X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fforms.php;h=b2899d44d8f3769851a8a52c2a16b93207a025ff;hb=ad2f0b546afcb978ee67ef25332cf4f12c363892;hp=4dc55237988d4a39d63badddad043ca39d3b88e9;hpb=61bd57f55a8f10c323506bb2b6288c806aed260b;p=squirrelmail.git diff --git a/functions/forms.php b/functions/forms.php index 4dc55237..b2899d44 100644 --- a/functions/forms.php +++ b/functions/forms.php @@ -25,7 +25,7 @@ * @link http://www.section508.gov/ Section 508 * @link http://www.w3.org/WAI/ Web Accessibility Initiative (WAI) * @link http://www.w3.org/TR/html4/ W3.org HTML 4.01 form specs - * @copyright © 2004-2007 The SquirrelMail Project Team + * @copyright 2004-2012 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -190,6 +190,7 @@ function addSelect($sName, $aValues, $default = null, $bUsekeys = false, $aAttri . htmlspecialchars($v); } + if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName; // make sure $default is an array, since multiple select lists // need the chance to have more than one default... @@ -292,6 +293,10 @@ function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs = // add default css else if (!isset($aAttribs['class'])) $aAttribs['class'] = 'sqmtextarea'; + + if ( empty( $aAttribs['id'] ) ) { + $aAttribs['id'] = strtr($sName,'[]','__'); + } global $oTemplate; @@ -308,20 +313,26 @@ function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs = /** * Make a
start-tag. * - * @param string $sAction form handler URL - * @param string $sMethod http method used to submit form data. 'get' or 'post' - * @param string $sName form name used for identification (used for backward - * compatibility). Use of id is recommended instead. - * @param string $sEnctype content type that is used to submit data. html 4.01 - * defaults to 'application/x-www-form-urlencoded'. Form - * with file field needs 'multipart/form-data' encoding type. - * @param string $sCharset charset that is used for submitted data - * @param array $aAttribs (since 1.5.1) extra attributes + * @param string $sAction form handler URL + * @param string $sMethod http method used to submit form data. 'get' or 'post' + * @param string $sName form name used for identification (used for backward + * compatibility). Use of id is recommended instead. + * @param string $sEnctype content type that is used to submit data. html 4.01 + * defaults to 'application/x-www-form-urlencoded'. Form + * with file field needs 'multipart/form-data' encoding type. + * @param string $sCharset charset that is used for submitted data + * @param array $aAttribs (since 1.5.1) extra attributes + * @param boolean $bAddToken (since 1.5.2) When given as a string or as boolean TRUE, + * a hidden input is also added to the form containing a + * security token. When given as TRUE, the input name is + * "smtoken"; otherwise the name is the string that is + * given for this parameter. When FALSE, no hidden token + * input field is added. (OPTIONAL; default not used) * * @return string html formated form start string * */ -function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCharset = '', $aAttribs = array()) { +function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCharset = '', $aAttribs = array(), $bAddToken = FALSE) { global $oTemplate; @@ -333,7 +344,14 @@ function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCha $oTemplate->assign('enctype', $sEnctype); $oTemplate->assign('charset', $sCharset); - return $oTemplate->fetch('form.tpl'); + $sForm = $oTemplate->fetch('form.tpl'); + + if ($bAddToken) { + $sForm .= addHidden((is_string($bAddToken) ? $bAddToken : 'smtoken'), + sm_generate_security_token()); + } + + return $sForm; } /** @@ -355,7 +373,7 @@ function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCha * name for the given $base_name (where 0 (zero) means * that no such widgets have been created yet). * - * @since 1.4.18 and 1.5.2 + * @since 1.5.2 * */ function unique_widget_name($base_name, $return_count=FALSE)