aboutsummaryrefslogtreecommitdiff
path: root/views/default/input/form.php
diff options
context:
space:
mode:
Diffstat (limited to 'views/default/input/form.php')
-rw-r--r--views/default/input/form.php39
1 files changed, 39 insertions, 0 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php
new file mode 100644
index 000000000..e6b4f299e
--- /dev/null
+++ b/views/default/input/form.php
@@ -0,0 +1,39 @@
+<?php
+/**
+ * Create a form for data submission.
+ * Use this view for forms rather than creating a form tag in the wild as it provides
+ * extra security which help prevent CSRF attacks.
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd
+ * @link http://elgg.org/
+ *
+ * @uses $vars['body'] The body of the form (made up of other input/xxx views and html
+ * @uses $vars['method'] Method (default POST)
+ * @uses $vars['enctype'] How the form is encoded, default blank
+ * @uses $vars['action'] URL of the action being called
+ * @uses $vars['disable_security'] Force the securitytokens not to be added to this form (@todo what's the point??)
+ *
+ */
+
+
+$defaults = array(
+ 'method' => 'POST',
+ 'body' => '',
+);
+
+$overrides = array(
+ 'tag' => 'form',
+);
+
+$disable_security = $vars['disable_security'];
+unset($vars['disable_security']);
+
+$args = array_merge($defaults, $vars, $overrides);
+
+if ($disable_security != TRUE) {
+ $args['body'] .= elgg_view('input/securitytoken');
+}
+
+echo elgg_view('html/tag', $args);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-12 19:52:51 +0000