blob: df30133b305395f5082a351bd8bdaa46810f79a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
<?php
/**
* Create a form for data submission.
* Use this view for forms as it provides protection against CSRF attacks.
*
* @package Elgg
* @subpackage Core
*
* @uses $vars['body'] The body of the form (made up of other input/xxx views and html
* @uses $vars['action'] The action URL of the form
* @uses $vars['method'] The submit method: post (default) or get
* @uses $vars['enctype'] Set to 'multipart/form-data' if uploading a file
* @uses $vars['disable_security'] turn off CSRF security by setting to true
* @uses $vars['class'] Additional class for the form
*/
$defaults = array(
'method' => "post",
'disable_security' => FALSE,
);
$vars = array_merge($defaults, $vars);
if (isset($vars['class'])) {
$vars['class'] = "elgg-form {$vars['class']}";
} else {
$vars['class'] = 'elgg-form';
}
$vars['action'] = elgg_normalize_url($vars['action']);
$vars['method'] = strtolower($vars['method']);
$body = $vars['body'];
unset($vars['body']);
// Generate a security header
if (!$vars['disable_security']) {
$body = elgg_view('input/securitytoken') . $body;
}
unset($vars['disable_security']);
$attributes = elgg_format_attributes($vars);
echo "<form $attributes><fieldset>$body</fieldset></form>";
|
