X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fforms.php;h=209458437964f2b5f2981226c5efa3a07f3573f8;hp=4f5b1bf4709001392f32bcffab07b822e81e7ada;hb=84edf699d419494324e08176c89e9fbfc5a23818;hpb=4b5049de2fa934c45599d6e4c74bf2bbee10d34d diff --git a/functions/forms.php b/functions/forms.php index 4f5b1bf4..20945843 100644 --- a/functions/forms.php +++ b/functions/forms.php @@ -25,7 +25,7 @@ * @link http://www.section508.gov/ Section 508 * @link http://www.w3.org/WAI/ Web Accessibility Initiative (WAI) * @link http://www.w3.org/TR/html4/ W3.org HTML 4.01 form specs - * @copyright © 2004-2007 The SquirrelMail Project Team + * @copyright 2004-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -76,12 +76,17 @@ function addInputField($sType, $aAttribs=array()) { * Password input field * @param string $sName field name * @param string $sValue initial password value - * @param array $aAttribs (since 1.5.1) extra attributes - * @return string html formated password field + * @param integer $iSize field size (number of characters) + * @param integer $iMaxlength maximum number of characters the user may enter + * @param array $aAttribs (since 1.5.1) extra attributes - should be given + * in the form array('attribute_name' => 'attribute_value', ...) + * @return string html formated password field */ -function addPwField($sName, $sValue = null, $aAttribs=array()) { +function addPwField($sName, $sValue = '', $iSize = 0, $iMaxlength = 0, $aAttribs=array()) { $aAttribs['name'] = $sName; - $aAttribs['value'] = (! is_null($sValue) ? $sValue : ''); + $aAttribs['value'] = $sValue; + if ($iSize) $aAttribs['size'] = (int)$iSize; + if ($iMaxlength) $aAttribs['maxlength'] = (int)$iMaxlength; // add default css if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmpwfield'; return addInputField('password',$aAttribs); @@ -159,34 +164,80 @@ function addInput($sName, $sValue = '', $iSize = 0, $iMaxlength = 0, $aAttribs=a /** * Function to create a selectlist from an array. - * @param string $sName field name - * @param array $aValues field values array(key => value) -> , although if $bUsekeys is FALSE, then - * @param mixed $default the key that will be selected - * @param boolean $bUsekeys use the keys of the array as option value or not - * @param array $aAttribs (since 1.5.1) extra attributes + * @param string $sName Field name + * @param array $aValues Field values array(key => value) results in: + * , + * although if $bUsekeys is FALSE, then it changes to: + * + * @param mixed $default The key(s) that will be selected (it is OK to pass + * in an array here in the case of multiple select lists) + * @param boolean $bUsekeys Use the keys of the array as option value or not + * @param array $aAttribs (since 1.5.1) Extra attributes + * @param boolean $bMultiple When TRUE, a multiple select list will be shown + * (OPTIONAL; default is FALSE (single select list)) + * @param int $iSize Desired height of multiple select boxes + * (OPTIONAL; default is SMOPT_SIZE_NORMAL) + * (only applicable when $bMultiple is TRUE) + * * @return string html formated selection box * @todo add attributes argument for option tags and default css */ -function addSelect($sName, $aValues, $default = null, $bUsekeys = false, $aAttribs = array()) { +function addSelect($sName, $aValues, $default = null, $bUsekeys = false, $aAttribs = array(), $bMultiple = FALSE, $iSize = SMOPT_SIZE_NORMAL) { // only one element - if(count($aValues) == 1) { + if (!$bMultiple && count($aValues) == 1) { $k = key($aValues); $v = array_pop($aValues); - return addHidden($sName, ($bUsekeys ? $k:$v), $aAttribs). - htmlspecialchars($v) . "\n"; + return addHidden($sName, ($bUsekeys ? $k : $v), $aAttribs) + . htmlspecialchars($v); } + if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName; + + // make sure $default is an array, since multiple select lists + // need the chance to have more than one default... + // + if (!is_array($default)) + $default = array($default); + + global $oTemplate; -//FIXME: all the values in the $aAttribs list and $sName and both the keys and values in $aValues used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $aNewValues = array(); foreach ($aValues as $key => $value) $aNewValues[htmlspecialchars($key)] = htmlspecialchars($value); $aValues = $aNewValues; And probably this too because it has to be matched to a value that has already been sanitized: $default = htmlspecialchars($default); +//FIXME: all the values in the $aAttribs list and $sName and both the keys and values in $aValues used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $aNewValues = array(); foreach ($aValues as $key => $value) $aNewValues[htmlspecialchars($key)] = htmlspecialchars($value); $aValues = $aNewValues; And probably this too because it has to be matched to a value that has already been sanitized: $default = htmlspecialchars($default); (oops, watch out for when $default is an array! (multiple select lists)) $oTemplate->assign('aAttribs', $aAttribs); $oTemplate->assign('aValues', $aValues); $oTemplate->assign('bUsekeys', $bUsekeys); $oTemplate->assign('default', $default); $oTemplate->assign('name', $sName); + $oTemplate->assign('multiple', $bMultiple); + $oTemplate->assign('size', $iSize); return $oTemplate->fetch('select.tpl'); } +/** + * Normal button + * + * Note the switched value/name parameters! + * Note also that regular buttons are not very useful unless + * used with onclick handlers, thus are only really appropriate + * if you use them after having checked if JavaScript is turned + * on by doing this: if (checkForJavascript()) ... + * + * @param string $sValue button name + * @param string $sName key name + * @param array $aAttribs extra attributes + * + * @return string html formated submit input field + * + * @since 1.5.2 + */ +function addButton($sValue, $sName = null, $aAttribs=array()) { + $aAttribs['value'] = $sValue; + if (! is_null($sName)) $aAttribs['name'] = $sName; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmsubmitfield'; + return addInputField('button', $aAttribs); +} + /** * Form submission button * Note the switched value/name parameters! @@ -202,6 +253,7 @@ function addSubmit($sValue, $sName = null, $aAttribs=array()) { if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmsubmitfield'; return addInputField('submit', $aAttribs); } + /** * Form reset button * @param string $sValue button name @@ -231,6 +283,7 @@ function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs = // no longer accept string arguments for attribs; print // backtrace to help people fix their code + //FIXME: throw error instead? if (!is_array($aAttribs)) { echo '$aAttribs argument to addTextArea() must be an array
';
         debug_print_backtrace();
@@ -238,8 +291,12 @@ function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs =
         exit;
     }
 
