X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fforms.php;h=8e760b1e8d5ca3f2317188aa31f0ed88ff815008;hp=97fb746ffe03041ee19f19d273932f852098a945;hb=f34bb4e38938e9519e6eb7dd357f193828a0c37b;hpb=d4b2cc0af61df5c27103d611fd906babba51d454 diff --git a/functions/forms.php b/functions/forms.php index 97fb746f..8e760b1e 100644 --- a/functions/forms.php +++ b/functions/forms.php @@ -1,147 +1,392 @@ passwall.com. Tags can be used for Section 508 + * or WAI compliance. * - * Functions to build HTML forms in a safe and consistent manner. - * All name, value attributes are htmlentitied. + * * input tag functions accept extra html attributes that can be submitted + * in $aAttribs array. * + * * default css class attributes are added. + * + * @link http://www.section508.gov/ Section 508 + * @link http://www.w3.org/WAI/ Web Accessibility Initiative (WAI) + * @link http://www.w3.org/TR/html4/ W3.org HTML 4.01 form specs + * @copyright © 2004-2009 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail * @subpackage forms + * @since 1.4.3 and 1.5.1 */ /** * Helper function to create form fields, not to be called directly, * only by other functions below. + * + * Function used different syntax before 1.5.1 + * @param string $sType type of input field. Possible values (html 4.01 + * specs.): text, password, checkbox, radio, submit, reset, file, + * hidden, image, button. + * @param array $aAttribs (since 1.5.1) extra attributes. Array key is + * attribute name, array value is attribute value. Array keys must use + * lowercase. + * @return string html formated input field + * @deprecated use other functions that provide simple wrappers to this function */ -function addInputField($type, $name = null, $value = null, $attributes = '') { - return '\n"; +function addInputField($sType, $aAttribs=array()) { + $sAttribs = ''; + // define unique identifier + if (! isset($aAttribs['id']) && isset($aAttribs['name']) && ! is_null($aAttribs['name'])) { + /** + * if 'id' is not set, set it to 'name' and replace brackets + * with underscores. 'name' might contain field name with squire + * brackets (array). Brackets are not allowed in id (validator.w3.org + * fails to validate document). According to html 4.01 manual cdata + * type description, 'name' attribute uses same type, but validator.w3.org + * does not barf on brackets in 'name' attributes. + */ + $aAttribs['id'] = strtr($aAttribs['name'],'[]','__'); + } + + global $oTemplate; + + $oTemplate->assign('type', $sType); +//FIXME: all the values in the $aAttribs list used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); + $oTemplate->assign('aAttribs', $aAttribs); + + return $oTemplate->fetch('input.tpl'); + } /** * Password input field + * @param string $sName field name + * @param string $sValue initial password value + * @param integer $iSize field size (number of characters) + * @param integer $iMaxlength maximum number of characters the user may enter + * @param array $aAttribs (since 1.5.1) extra attributes - should be given + * in the form array('attribute_name' => 'attribute_value', ...) + * @return string html formated password field */ -function addPwField($name , $value = null) { - return addInputField('password', $name , $value); +function addPwField($sName, $sValue = '', $iSize = 0, $iMaxlength = 0, $aAttribs=array()) { + $aAttribs['name'] = $sName; + $aAttribs['value'] = $sValue; + if ($iSize) $aAttribs['size'] = (int)$iSize; + if ($iMaxlength) $aAttribs['maxlength'] = (int)$iMaxlength; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmpwfield'; + return addInputField('password',$aAttribs); } - /** * Form checkbox + * @param string $sName field name + * @param boolean $bChecked controls if field is checked + * @param string $sValue + * @param array $aAttribs (since 1.5.1) extra attributes + * @return string html formated checkbox field */ -function addCheckBox($name, $checked = false, $value = null) { - return addInputField('checkbox', $name, $value, - ($checked ? ' checked="checked"' : '')); +function addCheckBox($sName, $bChecked = false, $sValue = null, $aAttribs=array()) { + $aAttribs['name'] = $sName; + if ($bChecked) $aAttribs['checked'] = 'checked'; + if (! is_null($sValue)) $aAttribs['value'] = $sValue; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmcheckbox'; + return addInputField('checkbox',$aAttribs); } /** * Form radio box + * @param string $sName field name + * @param boolean $bChecked controls if field is selected + * @param string $sValue + * @param array $aAttribs (since 1.5.1) extra attributes. + * @return string html formated radio box */ -function addRadioBox($name, $checked = false, $value = null) { - return addInputField('radio', $name, $value, - ($checked ? ' checked="checked"' : '')); +function addRadioBox($sName, $bChecked = false, $sValue = null, $aAttribs=array()) { + $aAttribs['name'] = $sName; + if ($bChecked) $aAttribs['checked'] = 'checked'; + if (! is_null($sValue)) $aAttribs['value'] = $sValue; + if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName . $sValue; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmradiobox'; + return addInputField('radio', $aAttribs); } /** * A hidden form field. + * @param string $sName field name + * @param string $sValue field value + * @param array $aAttribs (since 1.5.1) extra attributes + * @return html formated hidden form field */ -function addHidden($name, $value) { - return addInputField('hidden', $name, $value); +function addHidden($sName, $sValue, $aAttribs=array()) { + $aAttribs['name'] = $sName; + $aAttribs['value'] = $sValue; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmhiddenfield'; + return addInputField('hidden', $aAttribs); } /** * An input textbox. + * @param string $sName field name + * @param string $sValue initial field value + * @param integer $iSize field size (number of characters) + * @param integer $iMaxlength maximum number of characters the user may enter + * @param array $aAttribs (since 1.5.1) extra attributes - should be given + * in the form array('attribute_name' => 'attribute_value', ...) + * @return string html formated text input field */ -function addInput($name, $value = '', $size = 0, $maxlength = 0) { - - $attr = ''; - if ($size) { - $attr.= ' size="'.(int)$size.'"'; - } - if ($maxlength) { - $attr.= ' maxlength="'.(int)$maxlength .'"'; - } - - return addInputField('text', $name, $value, $attr); +function addInput($sName, $sValue = '', $iSize = 0, $iMaxlength = 0, $aAttribs=array()) { + $aAttribs['name'] = $sName; + $aAttribs['value'] = $sValue; + if ($iSize) $aAttribs['size'] = (int)$iSize; + if ($iMaxlength) $aAttribs['maxlength'] = (int)$iMaxlength; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmtextfield'; + return addInputField('text', $aAttribs); } - /** * Function to create a selectlist from an array. - * Usage: - * name: html name attribute - * values: array ( key => value ) -> , + * although if $bUsekeys is FALSE, then it changes to: + * + * @param mixed $default The key(s) that will be selected (it is OK to pass + * in an array here in the case of multiple select lists) + * @param boolean $bUsekeys Use the keys of the array as option value or not + * @param array $aAttribs (since 1.5.1) Extra attributes + * @param boolean $bMultiple When TRUE, a multiple select list will be shown + * (OPTIONAL; default is FALSE (single select list)) + * @param int $iSize Desired height of multiple select boxes + * (OPTIONAL; default is SMOPT_SIZE_NORMAL) + * (only applicable when $bMultiple is TRUE) + * + * @return string html formated selection box + * @todo add attributes argument for option tags and default css */ -function addSelect($name, $values, $default = null, $usekeys = false) -{ +function addSelect($sName, $aValues, $default = null, $bUsekeys = false, $aAttribs = array(), $bMultiple = FALSE, $iSize = SMOPT_SIZE_NORMAL) { // only one element - if(count($values) == 1) { - $k = key($values); $v = array_pop($values); - return addHidden($name, ($usekeys ? $k:$v)). - htmlspecialchars($v) . "\n"; + if (!$bMultiple && count($aValues) == 1) { + $k = key($aValues); $v = array_pop($aValues); + return addHidden($sName, ($bUsekeys ? $k : $v), $aAttribs) + . htmlspecialchars($v); } - $ret = '\n"; + if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName; + + // make sure $default is an array, since multiple select lists + // need the chance to have more than one default... + // + if (!is_array($default)) + $default = array($default); + + + global $oTemplate; + +//FIXME: all the values in the $aAttribs list and $sName and both the keys and values in $aValues used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $aNewValues = array(); foreach ($aValues as $key => $value) $aNewValues[htmlspecialchars($key)] = htmlspecialchars($value); $aValues = $aNewValues; And probably this too because it has to be matched to a value that has already been sanitized: $default = htmlspecialchars($default); (oops, watch out for when $default is an array! (multiple select lists)) + $oTemplate->assign('aAttribs', $aAttribs); + $oTemplate->assign('aValues', $aValues); + $oTemplate->assign('bUsekeys', $bUsekeys); + $oTemplate->assign('default', $default); + $oTemplate->assign('name', $sName); + $oTemplate->assign('multiple', $bMultiple); + $oTemplate->assign('size', $iSize); - return $ret; + return $oTemplate->fetch('select.tpl'); +} + +/** + * Normal button + * + * Note the switched value/name parameters! + * Note