summaryrefslogtreecommitdiffstats
path: root/system/helpers/form_helper.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/helpers/form_helper.php')
-rw-r--r--system/helpers/form_helper.php1093
1 files changed, 547 insertions, 546 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 7e2c3a0ae..13f196318 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -1,19 +1,41 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP
*
- * @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
- * @license http://codeigniter.com/user_guide/license.html
- * @link http://codeigniter.com
- * @since Version 1.0
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package CodeIgniter
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
+ * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
+ * @license http://opensource.org/licenses/MIT MIT License
+ * @link https://codeigniter.com
+ * @since Version 1.0.0
* @filesource
*/
-
-// ------------------------------------------------------------------------
+defined('BASEPATH') OR exit('No direct script access allowed');
/**
* CodeIgniter Form Helpers
@@ -21,58 +43,94 @@
* @package CodeIgniter
* @subpackage Helpers
* @category Helpers
- * @author ExpressionEngine Dev Team
- * @link http://codeigniter.com/user_guide/helpers/form_helper.html
+ * @author EllisLab Dev Team
+ * @link https://codeigniter.com/user_guide/helpers/form_helper.html
*/
// ------------------------------------------------------------------------
-/**
- * Form Declaration
- *
- * Creates the opening portion of the form.
- *
- * @access public
- * @param string the URI segments of the form destination
- * @param array a key/value pair of attributes
- * @param array a key/value pair hidden data
- * @return string
- */
if ( ! function_exists('form_open'))
{
- function form_open($action = '', $attributes = '', $hidden = array())
+ /**
+ * Form Declaration
+ *
+ * Creates the opening portion of the form.
+ *
+ * @param string the URI segments of the form destination
+ * @param array a key/value pair of attributes
+ * @param array a key/value pair hidden data
+ * @return string
+ */
+ function form_open($action = '', $attributes = array(), $hidden = array())
{
$CI =& get_instance();
- if ($attributes == '')
+ // If no action is provided then set to the current url
+ if ( ! $action)
{
- $attributes = 'method="post"';
+ $action = $CI->config->site_url($CI->uri->uri_string());
}
-
// If an action is not a full URL then turn it into one
- if ($action && strpos($action, '://') === FALSE)
+ elseif (strpos($action, '://') === FALSE)
{
$action = $CI->config->site_url($action);
}
- // If no action is provided then set to the current url
- $action OR $action = $CI->config->site_url($CI->uri->uri_string());
+ $attributes = _attributes_to_string($attributes);
- $form = '<form action="'.$action.'"';
+ if (stripos($attributes, 'method=') === FALSE)
+ {
+ $attributes .= ' method="post"';
+ }
- $form .= _attributes_to_string($attributes, TRUE);
+ if (stripos($attributes, 'accept-charset=') === FALSE)
+ {
+ $attributes .= ' accept-charset="'.strtolower(config_item('charset')).'"';
+ }
- $form .= '>';
+ $form = '<form action="'.$action.'"'.$attributes.">\n";
- // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"')))
+ if (is_array($hidden))
{
- $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
+ foreach ($hidden as $name => $value)
+ {
+ $form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value).'" />'."\n";
+ }
}
- if (is_array($hidden) AND count($hidden) > 0)
+ // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
+ if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"'))
{
- $form .= sprintf("<div style=\"display:none\">%s</div>", form_hidden($hidden));
+ // Prepend/append random-length "white noise" around the CSRF
+ // token input, as a form of protection against BREACH attacks
+ if (FALSE !== ($noise = $CI->security->get_random_bytes(1)))
+ {
+ list(, $noise) = unpack('c', $noise);
+ }
+ else
+ {
+ $noise = mt_rand(-128, 127);
+ }
+
+ // Prepend if $noise has a negative value, append if positive, do nothing for zero
+ $prepend = $append = '';
+ if ($noise < 0)
+ {
+ $prepend = str_repeat(" ", abs($noise));
+ }
+ elseif ($noise > 0)
+ {
+ $append = str_repeat(" ", $noise);
+ }
+
+ $form .= sprintf(
+ '%s<input type="hidden" name="%s" value="%s" />%s%s',
+ $prepend,
+ $CI->security->get_csrf_token_name(),
+ $CI->security->get_csrf_hash(),
+ $append,
+ "\n"
+ );
}
return $form;
@@ -81,19 +139,18 @@ if ( ! function_exists('form_open'))
// ------------------------------------------------------------------------
-/**
- * Form Declaration - Multipart type
- *
- * Creates the opening portion of the form, but with "multipart/form-data".
