<?php
+
/**
- * forms.php
- *
- * Copyright (c) 2004 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
+ * forms.php - html form functions
*
* Functions to build HTML forms in a safe and consistent manner.
- * All name, value attributes are htmlentitied.
+ * All attribute values are sanitized with htmlspecialchars().
+ *
+ * Currently functions don't provide simple wrappers for file and
+ * image input fields, support only submit and reset buttons and use
+ * html input tags for buttons.
+ *
+ * Since 1.5.1:
+ *
+ * * all form functions should support id tags. Original
+ * idea by dugan <at> passwall.com. Tags can be used for Section 508
+ * or WAI compliance.
+ *
+ * * input tag functions accept extra html attributes that can be submitted
+ * in $aAttribs array.
+ *
+ * * default css class attributes are added.
*
- * $Id$
+ * @link http://www.section508.gov/ Section 508
+ * @link http://www.w3.org/WAI/ Web Accessibility Initiative (WAI)
+ * @link http://www.w3.org/TR/html4/ W3.org HTML 4.01 form specs
+ * @copyright © 2004-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id$
* @package squirrelmail
+ * @subpackage forms
+ * @since 1.4.3 and 1.5.1
*/
/**
* Helper function to create form fields, not to be called directly,
* only by other functions below.
+ *
+ * Function used different syntax before 1.5.1
+ * @param string $sType type of input field. Possible values (html 4.01
+ * specs.): text, password, checkbox, radio, submit, reset, file,
+ * hidden, image, button.
+ * @param array $aAttribs (since 1.5.1) extra attributes. Array key is
+ * attribute name, array value is attribute value. Array keys must use
+ * lowercase.
+ * @return string html formated input field
+ * @deprecated use other functions that provide simple wrappers to this function
*/
-function addInputField($type, $name = null, $value = null, $attributes = '') {
- return '<input type="'.$type.'"'.
- ($name !== null ? ' name="'.htmlentities($name).'"' : '').
- ($value !== null ? ' value="'.htmlentities($value).'"' : '').
- $attributes . ">\n";
+function addInputField($sType, $aAttribs=array()) {
+ $sAttribs = '';
+ // define unique identifier
+ if (! isset($aAttribs['id']) && isset($aAttribs['name']) && ! is_null($aAttribs['name'])) {
+ /**
+ * if 'id' is not set, set it to 'name' and replace brackets
+ * with underscores. 'name' might contain field name with squire
+ * brackets (array). Brackets are not allowed in id (validator.w3.org
+ * fails to validate document). According to html 4.01 manual cdata
+ * type description, 'name' attribute uses same type, but validator.w3.org
+ * does not barf on brackets in 'name' attributes.
+ */
+ $aAttribs['id'] = strtr($aAttribs['name'],'[]','__');
+ }
+ // create attribute string (do we have to sanitize keys?)
+ foreach ($aAttribs as $key => $value) {
+ $sAttribs.= ' ' . $key . (! is_null($value) ? '="'.htmlspecialchars($value).'"':'');
+ }
+ return '<input type="'.$sType.'"'.$sAttribs." />\n";
}
/**
* Password input field
+ * @param string $sName field name
+ * @param string $sValue initial password value
+ * @param array $aAttribs (since 1.5.1) extra attributes
+ * @return string html formated password field
*/
-function addPwField($name , $value = null) {
- return addInputField('password', $name , $value);
+function addPwField($sName, $sValue = null, $aAttribs=array()) {
+ $aAttribs['name'] = $sName;
+ $aAttribs['value'] = (! is_null($sValue) ? $sValue : '');
+ // add default css
+ if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmpwfield';
+ return addInputField('password',$aAttribs);
}
-
/**
* Form checkbox
+ * @param string $sName field name
+ * @param boolean $bChecked controls if field is checked
+ * @param string $sValue
+ * @param array $aAttribs (since 1.5.1) extra attributes
+ * @return string html formated checkbox field
*/
-function addCheckBox($name, $checked = false, $value='') {
- return addInputField('checkbox', $name, $value,
- ($checked ? ' checked' : ''));
+function addCheckBox($sName, $bChecked = false, $sValue = null, $aAttribs=array()) {
+ $aAttribs['name'] = $sName;
+ if ($bChecked) $aAttribs['checked'] = 'checked';
+ if (! is_null($sValue)) $aAttribs['value'] = $sValue;
+ // add default css
+ if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmcheckbox';
+ return addInputField('checkbox',$aAttribs);
}
/**
* Form radio box
+ * @param string $sName field name
+ * @param boolean $bChecked controls if field is selected
+ * @param string $sValue
+ * @param array $aAttribs (since 1.5.1) extra attributes.