-    // FIXME: should the template do this instead????
+    // add default css
     else if (!isset($aAttribs['class'])) $aAttribs['class'] = 'sqmtextarea';
+    
+    if ( empty( $aAttribs['id'] ) ) {
+        $aAttribs['id'] = strtr($sName,'[]','__');
+    }
 
     global $oTemplate;
 
@@ -256,20 +313,26 @@ function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs =
 /**
  * Make a 
 start-tag.
  *
- * @param string $sAction  form handler URL
- * @param string $sMethod  http method used to submit form data. 'get' or 'post'
- * @param string $sName    form name used for identification (used for backward 
- *                         compatibility). Use of id is recommended instead.
- * @param string $sEnctype content type that is used to submit data. html 4.01 
- *                         defaults to 'application/x-www-form-urlencoded'. Form 
- *                         with file field needs 'multipart/form-data' encoding type.
- * @param string $sCharset charset that is used for submitted data
- * @param array  $aAttribs (since 1.5.1) extra attributes
+ * @param string  $sAction   form handler URL
+ * @param string  $sMethod   http method used to submit form data. 'get' or 'post'
+ * @param string  $sName     form name used for identification (used for backward 
+ *                           compatibility). Use of id is recommended instead.
+ * @param string  $sEnctype  content type that is used to submit data. html 4.01 
+ *                           defaults to 'application/x-www-form-urlencoded'. Form 
+ *                           with file field needs 'multipart/form-data' encoding type.
+ * @param string  $sCharset  charset that is used for submitted data
+ * @param array   $aAttribs  (since 1.5.1) extra attributes
+ * @param boolean $bAddToken (since 1.5.2) When given as a string or as boolean TRUE,
+ *                           a hidden input is also added to the form containing a
+ *                           security token.  When given as TRUE, the input name is
+ *                           "smtoken"; otherwise the name is the string that is
+ *                           given for this parameter.  When FALSE, no hidden token
+ *                           input field is added.  (OPTIONAL; default not used)
  *
  * @return string html formated form start string
  *
  */
-function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCharset = '', $aAttribs = array()) {
+function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCharset = '', $aAttribs = array(), $bAddToken = FALSE) {
 
     global $oTemplate;
 
@@ -281,6 +344,49 @@ function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCha
     $oTemplate->assign('enctype', $sEnctype);
     $oTemplate->assign('charset', $sCharset);
 
-    return $oTemplate->fetch('form.tpl');
+    $sForm = $oTemplate->fetch('form.tpl');
+
+    if ($bAddToken) {
+        $sForm .= addHidden((is_string($bAddToken) ? $bAddToken : 'smtoken'),
+                            sm_generate_security_token());
+    }
+
+    return $sForm;
+}
+
+/**
+  * Creates unique widget names
+  *
+  * Names are formatted as such: "send1", "send2", "send3", etc.,
+  * where "send" in this example is what was given for $base_name
+  *
+  * @param string  $base_name    The name upon which to base the
+  *                              returned widget name.
+  * @param boolean $return_count When TRUE, this function will
+  *                              return the last number used to
+  *                              create a widget name for $base_name
+  *                              (OPTIONAL; default = FALSE).
+  *
+  * @return mixed When $return_output is FALSE, a string containing
+  *               the unique widget name; otherwise an integer with
+  *               the last number used to create the last widget
+  *               name for the given $base_name (where 0 (zero) means
+  *               that no such widgets have been created yet).
+  *
+  * @since 1.5.2
+  *
+  */
+function unique_widget_name($base_name, $return_count=FALSE)
+{
+   static $counts = array();
+
+   if (!isset($counts[$base_name]))
+      $counts[$base_name] = 0;
+
+   if ($return_count)
+      return $counts[$base_name];
+
+   ++$counts[$base_name];
+   return $base_name . $counts[$base_name];
 }