projects / squirrelmail.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Don't use htmlentities() to sanitize input/output.
[squirrelmail.git] / functions / forms.php
1 <?php
2 /**
3 * forms.php
4 *
5 * Copyright (c) 2004 The SquirrelMail Project Team
6 * Licensed under the GNU GPL. For full terms see the file COPYING.
7 *
8 * Functions to build HTML forms in a safe and consistent manner.
9 * All name, value attributes are htmlentitied.
10 *
11 * $Id$
12 * @package squirrelmail
13 */
14
15 /**
16 * Helper function to create form fields, not to be called directly,
17 * only by other functions below.
18 */
19 function addInputField($type, $name = null, $value = null, $attributes = '') {
20 return '<input type="'.$type.'"'.
21 ($name !== null ? ' name="'.htmlspecialchars($name).'"' : '').
22 ($value !== null ? ' value="'.htmlspecialchars($value).'"' : '').
23 $attributes . ">\n";
24 }
25
26 /**
27 * Password input field
28 */
29 function addPwField($name , $value = null) {
30 return addInputField('password', $name , $value);
31 }
32
33
34 /**
35 * Form checkbox
36 */
37 function addCheckBox($name, $checked = false, $value='') {
38 return addInputField('checkbox', $name, $value,
39 ($checked ? ' checked' : ''));
40 }
41
42 /**
43 * Form radio box
44 */
45 function addRadioBox($name, $checked = false, $value='') {
46 return addInputField('radio', $name, $value,
47 ($checked ? ' checked' : ''));
48 }
49
50 /**
51 * A hidden form field.
52 */
53 function addHidden($name, $value) {
54 return addInputField('hidden', $name, $value);
55 }
56
57 /**
58 * An input textbox.
59 */
60 function addInput($name, $value = '', $size = 0, $maxlength = 0) {
61
62 $attr = '';
63 if ($size) {
64 $attr.= ' size="'.(int)$size.'"';
65 }
66 if ($maxlength) {
67 $attr.= ' maxlength="'.(int)$maxlength .'"';
68 }
69
70 return addInputField('text', $name, $value, $attr);
71 }
72
73
74 /**
75 * Function to create a selectlist from an array.
76 * Usage:
77 * name: html name attribute
78 * values: array ( key => value ) -> <option value="key">value
79 * default: the key that will be selected
80 * usekeys: use the keys of the array as option value or not
81 */
82 function addSelect($name, $values, $default = null, $usekeys = false)
83 {
84 // only one element
85 if(count($values) == 1) {
86 $k = key($values); $v = array_pop($values);
87 return addHidden($name, ($usekeys ? $k:$v)).
88 htmlspecialchars($v) . "\n";
89 }
90
91 $ret = '<select name="'.htmlspecialchars($name) . "\">\n";
92 foreach ($values as $k => $v) {
93 if(!$usekeys) $k = $v;
94 $ret .= '<option value="' .
95 htmlspecialchars( $k ) . '"' .
96 (($default == $k) ? ' selected':'') .
97 '>' . htmlspecialchars($v) ."</option>\n";
98 }
99 $ret .= "</select>\n";
100
101 return $ret;
102 }
103
104 /**
105 * Form submission button
106 * Note the switched value/name parameters!
107 */
108 function addSubmit($value, $name = null) {
109 return addInputField('submit', $name, $value);
110 }
111 /**
112 * Form reset button, $value = caption
113 */
114 function addReset($value) {
115 return addInputField('reset', null, $value);
116 }
117
118 /**
119 * Textarea form element.
120 */
121 function addTextArea($name, $text = '', $cols = 40, $rows = 10, $attr = '') {
122 return '<textarea name="'.htmlspecialchars($name).'" '.
123 'rows="'.(int)$rows .'" cols="'.(int)$cols.'"'.
124 $attr . '">'.htmlspecialchars($text) ."</textarea>\n";
125 }
126
127 /**
128 * Make a <form> start-tag.
129 */
130 function addForm($action, $method = 'POST', $name = '', $enctype = '', $charset = '')
131 {
132 if($name) {
133 $name = ' name="'.$name.'"';
134 }
135 if($enctype) {
136 $enctype = ' enctype="'.$enctype.'"';
137 }
138 if($charset) {
139 $charset = ' accept-charset="'.htmlspecialchars($charset).'"';
140 }
141
142 return '<form action="'. $action .'" method="'. $method .'"'.
143 $enctype . $name . $charset . "\">\n";
144 }
145
146
Unnamed repository; edit this file 'description' to name the repository.