- *
- * @access public
- * @param string the URI segments of the form destination
- * @param array a key/value pair of attributes
- * @param array a key/value pair hidden data
- * @return string
- */
if ( ! function_exists('form_open_multipart'))
{
+ /**
+ * Form Declaration - Multipart type
+ *
+ * Creates the opening portion of the form, but with "multipart/form-data".
+ *
+ * @param string the URI segments of the form destination
+ * @param array a key/value pair of attributes
+ * @param array a key/value pair hidden data
+ * @return string
+ */
function form_open_multipart($action = '', $attributes = array(), $hidden = array())
{
if (is_string($attributes))
@@ -111,19 +168,19 @@ if ( ! function_exists('form_open_multipart'))
// ------------------------------------------------------------------------
-/**
- * Hidden Input Field
- *
- * Generates hidden fields. You can pass a simple key/value string or an associative
- * array with multiple values.
- *
- * @access public
- * @param mixed
- * @param string
- * @return string
- */
if ( ! function_exists('form_hidden'))
{
+ /**
+ * Hidden Input Field
+ *
+ * Generates hidden fields. You can pass a simple key/value string or
+ * an associative array with multiple values.
+ *
+ * @param mixed $name Field name
+ * @param string $value Field value
+ * @param bool $recursing
+ * @return string
+ */
function form_hidden($name, $value = '', $recursing = FALSE)
{
static $form;
@@ -139,18 +196,19 @@ if ( ! function_exists('form_hidden'))
{
form_hidden($key, $val, TRUE);
}
+
return $form;
}
if ( ! is_array($value))
{
- $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name).'" />'."\n";
+ $form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value)."\" />\n";
}
else
{
foreach ($value as $k => $v)
{
- $k = (is_int($k)) ? '' : $k;
+ $k = is_int($k) ? '' : $k;
form_hidden($name.'['.$k.']', $v, TRUE);
}
}
@@ -161,47 +219,45 @@ if ( ! function_exists('form_hidden'))
// ------------------------------------------------------------------------
-/**
- * Text Input Field
- *
- * @access public
- * @param mixed
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_input'))
{
+ /**
+ * Text Input Field
+ *
+ * @param mixed
+ * @param string
+ * @param mixed
+ * @return string
+ */
function form_input($data = '', $value = '', $extra = '')
{
- $defaults = array('type' => 'text', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => $value);
+ $defaults = array(
+ 'type' => 'text',
+ 'name' => is_array($data) ? '' : $data,
+ 'value' => $value
+ );
- return "<input "._parse_form_attributes($data, $defaults).$extra." />";
+ return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
-/**
- * Password Field
- *
- * Identical to the input function but adds the "password" type
- *
- * @access public
- * @param mixed
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_password'))
{
+ /**
+ * Password Field
+ *
+ * Identical to the input function but adds the "password" type
+ *
+ * @param mixed
+ * @param string
+ * @param mixed
+ * @return string
+ */
function form_password($data = '', $value = '', $extra = '')
{
- if ( ! is_array($data))
- {
- $data = array('name' => $data);
- }
-
+ is_array($data) OR $data = array('name' => $data);
$data['type'] = 'password';
return form_input($data, $value, $extra);
}
@@ -209,47 +265,47 @@ if ( ! function_exists('form_password'))
// ------------------------------------------------------------------------
-/**
- * Upload Field
- *
- * Identical to the input function but adds the "file" type
- *
- * @access public
- * @param mixed
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_upload'))
{
+ /**
+ * Upload Field
+ *
+ * Identical to the input function but adds the "file" type
+ *
+ * @param mixed
+ * @param string
+ * @param mixed
+ * @return string
+ */
function form_upload($data = '', $value = '', $extra = '')
{
- if ( ! is_array($data))
- {
- $data = array('name' => $data);
- }
-
+ $defaults = array('type' => 'file', 'name' => '');
+ is_array($data) OR $data = array('name' => $data);
$data['type'] = 'file';
- return form_input($data, $value, $extra);
+
+ return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
-/**
- * Textarea field
- *
- * @access public
- * @param mixed
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_textarea'))
{
+ /**
+ * Textarea field
+ *
+ * @param mixed $data
+ * @param string $value
+ * @param mixed $extra
+ * @return string
+ */
