X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fforms.php;h=8e760b1e8d5ca3f2317188aa31f0ed88ff815008;hp=23215bb6ada42e26b5330c32abd07b4c3215b439;hb=5f2c00dd9089adc62676ec4ff4dc89d37d5cae85;hpb=d4e46166df04792c6b939356ea5dfda8e47bba7b diff --git a/functions/forms.php b/functions/forms.php index 23215bb6..8e760b1e 100644 --- a/functions/forms.php +++ b/functions/forms.php @@ -190,6 +190,7 @@ function addSelect($sName, $aValues, $default = null, $bUsekeys = false, $aAttri . htmlspecialchars($v); } + if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName; // make sure $default is an array, since multiple select lists // need the chance to have more than one default... @@ -292,6 +293,10 @@ function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs = // add default css else if (!isset($aAttribs['class'])) $aAttribs['class'] = 'sqmtextarea'; + + if ( empty( $aAttribs['id'] ) ) { + $aAttribs['id'] = strtr($sName,'[]','__'); + } global $oTemplate; @@ -308,20 +313,26 @@ function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs = /** * Make a
start-tag. * - * @param string $sAction form handler URL - * @param string $sMethod http method used to submit form data. 'get' or 'post' - * @param string $sName form name used for identification (used for backward - * compatibility). Use of id is recommended instead. - * @param string $sEnctype content type that is used to submit data. html 4.01 - * defaults to 'application/x-www-form-urlencoded'. Form - * with file field needs 'multipart/form-data' encoding type. - * @param string $sCharset charset that is used for submitted data - * @param array $aAttribs (since 1.5.1) extra attributes + * @param string $sAction form handler URL + * @param string $sMethod http method used to submit form data. 'get' or 'post' + * @param string $sName form name used for identification (used for backward + * compatibility). Use of id is recommended instead. + * @param string $sEnctype content type that is used to submit data. html 4.01 + * defaults to 'application/x-www-form-urlencoded'. Form + * with file field needs 'multipart/form-data' encoding type. + * @param string $sCharset charset that is used for submitted data + * @param array $aAttribs (since 1.5.1) extra attributes + * @param boolean $bAddToken (since 1.5.2) When given as a string or as boolean TRUE, + * a hidden input is also added to the form containing a + * security token. When given as TRUE, the input name is + * "smtoken"; otherwise the name is the string that is + * given for this parameter. When FALSE, no hidden token + * input field is added. (OPTIONAL; default not used) * * @return string html formated form start string * */ -function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCharset = '', $aAttribs = array()) { +function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCharset = '', $aAttribs = array(), $bAddToken = FALSE) { global $oTemplate; @@ -333,7 +344,14 @@ function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCha $oTemplate->assign('enctype', $sEnctype); $oTemplate->assign('charset', $sCharset); - return $oTemplate->fetch('form.tpl'); + $sForm = $oTemplate->fetch('form.tpl'); + + if ($bAddToken) { + $sForm .= addHidden((is_string($bAddToken) ? $bAddToken : 'smtoken'), + sm_generate_security_token()); + } + + return $sForm; } /**