Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

views/default/input/form.php (2 issues)

1
<?php
2
/**
3
 * Create a form for data submission.
4
 * Use this view for forms as it provides protection against CSRF attacks.
5
 *
6
 * @package Elgg
7
 * @subpackage Core
8
 *
9
 * @uses $vars['body'] The body of the form (made up of other input/xxx views and html
10
 * @uses $vars['action'] The action URL of the form
11
 * @uses $vars['action_name'] The name of the action (for targeting particular forms while extending)
12
 * @uses $vars['method'] The submit method: post (default) or get
13
 * @uses $vars['enctype'] Set to 'multipart/form-data' if uploading a file
14
 * @uses $vars['disable_security'] turn off CSRF security by setting to true
15
 * @uses $vars['class'] Additional class for the form
16
 * @uses $vars['ignore_empty_body'] Boolean (default true) to determine if an empty body should return continue
17
 */
18
19
$defaults = [
20
	'method' => 'post',
21
	'disable_security' => false,
22
];
23
24
$vars = array_merge($defaults, $vars);
25
26
$vars['class'] = elgg_extract_class($vars, 'elgg-form');
27
$vars['action'] = elgg_normalize_url($vars['action']);
0 ignored issues
show
It seems like $vars['action'] can also be of type string[]; however, parameter $url of elgg_normalize_url() does only seem to accept string, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

27
$vars['action'] = elgg_normalize_url(/** @scrutinizer ignore-type */ $vars['action']);
Loading history...
28
$vars['method'] = strtolower($vars['method']);
0 ignored issues
show
It seems like $vars['method'] can also be of type string[]; however, parameter $str of strtolower() does only seem to accept string, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

28
$vars['method'] = strtolower(/** @scrutinizer ignore-type */ $vars['method']);
Loading history...
29
30
$ignore_empty_body = (bool) elgg_extract('ignore_empty_body', $vars, true);
31
unset($vars['ignore_empty_body']);
32
33
$body = $vars['body'];
34
unset($vars['body']);
35
36
if (!$ignore_empty_body && empty($body)) {
37
	return;
38
}
39
40
// Generate a security header
41
if (!$vars['disable_security']) {
42
	$body = elgg_view('input/securitytoken') . $body;
43
}
44
unset($vars['disable_security']);
45
unset($vars['action_name']);
46
47
echo elgg_format_element('form', $vars, "<fieldset>$body</fieldset>");
48