+ * @return string html formated radio box
*/
-function addRadioBox($name, $checked = false, $value='') {
- return addInputField('radio', $name, $value,
- ($checked ? ' checked' : ''));
+function addRadioBox($sName, $bChecked = false, $sValue = null, $aAttribs=array()) {
+ $aAttribs['name'] = $sName;
+ if ($bChecked) $aAttribs['checked'] = 'checked';
+ if (! is_null($sValue)) $aAttribs['value'] = $sValue;
+ if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName . $sValue;
+ // add default css
+ if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmradiobox';
+ return addInputField('radio', $aAttribs);
}
/**
* A hidden form field.
+ * @param string $sName field name
+ * @param string $sValue field value
+ * @param array $aAttribs (since 1.5.1) extra attributes
+ * @return html formated hidden form field
*/
-function addHidden($name, $value) {
- return addInputField('hidden', $name, $value);
+function addHidden($sName, $sValue, $aAttribs=array()) {
+ $aAttribs['name'] = $sName;
+ $aAttribs['value'] = $sValue;
+ // add default css
+ if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmhiddenfield';
+ return addInputField('hidden', $aAttribs);
}
/**
* An input textbox.
+ * @param string $sName field name
+ * @param string $sValue initial field value
+ * @param integer $iSize field size (number of characters)
+ * @param integer $iMaxlength maximum number of characters the user may enter
+ * @param array $aAttribs (since 1.5.1) extra attributes - should be given
+ * in the form array('attribute_name' => 'attribute_value', ...)
+ * @return string html formated text input field
*/
-function addInput($name, $value = '', $size = 0, $maxlength = 0) {
-
- $attr = '';
- if ($size) {
- $attr.= ' size="'.(int)$size.'"';
- }
- if ($maxlength) {
- $attr.= ' maxlength="'.(int)$maxlength .'"';
- }
-
- return addInputField('text', $name, $value, $attr);
+function addInput($sName, $sValue = '', $iSize = 0, $iMaxlength = 0, $aAttribs=array()) {
+ $aAttribs['name'] = $sName;
+ $aAttribs['value'] = $sValue;
+ if ($iSize) $aAttribs['size'] = (int)$iSize;
+ if ($iMaxlength) $aAttribs['maxlength'] = (int)$iMaxlength;
+ // add default css
+ if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmtextfield';
+ return addInputField('text', $aAttribs);
}
-
/**
* Function to create a selectlist from an array.
- * Usage:
- * name: html name attribute
- * values: array ( key => value ) -> <option value="key">value
- * default: the key that will be selected
- * usekeys: use the keys of the array as option value or not
+ * @param string $sName field name
+ * @param array $aValues field values array ( key => value ) -> <option value="key">value</option>
+ * @param mixed $default the key that will be selected
+ * @param boolean $bUsekeys use the keys of the array as option value or not
+ * @param array $aAttribs (since 1.5.1) extra attributes
+ * @return string html formated selection box
+ * @todo add attributes argument for option tags and default css
*/
-function addSelect($name, $values, $default = null, $usekeys = false)
-{
+function addSelect($sName, $aValues, $default = null, $bUsekeys = false, $aAttribs = array()) {
// only one element
- if(count($values) == 1) {
- $k = key($values); $v = array_pop($values);
- return addHidden($name, ($usekeys ? $k:$v)).
- htmlentities($v) . "\n";
+ if(count($aValues) == 1) {
+ $k = key($aValues); $v = array_pop($aValues);
+ return addHidden($sName, ($bUsekeys ? $k:$v), $aAttribs).
+ htmlspecialchars($v) . "\n";
+ }
+
+ if (isset($aAttribs['id'])) {
+ $label_open = '<label for="'.htmlspecialchars($aAttribs['id']).'">';
+ $label_close = '</label>';
+ } else {
+ $label_open = '';
+ $label_close = '';
+ }
+
+ // create attribute string for select tag
+ $sAttribs = '';
+ foreach ($aAttribs as $key => $value) {
+ $sAttribs.= ' ' . $key . (! is_null($value) ? '="'.htmlspecialchars($value).'"':'');
}
- $ret = '<select name="'.htmlentities($name) . "\">\n";
- foreach ($values as $k => $v) {
- if(!$usekeys) $k = $v;
+ $ret = '<select name="'.htmlspecialchars($sName) . '"' . $sAttribs . ">\n";
+ foreach ($aValues as $k => $v) {
+ if(!$bUsekeys) $k = $v;
$ret .= '<option value="' .
- htmlentities( $k ) . '"' .
- (($default == $k) ? ' selected':'') .
- '>' . htmlentities($v) ."</option>\n";
+ htmlspecialchars( $k ) . '"' .
+ (($default == $k) ? ' selected="selected"' : '') .
+ '>' . $label_open . htmlspecialchars($v) . $label_close ."</option>\n";
}
$ret .= "</select>\n";
/**
* Form submission button
* Note the switched value/name parameters!