function form_textarea($data = '', $value = '', $extra = '')
{
- $defaults = array('name' => (( ! is_array($data)) ? $data : ''), 'cols' => '40', 'rows' => '10');
+ $defaults = array(
+ 'name' => is_array($data) ? '' : $data,
+ 'cols' => '40',
+ 'rows' => '10'
+ );
if ( ! is_array($data) OR ! isset($data['value']))
{
@@ -261,28 +317,29 @@ if ( ! function_exists('form_textarea'))
unset($data['value']); // textareas don't use the value attribute
}
- $name = (is_array($data)) ? $data['name'] : $data;
- return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val, $name)."</textarea>";
+ return '<textarea '._parse_form_attributes($data, $defaults)._attributes_to_string($extra).'>'
+ .html_escape($val)
+ ."</textarea>\n";
}
}
// ------------------------------------------------------------------------
-/**
- * Multi-select menu
- *
- * @access public
- * @param string
- * @param array
- * @param mixed
- * @param string
- * @return type
- */
if ( ! function_exists('form_multiselect'))
{
+ /**
+ * Multi-select menu
+ *
+ * @param string
+ * @param array
+ * @param mixed
+ * @param mixed
+ * @return string
+ */
function form_multiselect($name = '', $options = array(), $selected = array(), $extra = '')
{
- if ( ! strpos($extra, 'multiple'))
+ $extra = _attributes_to_string($extra);
+ if (stripos($extra, 'multiple') === FALSE)
{
$extra .= ' multiple="multiple"';
}
@@ -293,91 +350,117 @@ if ( ! function_exists('form_multiselect'))
// --------------------------------------------------------------------
-/**
- * Drop-down Menu
- *
- * @access public
- * @param string
- * @param array
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_dropdown'))
{
- function form_dropdown($name = '', $options = array(), $selected = array(), $extra = '')
+ /**
+ * Drop-down Menu
+ *
+ * @param mixed $data
+ * @param mixed $options
+ * @param mixed $selected
+ * @param mixed $extra
+ * @return string
+ */
+ function form_dropdown($data = '', $options = array(), $selected = array(), $extra = '')
{
- if ( ! is_array($selected))
+ $defaults = array();
+
+ if (is_array($data))
{
- $selected = array($selected);
+ if (isset($data['selected']))
+ {
+ $selected = $data['selected'];
+ unset($data['selected']); // select tags don't have a selected attribute
+ }
+
+ if (isset($data['options']))
+ {
+ $options = $data['options'];
+ unset($data['options']); // select tags don't use an options attribute
+ }
}
+ else
+ {
+ $defaults = array('name' => $data);
+ }
+
+ is_array($selected) OR $selected = array($selected);
+ is_array($options) OR $options = array($options);
// If no selected state was submitted we will attempt to set it automatically
- if (count($selected) === 0)
+ if (empty($selected))
{
- // If the form name appears in the $_POST array we have a winner!
- if (isset($_POST[$name]))
+ if (is_array($data))
{
- $selected = array($_POST[$name]);
+ if (isset($data['name'], $_POST[$data['name']]))
+ {
+ $selected = array($_POST[$data['name']]);
+ }
+ }
+ elseif (isset($_POST[$data]))
+ {
+ $selected = array($_POST[$data]);
}
}
- if ($extra != '') $extra = ' '.$extra;
+ $extra = _attributes_to_string($extra);
- $multiple = (count($selected) > 1 && strpos($extra, 'multiple') === FALSE) ? ' multiple="multiple"' : '';
+ $multiple = (count($selected) > 1 && stripos($extra, 'multiple') === FALSE) ? ' multiple="multiple"' : '';
- $form = '<select name="'.$name.'"'.$extra.$multiple.">\n";
+ $form = '<select '.rtrim(_parse_form_attributes($data, $defaults)).$extra.$multiple.">\n";
foreach ($options as $key => $val)
{
$key = (string) $key;
- if (is_array($val) && ! empty($val))
+ if (is_array($val))
{
- $form .= '<optgroup label="'.$key.'">'."\n";
+ if (empty($val))
+ {
+ continue;
+ }
+
+ $form .= '<optgroup label="'.$key."\">\n";
foreach ($val as $optgroup_key => $optgroup_val)
{
- $sel = (in_array($optgroup_key, $selected)) ? ' selected="selected"' : '';
-
- $form .= '<option value="'.$optgroup_key.'"'.$sel.'>'.(string) $optgroup_val."</option>\n";
+ $sel = in_array($optgroup_key, $selected) ? ' selected="selected"' : '';
+ $form .= '<option value="'.html_escape($optgroup_key).'"'.$sel.'>'
+ .(string) $optgroup_val."</option>\n";
}
- $form .= '</optgroup>'."\n";
+ $form .= "</optgroup>\n";
}
else
{
- $sel = (in_array($key, $selected)) ? ' selected="selected"' : '';
-
- $form .= '<option value="'.$key.'"'.$sel.'>'.(string) $val."</option>\n";
+ $form .= '<option value="'.html_escape($key).'"'
