diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-15 14:56:27 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-15 14:56:27 +0000 |
commit | 3c01acacc0e8a4794f2b925bda80632334fb3ab4 (patch) | |
tree | 59c0b5e1ddb0162f3b48abe71b15c39d0f0b3ca2 /views/failsafe/input/hidden.php | |
parent | 5c236cb446b8c3344ed668096f37a136ab02ae0d (diff) | |
download | elgg-3c01acacc0e8a4794f2b925bda80632334fb3ab4.tar.gz elgg-3c01acacc0e8a4794f2b925bda80632334fb3ab4.tar.bz2 |
Closes #224: Install now using failsafe views. Please test from scratch (including blanking setup) and make sure it works for you!
git-svn-id: https://code.elgg.org/elgg/trunk@1940 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/failsafe/input/hidden.php')
-rw-r--r-- | views/failsafe/input/hidden.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/views/failsafe/input/hidden.php b/views/failsafe/input/hidden.php new file mode 100644 index 000000000..4ff9f31da --- /dev/null +++ b/views/failsafe/input/hidden.php @@ -0,0 +1,20 @@ +<?php + /** + * Create a hidden data field + * Use this view for forms rather than creating a hidden tag in the wild as it provides + * extra security which help prevent CSRF attacks. + * + * @package Elgg + * @subpackage Core + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Curverider Ltd + * @copyright Curverider Ltd 2008 + * @link http://elgg.org/ + * + * @uses $vars['value'] The current value, if any + * @uses $vars['js'] Any Javascript to enter into the input tag + * @uses $vars['internalname'] The name of the input field + * + */ +?> +<input type="hidden" <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo htmlentities($vars['value'], null, 'UTF-8'); ?>" />
\ No newline at end of file |