1 | <?php |
||
2 | /** |
||
3 | * Create a form for data submission. |
||
4 | * Use this view for forms as it provides protection against CSRF attacks. |
||
5 | * |
||
6 | * @package Elgg |
||
7 | * @subpackage Core |
||
8 | * |
||
9 | * @uses $vars['body'] The body of the form (made up of other input/xxx views and html |
||
10 | * @uses $vars['action'] The action URL of the form |
||
11 | * @uses $vars['action_name'] The name of the action (for targeting particular forms while extending) |
||
12 | * @uses $vars['method'] The submit method: post (default) or get |
||
13 | * @uses $vars['enctype'] Set to 'multipart/form-data' if uploading a file |
||
14 | * @uses $vars['disable_security'] turn off CSRF security by setting to true |
||
15 | * @uses $vars['class'] Additional class for the form |
||
16 | * @uses $vars['ignore_empty_body'] Boolean (default true) to determine if an empty body should return continue |
||
17 | */ |
||
18 | |||
19 | $defaults = [ |
||
20 | 'method' => 'post', |
||
21 | 'disable_security' => false, |
||
22 | ]; |
||
23 | |||
24 | $vars = array_merge($defaults, $vars); |
||
25 | |||
26 | $vars['class'] = elgg_extract_class($vars, 'elgg-form'); |
||
27 | $vars['action'] = elgg_normalize_url($vars['action']); |
||
28 | $vars['method'] = strtolower($vars['method']); |
||
29 | |||
30 | $ignore_empty_body = (bool) elgg_extract('ignore_empty_body', $vars, true); |
||
31 | unset($vars['ignore_empty_body']); |
||
32 | |||
33 | $body = $vars['body']; |
||
34 | unset($vars['body']); |
||
35 | |||
36 | if (!$ignore_empty_body && empty($body)) { |
||
37 | return; |
||
38 | } |
||
39 | |||
40 | // Generate a security header |
||
41 | if (!$vars['disable_security']) { |
||
42 | $body = elgg_view('input/securitytoken') . $body; |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
43 | } |
||
44 | unset($vars['disable_security']); |
||
45 | unset($vars['action_name']); |
||
46 | |||
47 | echo elgg_format_element('form', $vars, "<fieldset>$body</fieldset>"); |
||
48 |