+ .(in_array($key, $selected) ? ' selected="selected"' : '').'>'
+ .(string) $val."</option>\n";
}
}
- $form .= '</select>';
-
- return $form;
+ return $form."</select>\n";
}
}
// ------------------------------------------------------------------------
-/**
- * Checkbox Field
- *
- * @access public
- * @param mixed
- * @param string
- * @param bool
- * @param string
- * @return string
- */
if ( ! function_exists('form_checkbox'))
{
+ /**
+ * Checkbox Field
+ *
+ * @param mixed
+ * @param string
+ * @param bool
+ * @param mixed
+ * @return string
+ */
function form_checkbox($data = '', $value = '', $checked = FALSE, $extra = '')
{
- $defaults = array('type' => 'checkbox', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => $value);
+ $defaults = array('type' => 'checkbox', 'name' => ( ! is_array($data) ? $data : ''), 'value' => $value);
- if (is_array($data) AND array_key_exists('checked', $data))
+ if (is_array($data) && array_key_exists('checked', $data))
{
$checked = $data['checked'];
@@ -400,167 +483,159 @@ if ( ! function_exists('form_checkbox'))
unset($defaults['checked']);
}
- return "<input "._parse_form_attributes($data, $defaults).$extra." />";
+ return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
-/**
- * Radio Button
- *
- * @access public
- * @param mixed
- * @param string
- * @param bool
- * @param string
- * @return string
- */
if ( ! function_exists('form_radio'))
{
+ /**
+ * Radio Button
+ *
+ * @param mixed
+ * @param string
+ * @param bool
+ * @param mixed
+ * @return string
+ */
function form_radio($data = '', $value = '', $checked = FALSE, $extra = '')
{
- if ( ! is_array($data))
- {
- $data = array('name' => $data);
- }
-
+ is_array($data) OR $data = array('name' => $data);
$data['type'] = 'radio';
+
return form_checkbox($data, $value, $checked, $extra);
}
}
// ------------------------------------------------------------------------
-/**
- * Submit Button
- *
- * @access public
- * @param mixed
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_submit'))
{
+ /**
+ * Submit Button
+ *
+ * @param mixed
+ * @param string
+ * @param mixed
+ * @return string
+ */
function form_submit($data = '', $value = '', $extra = '')
{
- $defaults = array('type' => 'submit', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => $value);
+ $defaults = array(
+ 'type' => 'submit',
+ 'name' => is_array($data) ? '' : $data,
+ 'value' => $value
+ );
- return "<input "._parse_form_attributes($data, $defaults).$extra." />";
+ return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
-/**
- * Reset Button
- *
- * @access public
- * @param mixed
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_reset'))
{
+ /**
+ * Reset Button
+ *
+ * @param mixed
+ * @param string
+ * @param mixed
+ * @return string
+ */
function form_reset($data = '', $value = '', $extra = '')
{
- $defaults = array('type' => 'reset', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => $value);
+ $defaults = array(
+ 'type' => 'reset',
+ 'name' => is_array($data) ? '' : $data,
+ 'value' => $value
+ );
- return "<input "._parse_form_attributes($data, $defaults).$extra." />";
+ return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
-/**
- * Form Button
- *
- * @access public
- * @param mixed
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_button'))
{
+ /**
+ * Form Button
+ *
+ * @param mixed
+ * @param string
+ * @param mixed
+ * @return string
+ */
function form_button($data = '', $content = '', $extra = '')
{
- $defaults = array('name' => (( ! is_array($data)) ? $data : ''), 'type' => 'button');
+ $defaults = array(
+ 'name' => is_array($data) ? '' : $data,
+ 'type' => 'button'
+ );
- if ( is_array($data) AND isset($data['content']))
+ if (is_array($data) && isset($data['content']))
{
$content = $data['content'];
unset($data['content']); // content is not an attribute
}
- return "<button "._parse_form_attributes($data, $defaults).$extra.">".$content."</button>";
+ return '<button '._parse_form_attributes($data, $defaults)._attributes_to_string($extra).'>'
+ .$content
+ ."</button>\n";
}
}
