security upadtes

sites/all/modules/views/js/ajax_view.js

@@ -60,6 +60,9 @@ Drupal.views.ajaxView = function(settings) {
   this.$exposed_form = $('#views-exposed-form-'+ settings.view_name.replace(/_/g, '-') + '-' + settings.view_display_id.replace(/_/g, '-'));
   this.$exposed_form.once(jQuery.proxy(this.attachExposedFormAjax, this));
 
+  // Store Drupal.ajax objects here for all pager links.
+  this.links = [];
+
   // Add the ajax to pagers.
   this.$view
     // Don't attach to nested views. Doing so would attach multiple behaviors
@@ -123,6 +126,7 @@ Drupal.views.ajaxView.prototype.attachPagerLinkAjax = function(id, link) {
 
   this.element_settings.submit = viewData;
   this.pagerAjax = new Drupal.ajax(false, $link, this.element_settings);
+  this.links.push(this.pagerAjax);
 };
 
 Drupal.ajax.prototype.commands.viewsScrollTop = function (ajax, response, status) {

sites/all/modules/views/js/base.js

@@ -64,6 +64,11 @@ Drupal.Views.parseQueryString = function (query) {
  * Helper function to return a view's arguments based on a path.
  */
 Drupal.Views.parseViewArgs = function (href, viewPath) {
+
+  // Provide language prefix.
+  if (Drupal.settings.pathPrefix) {
+    var viewPath = Drupal.settings.pathPrefix + viewPath;
+  }
   var returnObj = {};
   var path = Drupal.Views.getPath(href);
   // Ensure we have a correct path.
@@ -99,7 +104,7 @@ Drupal.Views.getPath = function (href) {
     href = href.substring(3, href.length);
   }
   var chars = ['#', '?', '&'];
-  for (i in chars) {
+  for (var i in chars) {
     if (href.indexOf(chars[i]) > -1) {
       href = href.substr(0, href.indexOf(chars[i]));
     }