* Functions to build HTML forms in a safe and consistent manner.
* All name, value attributes are htmlentitied.
*
- * $Id$
+ * @version $Id$
* @package squirrelmail
+ * @subpackage forms
*/
/**
* Helper function to create form fields, not to be called directly,
* only by other functions below.
*/
-function addInputField($type, $name, $value, $attributes = '') {
- return '<input type="'.$type.'" name="'.htmlentities($name).'" '.
- ' value="'.htmlentities($value).'"'.
+function addInputField($type, $name = null, $value = null, $attributes = '') {
+ return '<input type="'.$type.'"'.
+ ($name !== null ? ' name="'.htmlspecialchars($name).'"' : '').
+ ($value !== null ? ' value="'.htmlspecialchars($value).'"' : '').
$attributes . ">\n";
}
+/**
+ * Password input field
+ */
+function addPwField($name , $value = null) {
+ return addInputField('password', $name , $value);
+}
+
/**
* Form checkbox
if(count($values) == 1) {
$k = key($values); $v = array_pop($values);
return addHidden($name, ($usekeys ? $k:$v)).
- htmlentities($v) . "\n";
+ htmlspecialchars($v) . "\n";
}
- $ret = '<select name="'.htmlentities($name) . "\">\n";
+ $ret = '<select name="'.htmlspecialchars($name) . "\">\n";
foreach ($values as $k => $v) {
if(!$usekeys) $k = $v;
$ret .= '<option value="' .
- htmlentities( $k ) . '"' .
+ htmlspecialchars( $k ) . '"' .
(($default == $k) ? ' selected':'') .
- '>' . htmlentities($v) ."</option>\n";
+ '>' . htmlspecialchars($v) ."</option>\n";
}
$ret .= "</select>\n";
return $ret;
}
+/**
+ * Form submission button
+ * Note the switched value/name parameters!
+ */
+function addSubmit($value, $name = null) {
+ return addInputField('submit', $name, $value);
+}
+/**
+ * Form reset button, $value = caption
+ */
+function addReset($value) {
+ return addInputField('reset', null, $value);
+}
+
/**
* Textarea form element.
*/
function addTextArea($name, $text = '', $cols = 40, $rows = 10, $attr = '') {
- return '<textarea name="'.htmlentities($name).'" '.
+ return '<textarea name="'.htmlspecialchars($name).'" '.
'rows="'.(int)$rows .'" cols="'.(int)$cols.'"'.
- $attr . '">'.htmlentities($text) ."</textarea>\n";
+ $attr . '">'.htmlspecialchars($text) ."</textarea>\n";
}
/**