// ------------------------------------------------------------------------
-/**
- * Form Label Tag
- *
- * @access public
- * @param string The text to appear onscreen
- * @param string The id the label applies to
- * @param string Additional attributes
- * @return string
- */
if ( ! function_exists('form_label'))
{
+ /**
+ * Form Label Tag
+ *
+ * @param string The text to appear onscreen
+ * @param string The id the label applies to
+ * @param mixed Additional attributes
+ * @return string
+ */
function form_label($label_text = '', $id = '', $attributes = array())
{
$label = '<label';
- if ($id != '')
+ if ($id !== '')
{
- $label .= " for=\"$id\"";
+ $label .= ' for="'.$id.'"';
}
- if (is_array($attributes) AND count($attributes) > 0)
- {
- foreach ($attributes as $key => $val)
- {
- $label .= ' '.$key.'="'.$val.'"';
- }
- }
-
- $label .= ">$label_text</label>";
+ $label .= _attributes_to_string($attributes);
- return $label;
+ return $label.'>'.$label_text.'</label>';
}
}
// ------------------------------------------------------------------------
-/**
- * Fieldset Tag
- *
- * Used to produce <fieldset><legend>text</legend>. To close fieldset
- * use form_fieldset_close()
- *
- * @access public
- * @param string The legend text
- * @param string Additional attributes
- * @return string
- */
+
if ( ! function_exists('form_fieldset'))
{
+ /**
+ * Fieldset Tag
+ *
+ * Used to produce <fieldset><legend>text</legend>. To close fieldset
+ * use form_fieldset_close()
+ *
+ * @param string The legend text
+ * @param array Additional attributes
+ * @return string
+ */
function form_fieldset($legend_text = '', $attributes = array())
{
- $fieldset = "<fieldset";
-
- $fieldset .= _attributes_to_string($attributes, FALSE);
-
- $fieldset .= ">\n";
-
- if ($legend_text != '')
+ $fieldset = '<fieldset'._attributes_to_string($attributes).">\n";
+ if ($legend_text !== '')
{
- $fieldset .= "<legend>$legend_text</legend>\n";
+ return $fieldset.'<legend>'.$legend_text."</legend>\n";
}
return $fieldset;
@@ -569,306 +644,250 @@ if ( ! function_exists('form_fieldset'))
// ------------------------------------------------------------------------
-/**
- * Fieldset Close Tag
- *
- * @access public
- * @param string
- * @return string
- */
if ( ! function_exists('form_fieldset_close'))
{
+ /**
+ * Fieldset Close Tag
+ *
+ * @param string
+ * @return string
+ */
function form_fieldset_close($extra = '')
{
- return "</fieldset>".$extra;
+ return '</fieldset>'.$extra;
}
}
// ------------------------------------------------------------------------
-/**
- * Form Close Tag
- *
- * @access public
- * @param string
- * @return string
- */
if ( ! function_exists('form_close'))
{
+ /**
+ * Form Close Tag
+ *
+ * @param string
+ * @return string
+ */
function form_close($extra = '')
{
- return "</form>".$extra;
+ return '</form>'.$extra;
}
}
// ------------------------------------------------------------------------
-/**
- * Form Prep
- *
- * Formats text so that it can be safely placed in a form field in the event it has HTML tags.
- *
- * @access public
- * @param string
- * @return string
- */
if ( ! function_exists('form_prep'))
{
- function form_prep($str = '', $field_name = '')
+ /**
+ * Form Prep
+ *
+ * Formats text so that it can be safely placed in a form field in the event it has HTML tags.
+ *
+ * @deprecated 3.0.0 An alias for html_escape()
+ * @param string|string[] $str Value to escape
+ * @return string|string[] Escaped values
+ */
+ function form_prep($str)
{
- static $prepped_fields = array();
-
- // if the field name is an array we do this recursively
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = form_prep($val);
- }
-
- return $str;
- }
-
- if ($str === '')
- {
- return '';
- }
-
- // we've already prepped a field with this name
- // @todo need to figure out a way to namespace this so
- // that we know the *exact* field and not just one with
- // the same name
- if (isset($prepped_fields[$field_name]))
- {
- return $str;
- }
-
- $str = htmlspecialchars($str);
-
- // In case htmlspecialchars misses these.
