diff options
Diffstat (limited to 'system/helpers/form_helper.php')
| -rw-r--r-- | system/helpers/form_helper.php | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index a6dfdb2ba..47f93e748 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -64,8 +64,8 @@ if ( ! function_exists('form_open')) $form .= '>'; - // CSRF - if ($CI->config->item('csrf_protection') === TRUE) + // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites + if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } @@ -114,7 +114,7 @@ if ( ! function_exists('form_open_multipart')) /** * Hidden Input Field * - * Generates hidden fields. You can pass a simple key/value string or an associative + * Generates hidden fields. You can pass a simple key/value string or an associative * array with multiple values. * * @access public @@ -249,7 +249,7 @@ if ( ! function_exists('form_textarea')) { function form_textarea($data = '', $value = '', $extra = '') { - $defaults = array('name' => (( ! is_array($data)) ? $data : ''), 'cols' => '90', 'rows' => '12'); + $defaults = array('name' => (( ! is_array($data)) ? $data : ''), 'cols' => '40', 'rows' => '10'); if ( ! is_array($data) OR ! isset($data['value'])) { @@ -540,7 +540,7 @@ if ( ! function_exists('form_label')) /** * Fieldset Tag * - * Used to produce <fieldset><legend>text</legend>. To close fieldset + * Used to produce <fieldset><legend>text</legend>. To close fieldset * use form_fieldset_close() * * @access public @@ -663,7 +663,7 @@ if ( ! function_exists('form_prep')) * Form Value * * Grabs a value from the POST array for the specified field so you can - * re-populate an input field or textarea. If Form Validation + * re-populate an input field or textarea. If Form Validation * is active it retrieves the info from the validation class * * @access public @@ -858,7 +858,7 @@ if ( ! function_exists('set_radio')) /** * Form Error * - * Returns the error for a specific form field. This is a helper for the + * Returns the error for a specific form field. This is a helper for the * form validation class. * * @access public @@ -885,7 +885,7 @@ if ( ! function_exists('form_error')) /** * Validation Error String * - * Returns all the errors associated with a form submission. This is a helper + * Returns all the errors associated with a form submission. This is a helper * function for the form validation class. * * @access public @@ -1034,17 +1034,17 @@ if ( ! function_exists('_get_validation_object')) // We set this as a variable since we're returning by reference. $return = FALSE; - + if (FALSE !== ($object = $CI->load->is_loaded('form_validation'))) { if ( ! isset($CI->$object) OR ! is_object($CI->$object)) { return $return; } - + return $CI->$object; } - + return $return; } } |