summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/helpers/form_helper.php12
-rw-r--r--user_guide_src/source/changelog.rst1
2 files changed, 11 insertions, 2 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index bc14df221..7f4276bc7 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -54,10 +54,18 @@ if ( ! function_exists('form_open'))
{
$CI =& get_instance();
- if ($attributes === '')
+ if (empty($attributes))
{
$attributes = 'method="post"';
}
+ elseif (is_array($attributes) && ! isset($attributes['method']))
+ {
+ $attributes['method'] = 'post';
+ }
+ elseif (stripos($attributes, 'method=') === FALSE)
+ {
+ $attributes .= ' method="post"';
+ }
// If an action is not a full URL then turn it into one
if ($action && strpos($action, '://') === FALSE)
@@ -73,7 +81,7 @@ if ( ! function_exists('form_open'))
$form = '<form action="'.$action.'"'._attributes_to_string($attributes, TRUE).">\n";
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE && ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"')))
+ if ($CI->config->item('csrf_protection') === TRUE && ! (strpos($action, $CI->config->base_url()) === FALSE OR stripos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 08a8f0b38..5eda25e15 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -599,6 +599,7 @@ Bug fixes for 3.0
- Fixed a bug (#249) - :doc:`Cache Library <libraries/caching>` didn't properly handle Memcache(d) configurations with missing options.
- Fixed a bug (#180) - :php:func:`config_item()` didn't take into account run-time configuration changes.
- Fixed a bug (#2551) - :doc:`Loader Library <libraries/loader>` method ``library()`` didn't properly check if a class that is being loaded already exits.
+- Fixed a bug (#2560) - :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()` set the 'method="post"' attribute only if the passed attributes equaled an empty string.
Version 2.1.4
=============