- $str = str_replace(array("'", '"'), array("&#39;", "&quot;"), $str);
-
- if ($field_name != '')
- {
- $prepped_fields[$field_name] = $field_name;
- }
-
- return $str;
+ return html_escape($str, TRUE);
}
}
// ------------------------------------------------------------------------
-/**
- * Form Value
- *
- * Grabs a value from the POST array for the specified field so you can
- * re-populate an input field or textarea. If Form Validation
- * is active it retrieves the info from the validation class
- *
- * @access public
- * @param string
- * @return mixed
- */
if ( ! function_exists('set_value'))
{
- function set_value($field = '', $default = '')
+ /**
+ * Form Value
+ *
+ * Grabs a value from the POST array for the specified field so you can
+ * re-populate an input field or textarea. If Form Validation
+ * is active it retrieves the info from the validation class
+ *
+ * @param string $field Field name
+ * @param string $default Default value
+ * @param bool $html_escape Whether to escape HTML special characters or not
+ * @return string
+ */
+ function set_value($field, $default = '', $html_escape = TRUE)
{
- if (FALSE === ($OBJ =& _get_validation_object()))
- {
- if ( ! isset($_POST[$field]))
- {
- return $default;
- }
+ $CI =& get_instance();
- return form_prep($_POST[$field], $field);
- }
+ $value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
+ ? $CI->form_validation->set_value($field, $default)
+ : $CI->input->post($field, FALSE);
- return form_prep($OBJ->set_value($field, $default), $field);
+ isset($value) OR $value = $default;
+ return ($html_escape) ? html_escape($value) : $value;
}
}
// ------------------------------------------------------------------------
-/**
- * Set Select
- *
- * Let's you set the selected value of a <select> menu via data in the POST array.
- * If Form Validation is active it retrieves the info from the validation class
- *
- * @access public
- * @param string
- * @param string
- * @param bool
- * @return string
- */
if ( ! function_exists('set_select'))
{
- function set_select($field = '', $value = '', $default = FALSE)
+ /**
+ * Set Select
+ *
+ * Let's you set the selected value of a <select> menu via data in the POST array.
+ * If Form Validation is active it retrieves the info from the validation class
+ *
+ * @param string
+ * @param string
+ * @param bool
+ * @return string
+ */
+ function set_select($field, $value = '', $default = FALSE)
{
- $OBJ =& _get_validation_object();
+ $CI =& get_instance();
- if ($OBJ === FALSE)
+ if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
- if ( ! isset($_POST[$field]))
- {
- if (count($_POST) === 0 AND $default == TRUE)
- {
- return ' selected="selected"';
- }
- return '';
- }
-
- $field = $_POST[$field];
+ return $CI->form_validation->set_select($field, $value, $default);
+ }
+ elseif (($input = $CI->input->post($field, FALSE)) === NULL)
+ {
+ return ($default === TRUE) ? ' selected="selected"' : '';
+ }
- if (is_array($field))
- {
- if ( ! in_array($value, $field))
- {
- return '';
- }
- }
- else
+ $value = (string) $value;
+ if (is_array($input))
+ {
+ // Note: in_array('', array(0)) returns TRUE, do not use it
+ foreach ($input as &$v)
{
- if (($field == '' OR $value == '') OR ($field != $value))
+ if ($value === $v)
{
- return '';
+ return ' selected="selected"';
}
}
- return ' selected="selected"';
+ return '';
}
- return $OBJ->set_select($field, $value, $default);
+ return ($input === $value) ? ' selected="selected"' : '';
}
}
// ------------------------------------------------------------------------
-/**
- * Set Checkbox
- *
- * Let's you set the selected value of a checkbox via the value in the POST array.
- * If Form Validation is active it retrieves the info from the validation class
- *
- * @access public
- * @param string
- * @param string
- * @param bool
- * @return string
- */
if ( ! function_exists('set_checkbox'))
{
- function set_checkbox($field = '', $value = '', $default = FALSE)
+ /**
+ * Set Checkbox
+ *
+ * Let's you set the selected value of a checkbox via the value in the POST array.
