X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fforms.php;h=4f5b1bf4709001392f32bcffab07b822e81e7ada;hb=d63648632c6ade800d7002aacb2d163a614b5b1d;hp=f35edc66e1215dd9a3cc5f290b3ef33b353b4ad2;hpb=87745b9cf4c1ea33c3788ab0c3a554e9574ec5d7;p=squirrelmail.git
diff --git a/functions/forms.php b/functions/forms.php
index f35edc66..4f5b1bf4 100644
--- a/functions/forms.php
+++ b/functions/forms.php
@@ -1,12 +1,11 @@
$value) {
- $sAttribs.= ' ' . $key . (! is_null($value) ? '="'.htmlspecialchars($value).'"':'');
- }
- return '\n";
+
+ global $oTemplate;
+
+ $oTemplate->assign('type', $sType);
+//FIXME: all the values in the $aAttribs list used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value);
+ $oTemplate->assign('aAttribs', $aAttribs);
+
+ return $oTemplate->fetch('input.tpl');
+
}
/**
@@ -147,7 +160,7 @@ function addInput($sName, $sValue = '', $iSize = 0, $iMaxlength = 0, $aAttribs=a
/**
* Function to create a selectlist from an array.
* @param string $sName field name
- * @param array $aValues field values array ( key => value ) ->
+ * @param array $aValues field values array(key => value) -> , although if $bUsekeys is FALSE, then
* @param mixed $default the key that will be selected
* @param boolean $bUsekeys use the keys of the array as option value or not
* @param array $aAttribs (since 1.5.1) extra attributes
@@ -162,31 +175,16 @@ function addSelect($sName, $aValues, $default = null, $bUsekeys = false, $aAttri
htmlspecialchars($v) . "\n";
}
- if (isset($aAttribs['id'])) {
- $label_open = '';
- } else {
- $label_open = '';
- $label_close = '';
- }
+ global $oTemplate;
- // create attribute string for select tag
- $sAttribs = '';
- foreach ($aAttribs as $key => $value) {
- $sAttribs.= ' ' . $key . (! is_null($value) ? '="'.htmlspecialchars($value).'"':'');
- }
-
- $ret = '\n";
+//FIXME: all the values in the $aAttribs list and $sName and both the keys and values in $aValues used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $aNewValues = array(); foreach ($aValues as $key => $value) $aNewValues[htmlspecialchars($key)] = htmlspecialchars($value); $aValues = $aNewValues; And probably this too because it has to be matched to a value that has already been sanitized: $default = htmlspecialchars($default);
+ $oTemplate->assign('aAttribs', $aAttribs);
+ $oTemplate->assign('aValues', $aValues);
+ $oTemplate->assign('bUsekeys', $bUsekeys);
+ $oTemplate->assign('default', $default);
+ $oTemplate->assign('name', $sName);
- return $ret;
+ return $oTemplate->fetch('select.tpl');
}
/**
@@ -219,77 +217,70 @@ function addReset($sValue, $aAttribs=array()) {
/**
* Textarea form element.
- * @param string $sName field name
- * @param string $sText initial field value
- * @param integer $iCols field width (number of chars)
- * @param integer $iRows field height (number of character rows)
- * @param array $aAttribs (since 1.5.1) extra attributes. function accepts string argument
- * for backward compatibility.
+ *
+ * @param string $sName field name
+ * @param string $sText initial field value (OPTIONAL; default empty)
+ * @param integer $iCols field width (number of chars) (OPTIONAL; default 40)
+ * @param integer $iRows field height (number of character rows) (OPTIONAL; default 10)
+ * @param array $aAttribs (since 1.5.1) extra attributes (OPTIONAL; default empty)
+ *
* @return string html formated text area field
+ *
*/
function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs = array()) {
- $label_open = '';
- $label_close = '';
- if (is_array($aAttribs)) {
- // maybe id can default to name?
- if (isset($aAttribs['id'])) {
- $label_open = '';
- }
- // add default css
- if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmtextarea';
- // create attribute string (do we have to sanitize keys?)
- $sAttribs = '';
- foreach ($aAttribs as $key => $value) {
- $sAttribs.= ' ' . $key . (! is_null($value) ? '="'.htmlspecialchars($value).'"':'');
- }
- } elseif (is_string($aAttribs)) {
- // backward compatibility mode. deprecated.
- $sAttribs = ' ' . $aAttribs;
- } else {
- $sAttribs = '';
+
+ // no longer accept string arguments for attribs; print
+ // backtrace to help people fix their code
+ if (!is_array($aAttribs)) {
+ echo '$aAttribs argument to addTextArea() must be an array
'; + debug_print_backtrace(); + echo '