diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-06 09:50:41 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-06 09:50:41 +0000 |
commit | efb6174544ef9349205dd3a4b43c6a220a428224 (patch) | |
tree | 4deddc8e95bf93fb6ecfca6830cf0ac2c82b937d | |
parent | cc4277cd4771bb92b0d86ed5848289055352deec (diff) | |
download | elgg-efb6174544ef9349205dd3a4b43c6a220a428224.tar.gz elgg-efb6174544ef9349205dd3a4b43c6a220a428224.tar.bz2 |
Closes #208
git-svn-id: https://code.elgg.org/elgg/trunk@1725 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | views/default/input/form.php | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php new file mode 100644 index 000000000..1f15b046f --- /dev/null +++ b/views/default/input/form.php @@ -0,0 +1,31 @@ +<?php + /** + * Create a form for data submission. + * Use this view for forms rather than creating a form tag in the wild as it provides + * extra security which help prevent CSRF attacks. + * + * @package Elgg + * @subpackage Core + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Marcus Povey + * @copyright Curverider Ltd 2008 + * @link http://elgg.org/ + * + * @uses $vars['body'] The body of the form (made up of other input/xxx views and html + * @uses $vars['method'] Method (default POST) + * @uses $vars['enctype'] How the form is encoded, default blank + * @uses $vars['action'] URL of the action being called + * + */ + +$body = $vars['body']; +$action = $vars['action']; +$enctype = $vars['enctype']; +$method = $vars['method']; if (!$method) $method = 'POST'; + +// TODO: Token generation + +?> +<form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>> +<?php echo $body; ?> +</form>
\ No newline at end of file |