+ * If Form Validation is active it retrieves the info from the validation class
+ *
+ * @param string
+ * @param string
+ * @param bool
+ * @return string
+ */
+ function set_checkbox($field, $value = '', $default = FALSE)
{
- $OBJ =& _get_validation_object();
+ $CI =& get_instance();
- if ($OBJ === FALSE)
+ if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
- if ( ! isset($_POST[$field]))
- {
- if (count($_POST) === 0 AND $default == TRUE)
- {
- return ' checked="checked"';
- }
- return '';
- }
+ return $CI->form_validation->set_checkbox($field, $value, $default);
+ }
- $field = $_POST[$field];
+ // Form inputs are always strings ...
+ $value = (string) $value;
+ $input = $CI->input->post($field, FALSE);
- if (is_array($field))
- {
- if ( ! in_array($value, $field))
- {
- return '';
- }
- }
- else
+ if (is_array($input))
+ {
+ // Note: in_array('', array(0)) returns TRUE, do not use it
+ foreach ($input as &$v)
{
- if (($field == '' OR $value == '') OR ($field != $value))
+ if ($value === $v)
{
- return '';
+ return ' checked="checked"';
}
}
- return ' checked="checked"';
+ return '';
+ }
+
+ // Unchecked checkbox and radio inputs are not even submitted by browsers ...
+ if ($CI->input->method() === 'post')
+ {
+ return ($input === $value) ? ' checked="checked"' : '';
}
- return $OBJ->set_checkbox($field, $value, $default);
+ return ($default === TRUE) ? ' checked="checked"' : '';
}
}
// ------------------------------------------------------------------------
-/**
- * Set Radio
- *
- * Let's you set the selected value of a radio field via info in the POST array.
- * If Form Validation is active it retrieves the info from the validation class
- *
- * @access public
- * @param string
- * @param string
- * @param bool
- * @return string
- */
if ( ! function_exists('set_radio'))
{
- function set_radio($field = '', $value = '', $default = FALSE)
+ /**
+ * Set Radio
+ *
+ * Let's you set the selected value of a radio field via info in the POST array.
+ * If Form Validation is active it retrieves the info from the validation class
+ *
+ * @param string $field
+ * @param string $value
+ * @param bool $default
+ * @return string
+ */
+ function set_radio($field, $value = '', $default = FALSE)
{
- $OBJ =& _get_validation_object();
+ $CI =& get_instance();
- if ($OBJ === FALSE)
+ if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
- if ( ! isset($_POST[$field]))
- {
- if (count($_POST) === 0 AND $default == TRUE)
- {
- return ' checked="checked"';
- }
- return '';
- }
+ return $CI->form_validation->set_radio($field, $value, $default);
+ }
- $field = $_POST[$field];
+ // Form inputs are always strings ...
+ $value = (string) $value;
+ $input = $CI->input->post($field, FALSE);
- if (is_array($field))
- {
- if ( ! in_array($value, $field))
- {
- return '';
- }
- }
- else
+ if (is_array($input))
+ {
+ // Note: in_array('', array(0)) returns TRUE, do not use it
+ foreach ($input as &$v)
{
- if (($field == '' OR $value == '') OR ($field != $value))
+ if ($value === $v)
{
- return '';
+ return ' checked="checked"';
}
}
- return ' checked="checked"';
+ return '';
+ }
+
+ // Unchecked checkbox and radio inputs are not even submitted by browsers ...
+ if ($CI->input->method() === 'post')
+ {
+ return ($input === $value) ? ' checked="checked"' : '';
}
- return $OBJ->set_radio($field, $value, $default);
+ return ($default === TRUE) ? ' checked="checked"' : '';
}
}
// ------------------------------------------------------------------------
-/**
- * Form Error
- *
- * Returns the error for a specific form field. This is a helper for the
- * form validation class.
- *
- * @access public
- * @param string
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('form_error'))
{
+ /**
+ * Form Error
+ *
+ * Returns the error for a specific form field. This is a helper for the
+ * form validation class.
+ *
+ * @param string
+ * @param string
+ * @param string
+ * @return string
+ */
function form_error($field = '', $prefix = '', $suffix = '')
{
if (FALSE === ($OBJ =& _get_validation_object()))
@@ -882,19 +901,18 @@ if ( ! function_exists('form_error'))
// ------------------------------------------------------------------------
-/**
- * Validation Error String
- *
- * Returns all the errors associated with a form submission. This is a helper
- * function for the form validation class.
- *
- * @access public
- * @param string
- * @param string
- * @return string
- */
if ( ! function_exists('validation_errors'))
{
+ /**
+ * Validation Error String
+ *
+ * Returns all the errors associated with a form submission. This is a helper
+ * function for the form validation class.
