diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2014-03-15 14:46:48 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2014-03-15 14:46:48 -0300 |
commit | a89ba6df7133bc7f0b8ea96d4a5673887b267af4 (patch) | |
tree | e6850ce6c3f894b3867d172cbdea6cd75031ab26 /mod/cool_theme/views/default/input/form.php | |
parent | 0d860aca4fda73fce303dad41003e61f040acca8 (diff) | |
parent | 5041c6c48153453ed597206d08eeff37cf20e676 (diff) | |
download | elgg-a89ba6df7133bc7f0b8ea96d4a5673887b267af4.tar.gz elgg-a89ba6df7133bc7f0b8ea96d4a5673887b267af4.tar.bz2 |
Merge commit '5041c6c48153453ed597206d08eeff37cf20e676' as 'mod/cool_theme'
Diffstat (limited to 'mod/cool_theme/views/default/input/form.php')
-rw-r--r-- | mod/cool_theme/views/default/input/form.php | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/mod/cool_theme/views/default/input/form.php b/mod/cool_theme/views/default/input/form.php new file mode 100644 index 000000000..df30133b3 --- /dev/null +++ b/mod/cool_theme/views/default/input/form.php @@ -0,0 +1,44 @@ +<?php +/** + * Create a form for data submission. + * Use this view for forms as it provides protection against CSRF attacks. + * + * @package Elgg + * @subpackage Core + * + * @uses $vars['body'] The body of the form (made up of other input/xxx views and html + * @uses $vars['action'] The action URL of the form + * @uses $vars['method'] The submit method: post (default) or get + * @uses $vars['enctype'] Set to 'multipart/form-data' if uploading a file + * @uses $vars['disable_security'] turn off CSRF security by setting to true + * @uses $vars['class'] Additional class for the form + */ + +$defaults = array( + 'method' => "post", + 'disable_security' => FALSE, +); + +$vars = array_merge($defaults, $vars); + +if (isset($vars['class'])) { + $vars['class'] = "elgg-form {$vars['class']}"; +} else { + $vars['class'] = 'elgg-form'; +} + +$vars['action'] = elgg_normalize_url($vars['action']); +$vars['method'] = strtolower($vars['method']); + +$body = $vars['body']; +unset($vars['body']); + +// Generate a security header +if (!$vars['disable_security']) { + $body = elgg_view('input/securitytoken') . $body; +} +unset($vars['disable_security']); + +$attributes = elgg_format_attributes($vars); + +echo "<form $attributes><fieldset>$body</fieldset></form>"; |