1 | <?php |
||||
2 | /** |
||||
3 | * Create a form for data submission. |
||||
4 | * Use this view for forms as it provides protection against CSRF attacks. |
||||
5 | * |
||||
6 | * @package Elgg |
||||
7 | * @subpackage Core |
||||
8 | * |
||||
9 | * @uses $vars['body'] The body of the form (made up of other input/xxx views and html |
||||
10 | * @uses $vars['action'] The action URL of the form |
||||
11 | * @uses $vars['action_name'] The name of the action (for targeting particular forms while extending) |
||||
12 | * @uses $vars['method'] The submit method: post (default) or get |
||||
13 | * @uses $vars['enctype'] Set to 'multipart/form-data' if uploading a file |
||||
14 | * @uses $vars['disable_security'] turn off CSRF security by setting to true |
||||
15 | * @uses $vars['class'] Additional class for the form |
||||
16 | * @uses $vars['ignore_empty_body'] Boolean (default true) to determine if an empty body should return continue |
||||
17 | */ |
||||
18 | |||||
19 | $defaults = [ |
||||
20 | 'method' => 'post', |
||||
21 | 'disable_security' => false, |
||||
22 | ]; |
||||
23 | |||||
24 | $vars = array_merge($defaults, $vars); |
||||
25 | |||||
26 | $vars['class'] = elgg_extract_class($vars, 'elgg-form'); |
||||
27 | $vars['action'] = elgg_normalize_url($vars['action']); |
||||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||||
28 | $vars['method'] = strtolower($vars['method']); |
||||
0 ignored issues
–
show
It seems like
$vars['method'] can also be of type string[] ; however, parameter $str of strtolower() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
29 | |||||
30 | $ignore_empty_body = (bool) elgg_extract('ignore_empty_body', $vars, true); |
||||
31 | unset($vars['ignore_empty_body']); |
||||
32 | |||||
33 | $body = $vars['body']; |
||||
34 | unset($vars['body']); |
||||
35 | |||||
36 | if (!$ignore_empty_body && empty($body)) { |
||||
37 | return; |
||||
38 | } |
||||
39 | |||||
40 | // Generate a security header |
||||
41 | if (!$vars['disable_security']) { |
||||
42 | $body = elgg_view('input/securitytoken') . $body; |
||||
0 ignored issues
–
show
Are you sure
$body of type mixed|string|string[] can be used in concatenation ?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
43 | } |
||||
44 | unset($vars['disable_security']); |
||||
45 | unset($vars['action_name']); |
||||
46 | |||||
47 | echo elgg_format_element('form', $vars, "<fieldset>$body</fieldset>"); |
||||
48 |