diff options
Diffstat (limited to 'system/helpers/form_helper.php')
| -rwxr-xr-x[-rw-r--r--] | system/helpers/form_helper.php | 94 |
1 files changed, 59 insertions, 35 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 31b36efd0..758056b50 100644..100755 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -2,11 +2,11 @@ /** * CodeIgniter * - * An open source application development framework for PHP 4.3.2 or newer + * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -37,7 +37,7 @@ * @param array a key/value pair of attributes * @param array a key/value pair hidden data * @return string - */ + */ if ( ! function_exists('form_open')) { function form_open($action = '', $attributes = '', $hidden = array()) @@ -52,14 +52,20 @@ if ( ! function_exists('form_open')) $action = ( strpos($action, '://') === FALSE) ? $CI->config->site_url($action) : $action; $form = '<form action="'.$action.'"'; - + $form .= _attributes_to_string($attributes, TRUE); - + $form .= '>'; + // CSRF + if ($CI->config->item('csrf_protection') === TRUE) + { + $hidden[$CI->security->csrf_token_name] = $CI->security->csrf_hash; + } + if (is_array($hidden) AND count($hidden) > 0) { - $form .= form_hidden($hidden); + $form .= sprintf("\n<div class=\"hidden\">%s</div>", form_hidden($hidden)); } return $form; @@ -83,7 +89,15 @@ if ( ! function_exists('form_open_multipart')) { function form_open_multipart($action, $attributes = array(), $hidden = array()) { - $attributes['enctype'] = 'multipart/form-data'; + if (is_string($attributes)) + { + $attributes .= ' enctype="multipart/form-data"'; + } + else + { + $attributes['enctype'] = 'multipart/form-data'; + } + return form_open($action, $attributes, $hidden); } } @@ -129,7 +143,7 @@ if ( ! function_exists('form_hidden')) { foreach ($value as $k => $v) { - $k = (is_int($k)) ? '' : $k; + $k = (is_int($k)) ? '' : $k; form_hidden($name.'['.$k.']', $v, TRUE); } } @@ -236,10 +250,10 @@ if ( ! function_exists('form_textarea')) } else { - $val = $data['value']; + $val = $data['value']; unset($data['value']); // textareas don't use the value attribute } - + $name = (is_array($data)) ? $data['name'] : $data; return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val, $name)."</textarea>"; } @@ -257,7 +271,7 @@ if ( ! function_exists('form_textarea')) * @param string * @return type */ -if (! function_exists('form_multiselect')) +if ( ! function_exists('form_multiselect')) { function form_multiselect($name = '', $options = array(), $selected = array(), $extra = '') { @@ -265,7 +279,7 @@ if (! function_exists('form_multiselect')) { $extra .= ' multiple="multiple"'; } - + return form_dropdown($name, $options, $selected, $extra); } } @@ -311,7 +325,7 @@ if ( ! function_exists('form_dropdown')) { $key = (string) $key; - if (is_array($val)) + if (is_array($val) && ! empty($val)) { $form .= '<optgroup label="'.$key.'">'."\n"; @@ -400,7 +414,7 @@ if ( ! function_exists('form_radio')) function form_radio($data = '', $value = '', $checked = FALSE, $extra = '') { if ( ! is_array($data)) - { + { $data = array('name' => $data); } @@ -421,7 +435,7 @@ if ( ! function_exists('form_radio')) * @return string */ if ( ! function_exists('form_submit')) -{ +{ function form_submit($data = '', $value = '', $extra = '') { $defaults = array('type' => 'submit', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => $value); @@ -498,7 +512,7 @@ if ( ! function_exists('form_label')) if ($id != '') { - $label .= " for=\"$id\""; + $label .= " for=\"$id\""; } if (is_array($attributes) AND count($attributes) > 0) @@ -596,7 +610,7 @@ if ( ! function_exists('form_prep')) function form_prep($str = '', $field_name = '') { static $prepped_fields = array(); - + // if the field name is an array we do this recursively if (is_array($str)) { @@ -621,7 +635,7 @@ if ( ! function_exists('form_prep')) { return $str; } - + $str = htmlspecialchars($str); // In case htmlspecialchars misses these. @@ -629,9 +643,9 @@ if ( ! function_exists('form_prep')) if ($field_name != '') { - $prepped_fields[$field_name] = $str; + $prepped_fields[$field_name] = $field_name; } - + return $str; } } @@ -743,7 +757,7 @@ if ( ! function_exists('set_checkbox')) $OBJ =& _get_validation_object(); if ($OBJ === FALSE) - { + { if ( ! isset($_POST[$field])) { if (count($_POST) === 0 AND $default == TRUE) @@ -754,7 +768,7 @@ if ( ! function_exists('set_checkbox')) } $field = $_POST[$field]; - + if (is_array($field)) { if ( ! in_array($value, $field)) @@ -809,7 +823,7 @@ if ( ! function_exists('set_radio')) } $field = $_POST[$field]; - + if (is_array($field)) { if ( ! in_array($value, $field)) @@ -919,7 +933,7 @@ if ( ! function_exists('_parse_form_attributes')) } $att = ''; - + foreach ($default as $key => $val) { if ($key == 'value') @@ -957,9 +971,14 @@ if ( ! function_exists('_attributes_to_string')) $attributes .= ' method="post"'; } + if ($formtag == TRUE AND strpos($attributes, 'accept-charset=') === FALSE) + { + $attributes .= ' accept-charset="'.strtolower(config_item('charset')).'"'; + } + return ' '.$attributes; } - + if (is_object($attributes) AND count($attributes) > 0) { $attributes = (array)$attributes; @@ -967,19 +986,24 @@ if ( ! function_exists('_attributes_to_string')) if (is_array($attributes) AND count($attributes) > 0) { - $atts = ''; + $atts = ''; - if ( ! isset($attributes['method']) AND $formtag === TRUE) - { - $atts .= ' method="post"'; - } + if ( ! isset($attributes['method']) AND $formtag === TRUE) + { + $atts .= ' method="post"'; + } - foreach ($attributes as $key => $val) - { - $atts .= ' '.$key.'="'.$val.'"'; - } + if ( ! isset($attributes['accept-charset']) AND $formtag === TRUE) + { + $atts .= ' accept-charset="'.strtolower(config_item('charset')).'"'; + } + + foreach ($attributes as $key => $val) + { + $atts .= ' '.$key.'="'.$val.'"'; + } - return $atts; + return $atts; } } } |