summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2013-07-26 17:16:26 +0200
committerAndrey Andreev <narf@devilix.net>2013-07-26 17:16:26 +0200
commit122ca9bd8b055eaabee2ec54f476749107533565 (patch)
treeacf7e4d35526a3c0e96c3a644b74fcb6d108fb6b /system
parent53fd68860df9ce813a9c07e4dfd34fbb96dffbb1 (diff)
Fix #2560
Diffstat (limited to 'system')
-rw-r--r--system/helpers/form_helper.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index bc14df221..7f4276bc7 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -54,10 +54,18 @@ if ( ! function_exists('form_open'))
{
$CI =& get_instance();
- if ($attributes === '')
+ if (empty($attributes))
{
$attributes = 'method="post"';
}
+ elseif (is_array($attributes) && ! isset($attributes['method']))
+ {
+ $attributes['method'] = 'post';
+ }
+ elseif (stripos($attributes, 'method=') === FALSE)
+ {
+ $attributes .= ' method="post"';
+ }
// If an action is not a full URL then turn it into one
if ($action && strpos($action, '://') === FALSE)
@@ -73,7 +81,7 @@ if ( ! function_exists('form_open'))
$form = '<form action="'.$action.'"'._attributes_to_string($attributes, TRUE).">\n";
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE && ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"')))
+ if ($CI->config->item('csrf_protection') === TRUE && ! (strpos($action, $CI->config->base_url()) === FALSE OR stripos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}