diff options
Diffstat (limited to 'views/failsafe/input/button.php')
-rw-r--r-- | views/failsafe/input/button.php | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/views/failsafe/input/button.php b/views/failsafe/input/button.php new file mode 100644 index 000000000..9a72f38b0 --- /dev/null +++ b/views/failsafe/input/button.php @@ -0,0 +1,41 @@ +<?php + /** + * Create a input button + * Use this view for forms rather than creating a submit/reset button tag in the wild as it provides + * extra security which help prevent CSRF attacks. + * + * @package Elgg + * @subpackage Core + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Curverider Ltd + * @copyright Curverider Ltd 2008 + * @link http://elgg.org/ + * + * @uses $vars['value'] The current value, if any + * @uses $vars['js'] Any Javascript to enter into the input tag + * @uses $vars['internalname'] The name of the input field + * @uses $vars['type'] Submit or reset, defaults to submit. + * @uses $vars['src'] Src of an image + * + */ + + global $CONFIG; + + $class = $vars['class']; + if (!$class) $class = "submit_button"; + + if (isset($vars['type'])) { $type = strtolower($vars['type']); } else { $type = 'submit'; } + switch ($type) + { + case 'button' : $type='button'; break; + case 'reset' : $type='reset'; break; + case 'submit': + default: $type = 'submit'; + } + + $value = htmlentities($vars['value'], null, 'UTF-8'); + $name = $vars['internalname']; + $src = $vars['src']; + if (strpos($src,$CONFIG->wwwroot)===false) $src = ""; // blank src if trying to access an offsite image. +?> +<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php echo $value; ?>" src="<?php echo $src; ?>" class="<?php echo $class; ?>" />
\ No newline at end of file |