aboutsummaryrefslogtreecommitdiff
path: root/views/default/input/form.php
diff options
context:
space:
mode:
Diffstat (limited to 'views/default/input/form.php')
-rw-r--r--views/default/input/form.php44
1 files changed, 44 insertions, 0 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php
new file mode 100644
index 000000000..df30133b3
--- /dev/null
+++ b/views/default/input/form.php
@@ -0,0 +1,44 @@
+<?php
+/**
+ * Create a form for data submission.
+ * Use this view for forms as it provides protection against CSRF attacks.
+ *
+ * @package Elgg
+ * @subpackage Core
+ *
+ * @uses $vars['body'] The body of the form (made up of other input/xxx views and html
+ * @uses $vars['action'] The action URL of the form
+ * @uses $vars['method'] The submit method: post (default) or get
+ * @uses $vars['enctype'] Set to 'multipart/form-data' if uploading a file
+ * @uses $vars['disable_security'] turn off CSRF security by setting to true
+ * @uses $vars['class'] Additional class for the form
+ */
+
+$defaults = array(
+ 'method' => "post",
+ 'disable_security' => FALSE,
+);
+
+$vars = array_merge($defaults, $vars);
+
+if (isset($vars['class'])) {
+ $vars['class'] = "elgg-form {$vars['class']}";
+} else {
+ $vars['class'] = 'elgg-form';
+}
+
+$vars['action'] = elgg_normalize_url($vars['action']);
+$vars['method'] = strtolower($vars['method']);
+
+$body = $vars['body'];
+unset($vars['body']);
+
+// Generate a security header
+if (!$vars['disable_security']) {
+ $body = elgg_view('input/securitytoken') . $body;
+}
+unset($vars['disable_security']);
+
+$attributes = elgg_format_attributes($vars);
+
+echo "<form $attributes><fieldset>$body</fieldset></form>";