'js')

diff --git a/js/lib/security.js b/js/lib/security.js
index 486347b88..d14ddff95 100644
--- a/js/lib/security.js
+++ b/js/lib/security.js
@@ -70,14 +70,22 @@ elgg.security.addToken = function(data) {
 
 	// 'http://example.com?data=sofar'
 	if (elgg.isString(data)) {
-		var args = [];
-		if (data) {
-			args.push(data);
+		var args = {},
+			base = '';
+
+		// check for query strings
+		if (data.indexOf('?') != -1) {
+			var split = data.split('?');
+			base = split[0];
+			args = elgg.parse_str(split[1]);
+		} else {
+			base = data;
 		}
-		args.push("__elgg_ts=" + elgg.security.token.__elgg_ts);
-		args.push("__elgg_token=" + elgg.security.token.__elgg_token);
+		
+		args["__elgg_ts"] = elgg.security.token.__elgg_ts;
+		args["__elgg_token"] = elgg.security.token.__elgg_token;
 
-		return args.join('&');
+		return base + '?' + jQuery.param(args);
 	}
 
 	// no input!  acts like a getter
-- 
cgit v1.2.3