aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-06 09:50:41 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-06 09:50:41 +0000
commitefb6174544ef9349205dd3a4b43c6a220a428224 (patch)
tree4deddc8e95bf93fb6ecfca6830cf0ac2c82b937d
parentcc4277cd4771bb92b0d86ed5848289055352deec (diff)
downloadelgg-efb6174544ef9349205dd3a4b43c6a220a428224.tar.gz
elgg-efb6174544ef9349205dd3a4b43c6a220a428224.tar.bz2
Closes #208
git-svn-id: https://code.elgg.org/elgg/trunk@1725 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--views/default/input/form.php31
1 files changed, 31 insertions, 0 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php
new file mode 100644
index 000000000..1f15b046f
--- /dev/null
+++ b/views/default/input/form.php
@@ -0,0 +1,31 @@
+<?php
+ /**
+ * Create a form for data submission.
+ * Use this view for forms rather than creating a form tag in the wild as it provides
+ * extra security which help prevent CSRF attacks.
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Marcus Povey
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ *
+ * @uses $vars['body'] The body of the form (made up of other input/xxx views and html
+ * @uses $vars['method'] Method (default POST)
+ * @uses $vars['enctype'] How the form is encoded, default blank
+ * @uses $vars['action'] URL of the action being called
+ *
+ */
+
+$body = $vars['body'];
+$action = $vars['action'];
+$enctype = $vars['enctype'];
+$method = $vars['method']; if (!$method) $method = 'POST';
+
+// TODO: Token generation
+
+?>
+<form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>
+<?php echo $body; ?>
+</form> \ No newline at end of file