+ * @param string $sValue button name
+ * @param string $sName submitted key name
+ * @param array $aAttribs (since 1.5.1) extra attributes
+ * @return string html formated submit input field
*/
-function addSubmit($value, $name = null) {
- return addInputField('submit', $name, $value);
+function addSubmit($sValue, $sName = null, $aAttribs=array()) {
+ $aAttribs['value'] = $sValue;
+ if (! is_null($sName)) $aAttribs['name'] = $sName;
+ // add default css
+ if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmsubmitfield';
+ return addInputField('submit', $aAttribs);
}
/**
- * Form reset button, $value = caption
+ * Form reset button
+ * @param string $sValue button name
+ * @param array $aAttribs (since 1.5.1) extra attributes
+ * @return string html formated reset input field
*/
-function addReset($value) {
- return addInputField('reset', null, $value);
+function addReset($sValue, $aAttribs=array()) {
+ $aAttribs['value'] = $sValue;
+ // add default css
+ if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmresetfield';
+ return addInputField('reset', $aAttribs);
}
/**
* Textarea form element.
+ * @param string $sName field name
+ * @param string $sText initial field value
+ * @param integer $iCols field width (number of chars)
+ * @param integer $iRows field height (number of character rows)
+ * @param array $aAttribs (since 1.5.1) extra attributes. function accepts string argument
+ * for backward compatibility.
+ * @return string html formated text area field
*/
-function addTextArea($name, $text = '', $cols = 40, $rows = 10, $attr = '') {
- return '<textarea name="'.htmlentities($name).'" '.
- 'rows="'.(int)$rows .'" cols="'.(int)$cols.'"'.
- $attr . '">'.htmlentities($text) ."</textarea>\n";
+function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs = array()) {
+ $label_open = '';
+ $label_close = '';
+ if (is_array($aAttribs)) {
+ // maybe id can default to name?
+ if (isset($aAttribs['id'])) {
+ $label_open = '<label for="'.htmlspecialchars($aAttribs['id']).'">';
+ $label_close = '</label>';
+ }
+ // add default css
+ if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmtextarea';
+ // create attribute string (do we have to sanitize keys?)
+ $sAttribs = '';
+ foreach ($aAttribs as $key => $value) {
+ $sAttribs.= ' ' . $key . (! is_null($value) ? '="'.htmlspecialchars($value).'"':'');
+ }
+ } elseif (is_string($aAttribs)) {
+ // backward compatibility mode. deprecated.
+ $sAttribs = ' ' . $aAttribs;
+ } else {
+ $sAttribs = '';
+ }
+ return '<textarea name="'.htmlspecialchars($sName).'" '.
+ 'rows="'.(int)$iRows .'" cols="'.(int)$iCols.'"'.
+ $sAttribs . '>'. $label_open . htmlspecialchars($sText) . $label_close ."</textarea>\n";
}
/**
* Make a <form> start-tag.
+ * @param string $sAction form handler URL
+ * @param string $sMethod http method used to submit form data. 'get' or 'post'
+ * @param string $sName form name used for identification (used for backward
+ * compatibility). Use of id is recommended.
+ * @param string $sEnctype content type that is used to submit data. html 4.01
+ * defaults to 'application/x-www-form-urlencoded'. Form with file field needs
+ * 'multipart/form-data' encoding type.
+ * @param string $sCharset charset that is used for submitted data
+ * @param array $aAttribs (since 1.5.1) extra attributes
+ * @return string html formated form start string
*/
-function addForm($action, $method = 'POST', $name = '', $enctype = '', $charset = '')
-{
- if($name) {
- $name = ' name="'.$name.'"';
+function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCharset = '', $aAttribs = array()) {
+ // id tags
+ if (! isset($aAttribs['id']) && ! empty($sName))
+ $aAttribs['id'] = $sName;
+
+ if($sName) {
+ $sName = ' name="'.$sName.'"';
}
- if($enctype) {
- $enctype = ' enctype="'.$enctype.'"';
+ if($sEnctype) {
+ $sEnctype = ' enctype="'.$sEnctype.'"';
}
- if($charset) {
- $charset = ' accept-charset="'.htmlspecialchars($charset).'"';
+ if($sCharset) {
+ $sCharset = ' accept-charset="'.htmlspecialchars($sCharset).'"';
}
- return '<form action="'. $action .'" method="'. $method .'"'.
- $enctype . $name . $charset . "\">\n";
-}
-
+ // create attribute string (do we have to sanitize keys?)
+ $sAttribs = '';
+ foreach ($aAttribs as $key => $value) {
+ $sAttribs.= ' ' . $key . (! is_null($value) ? '="'.htmlspecialchars($value).'"':'');
+ }
+ return '<form action="'. $sAction .'" method="'. $sMethod .'"'.
+ $sEnctype . $sName . $sCharset . $sAttribs . ">\n";
+}