summaryrefslogtreecommitdiffstats
path: root/system/helpers/form_helper.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/helpers/form_helper.php')
-rw-r--r--system/helpers/form_helper.php24
1 files changed, 12 insertions, 12 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index a6dfdb2ba..47f93e748 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -64,8 +64,8 @@ if ( ! function_exists('form_open'))
$form .= '>';
- // CSRF
- if ($CI->config->item('csrf_protection') === TRUE)
+ // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
+ if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}
@@ -114,7 +114,7 @@ if ( ! function_exists('form_open_multipart'))
/**
* Hidden Input Field
*
- * Generates hidden fields. You can pass a simple key/value string or an associative
+ * Generates hidden fields. You can pass a simple key/value string or an associative
* array with multiple values.
*
* @access public
@@ -249,7 +249,7 @@ if ( ! function_exists('form_textarea'))
{
function form_textarea($data = '', $value = '', $extra = '')
{
- $defaults = array('name' => (( ! is_array($data)) ? $data : ''), 'cols' => '90', 'rows' => '12');
+ $defaults = array('name' => (( ! is_array($data)) ? $data : ''), 'cols' => '40', 'rows' => '10');
if ( ! is_array($data) OR ! isset($data['value']))
{
@@ -540,7 +540,7 @@ if ( ! function_exists('form_label'))
/**
* Fieldset Tag
*
- * Used to produce <fieldset><legend>text</legend>. To close fieldset
+ * Used to produce <fieldset><legend>text</legend>. To close fieldset
* use form_fieldset_close()
*
* @access public
@@ -663,7 +663,7 @@ if ( ! function_exists('form_prep'))
* Form Value
*
* Grabs a value from the POST array for the specified field so you can
- * re-populate an input field or textarea. If Form Validation
+ * re-populate an input field or textarea. If Form Validation
* is active it retrieves the info from the validation class
*
* @access public
@@ -858,7 +858,7 @@ if ( ! function_exists('set_radio'))
/**
* Form Error
*
- * Returns the error for a specific form field. This is a helper for the
+ * Returns the error for a specific form field. This is a helper for the
* form validation class.
*
* @access public
@@ -885,7 +885,7 @@ if ( ! function_exists('form_error'))
/**
* Validation Error String
*
- * Returns all the errors associated with a form submission. This is a helper
+ * Returns all the errors associated with a form submission. This is a helper
* function for the form validation class.
*
* @access public
@@ -1034,17 +1034,17 @@ if ( ! function_exists('_get_validation_object'))
// We set this as a variable since we're returning by reference.
$return = FALSE;
-
+
if (FALSE !== ($object = $CI->load->is_loaded('form_validation')))
{
if ( ! isset($CI->$object) OR ! is_object($CI->$object))
{
return $return;
}
-
+
return $CI->$object;
}
-
+
return $return;
}
}