aboutsummaryrefslogtreecommitdiff
path: root/views/default/input/form.php
blob: aed7a17bb7ef00312600c14d73887f0dd791a536 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
/**
 * Create a form for data submission.
 * Use this view for forms rather than creating a form tag in the wild as it provides
 * extra security which help prevent CSRF attacks.
 *
 * @package Elgg
 * @subpackage Core
 *
 * @uses $vars['body'] The body of the form (made up of other input/xxx views and html
 * @uses $vars['method'] Method (default POST)
 * @uses $vars['enctype'] How the form is encoded, default blank
 * @uses $vars['action'] URL of the action being called
 * @uses $vars['js'] Any Javascript to enter into the form
 * @uses $vars['internalid'] id for the form for CSS/Javascript
 * @uses $vars['internalname'] name for the form for Javascript
 * @uses $vars['disable_security'] turn off CSRF security by setting to true
 */

if (isset($vars['internalid'])) {
	$id = $vars['internalid'];
} else {
	$id = '';
}

if (isset($vars['internalname'])) {
	$name = $vars['internalname'];
} else {
	$name = '';
}
$body = $vars['body'];
$action = elgg_normalize_url($vars['action']);
if (isset($vars['enctype'])) {
	$enctype = $vars['enctype'];
} else {
	$enctype = '';
}
if (isset($vars['method'])) {
	$method = $vars['method'];
} else {
	$method = 'POST';
}
if (isset($vars['class'])) {
	$class = $vars['class'];
} else {
	$class = '';
}

$method = strtolower($method);

// Generate a security header
$security_header = "";
if (!isset($vars['disable_security']) || $vars['disable_security'] != true) {
	$security_header = elgg_view('input/securitytoken');
}
?>
<form <?php if ($id) { ?>id="<?php echo $id; ?>" <?php } ?> <?php if ($name) { ?>name="<?php echo $name; ?>" <?php } ?> <?php echo $vars['js']; ?> action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?> class="<?php echo $class; ?>">
<fieldset>
<?php echo $security_header; ?>
<?php echo $body; ?>
</fieldset>
</form>