form.php 1.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. <?php
  2. /**
  3. * Create a form for data submission.
  4. * Use this view for forms as it provides protection against CSRF attacks.
  5. *
  6. * @package Elgg
  7. * @subpackage Core
  8. *
  9. * @uses $vars['body'] The body of the form (made up of other input/xxx views and html
  10. * @uses $vars['action'] The action URL of the form
  11. * @uses $vars['action_name'] The name of the action (for targeting particular forms while extending)
  12. * @uses $vars['method'] The submit method: post (default) or get
  13. * @uses $vars['enctype'] Set to 'multipart/form-data' if uploading a file
  14. * @uses $vars['disable_security'] turn off CSRF security by setting to true
  15. * @uses $vars['class'] Additional class for the form
  16. */
  17. $defaults = array(
  18. 'method' => 'post',
  19. 'disable_security' => FALSE,
  20. );
  21. $vars = array_merge($defaults, $vars);
  22. $vars['class'] = (array) elgg_extract('class', $vars, []);
  23. $vars['class'][] = 'elgg-form';
  24. $vars['action'] = elgg_normalize_url($vars['action']);
  25. $vars['method'] = strtolower($vars['method']);
  26. $body = $vars['body'];
  27. unset($vars['body']);
  28. // Generate a security header
  29. if (!$vars['disable_security']) {
  30. $body = elgg_view('input/securitytoken') . $body;
  31. }
  32. unset($vars['disable_security']);
  33. unset($vars['action_name']);
  34. echo elgg_format_element('form', $vars, "<fieldset>$body</fieldset>");