Fixes #3927. elgg.security.addToken() works for URLs without query strings.

author Brett Profitt <brett.profitt@gmail.com>

Sat, 15 Oct 2011 06:36:31 +0000 (23:36 -0700)

committer Brett Profitt <brett.profitt@gmail.com>

Sat, 15 Oct 2011 06:36:31 +0000 (23:36 -0700)
author Brett Profitt <brett.profitt@gmail.com>
Sat, 15 Oct 2011 06:36:31 +0000 (23:36 -0700)
committer Brett Profitt <brett.profitt@gmail.com>
Sat, 15 Oct 2011 06:36:31 +0000 (23:36 -0700)
diff --git a/js/lib/security.js b/js/lib/security.js

index 486347b88ec3d8821f8edac01d5f4cc81863a3e9..d14ddff95ac60297082b0208135d5e19628da61e 100644 (file)
--- a/js/lib/security.js
+++ b/js/lib/security.js
@@ -70,14 +70,22 @@ elgg.security.addToken = function(data) {
  
         // 'http://example.com?data=sofar'
         if (elgg.isString(data)) {
-               var args = [];
-               if (data) {
-                       args.push(data);
+               var args = {},
+                       base = '';
+
+               // check for query strings
+               if (data.indexOf('?') != -1) {
+                       var split = data.split('?');
+                       base = split[0];
+                       args = elgg.parse_str(split[1]);
+               } else {
+                       base = data;
                 }
-               args.push("__elgg_ts=" + elgg.security.token.__elgg_ts);
-               args.push("__elgg_token=" + elgg.security.token.__elgg_token);
+               
+               args["__elgg_ts"] = elgg.security.token.__elgg_ts;
+               args["__elgg_token"] = elgg.security.token.__elgg_token;
  
-               return args.join('&');
+               return base + '?' + jQuery.param(args);
         }
  
         // no input!  acts like a getter
author	Brett Profitt <brett.profitt@gmail.com>
	Sat, 15 Oct 2011 06:36:31 +0000 (23:36 -0700)
committer	Brett Profitt <brett.profitt@gmail.com>
	Sat, 15 Oct 2011 06:36:31 +0000 (23:36 -0700)