+ *
+ * @param string
+ * @param string
+ * @return string
+ */
function validation_errors($prefix = '', $suffix = '')
{
if (FALSE === ($OBJ =& _get_validation_object()))
@@ -908,18 +926,17 @@ if ( ! function_exists('validation_errors'))
// ------------------------------------------------------------------------
-/**
- * Parse the form attributes
- *
- * Helper function used by some of the form helpers
- *
- * @access private
- * @param array
- * @param array
- * @return string
- */
if ( ! function_exists('_parse_form_attributes'))
{
+ /**
+ * Parse the form attributes
+ *
+ * Helper function used by some of the form helpers
+ *
+ * @param array $attributes List of attributes
+ * @param array $default Default values
+ * @return string
+ */
function _parse_form_attributes($attributes, $default)
{
if (is_array($attributes))
@@ -943,12 +960,16 @@ if ( ! function_exists('_parse_form_attributes'))
foreach ($default as $key => $val)
{
- if ($key == 'value')
+ if ($key === 'value')
{
- $val = form_prep($val, $default['name']);
+ $val = html_escape($val);
+ }
+ elseif ($key === 'name' && ! strlen($default['name']))
+ {
+ continue;
}
- $att .= $key . '="' . $val . '" ';
+ $att .= $key.'="'.$val.'" ';
}
return $att;
@@ -957,54 +978,32 @@ if ( ! function_exists('_parse_form_attributes'))
// ------------------------------------------------------------------------
-/**
- * Attributes To String
- *
- * Helper function used by some of the form helpers
- *
- * @access private
- * @param mixed
- * @param bool
- * @return string
- */
if ( ! function_exists('_attributes_to_string'))
{
- function _attributes_to_string($attributes, $formtag = FALSE)
+ /**
+ * Attributes To String
+ *
+ * Helper function used by some of the form helpers
+ *
+ * @param mixed
+ * @return string
+ */
+ function _attributes_to_string($attributes)
{
- if (is_string($attributes) AND strlen($attributes) > 0)
+ if (empty($attributes))
{
- if ($formtag == TRUE AND strpos($attributes, 'method=') === FALSE)
- {
- $attributes .= ' method="post"';
- }
-
- if ($formtag == TRUE AND strpos($attributes, 'accept-charset=') === FALSE)
- {
- $attributes .= ' accept-charset="'.strtolower(config_item('charset')).'"';
- }
-
- return ' '.$attributes;
+ return '';
}
- if (is_object($attributes) AND count($attributes) > 0)
+ if (is_object($attributes))
{
- $attributes = (array)$attributes;
+ $attributes = (array) $attributes;
}
- if (is_array($attributes) AND count($attributes) > 0)
+ if (is_array($attributes))
{
$atts = '';
- if ( ! isset($attributes['method']) AND $formtag === TRUE)
- {
- $atts .= ' method="post"';
- }
-
- if ( ! isset($attributes['accept-charset']) AND $formtag === TRUE)
- {
- $atts .= ' accept-charset="'.strtolower(config_item('charset')).'"';
- }
-
foreach ($attributes as $key => $val)
{
$atts .= ' '.$key.'="'.$val.'"';
@@ -1012,43 +1011,45 @@ if ( ! function_exists('_attributes_to_string'))
return $atts;
}
+
+ if (is_string($attributes))
+ {
+ return ' '.$attributes;
+ }
+
+ return FALSE;
}
}
// ------------------------------------------------------------------------
-/**
- * Validation Object
- *
- * Determines what the form validation class was instantiated as, fetches
- * the object and returns it.
- *
- * @access private
- * @return mixed
- */
if ( ! function_exists('_get_validation_object'))
{
+ /**
+ * Validation Object
+ *
+ * Determines what the form validation class was instantiated as, fetches
+ * the object and returns it.
+ *
+ * @return mixed
+ */
function &_get_validation_object()
{
$CI =& get_instance();
// We set this as a variable since we're returning by reference.
$return = FALSE;
-
- if (FALSE !== ($object = $CI->load->is_loaded('form_validation')))
+
+ if (FALSE !== ($object = $CI->load->is_loaded('Form_validation')))
{
if ( ! isset($CI->$object) OR ! is_object($CI->$object))
{
return $return;
}
-
+
return $CI->$object;
}
-
+
return $return;
}
}
-
-
-/* End of file form_helper.php */
-/* Location: ./system/helpers/form_helper.php */