also that regular buttons are not very useful unless + * used with onclick handlers, thus are only really appropriate + * if you use them after having checked if JavaScript is turned + * on by doing this: if (checkForJavascript()) ... + * + * @param string $sValue button name + * @param string $sName key name + * @param array $aAttribs extra attributes + * + * @return string html formated submit input field + * + * @since 1.5.2 + */ +function addButton($sValue, $sName = null, $aAttribs=array()) { + $aAttribs['value'] = $sValue; + if (! is_null($sName)) $aAttribs['name'] = $sName; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmsubmitfield'; + return addInputField('button', $aAttribs); } /** * Form submission button * Note the switched value/name parameters! + * @param string $sValue button name + * @param string $sName submitted key name + * @param array $aAttribs (since 1.5.1) extra attributes + * @return string html formated submit input field */ -function addSubmit($value, $name = null) { - return addInputField('submit', $name, $value); +function addSubmit($sValue, $sName = null, $aAttribs=array()) { + $aAttribs['value'] = $sValue; + if (! is_null($sName)) $aAttribs['name'] = $sName; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmsubmitfield'; + return addInputField('submit', $aAttribs); } + /** - * Form reset button, $value = caption + * Form reset button + * @param string $sValue button name + * @param array $aAttribs (since 1.5.1) extra attributes + * @return string html formated reset input field */ -function addReset($value) { - return addInputField('reset', null, $value); +function addReset($sValue, $aAttribs=array()) { + $aAttribs['value'] = $sValue; + // add default css + if (! isset($aAttribs['class'])) $aAttribs['class'] = 'sqmresetfield'; + return addInputField('reset', $aAttribs); } /** * Textarea form element. + * + * @param string $sName field name + * @param string $sText initial field value (OPTIONAL; default empty) + * @param integer $iCols field width (number of chars) (OPTIONAL; default 40) + * @param integer $iRows field height (number of character rows) (OPTIONAL; default 10) + * @param array $aAttribs (since 1.5.1) extra attributes (OPTIONAL; default empty) + * + * @return string html formated text area field + * */ -function addTextArea($name, $text = '', $cols = 40, $rows = 10, $attr = '') { - return '\n"; +function addTextArea($sName, $sText = '', $iCols = 40, $iRows = 10, $aAttribs = array()) { + + // no longer accept string arguments for attribs; print + // backtrace to help people fix their code + //FIXME: throw error instead? + if (!is_array($aAttribs)) { + echo '$aAttribs argument to addTextArea() must be an array
';
+        debug_print_backtrace();
+        echo '

'; + exit; + } + + // add default css + else if (!isset($aAttribs['class'])) $aAttribs['class'] = 'sqmtextarea'; + + if ( empty( $aAttribs['id'] ) ) { + $aAttribs['id'] = strtr($sName,'[]','__'); + } + + global $oTemplate; + +//FIXME: all the values in the $aAttribs list as well as $sName and $sText used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $sText = htmlspecialchars($sText); + $oTemplate->assign('aAttribs', $aAttribs); + $oTemplate->assign('name', $sName); + $oTemplate->assign('text', $sText); + $oTemplate->assign('cols', (int)$iCols); + $oTemplate->assign('rows', (int)$iRows); + + return $oTemplate->fetch('textarea.tpl'); } /** * Make a
start-tag. + * + * @param string $sAction form handler URL + * @param string $sMethod http method used to submit form data. 'get' or 'post' + * @param string $sName form name used for identification (used for backward + * compatibility). Use of id is recommended instead. + * @param string $sEnctype content type that is used to submit data. html 4.01 + * defaults to 'application/x-www-form-urlencoded'. Form + * with file field needs 'multipart/form-data' encoding type. + * @param string $sCharset charset that is used for submitted data + * @param array $aAttribs (since 1.5.1) extra attributes + * @param boolean $bAddToken (since 1.5.2) When given as a string or as boolean TRUE, + * a hidden input is also added to the form containing a + * security token. When given as TRUE, the input name is + * "smtoken"; otherwise the name is the string that is + * given for this parameter. When FALSE, no hidden token + * input field is added. (OPTIONAL; default not used) + * + * @return string html formated form start string + * */ -function addForm($action, $method = 'POST', $name = '', $enctype = '', $charset = '') -{ - if($name) { - $name = ' name="'.$name.'"'; - } - if($enctype) { - $enctype = ' enctype="'.$enctype.'"'; - } - if($charset) { - $charset = ' accept-charset="'.htmlspecialchars($charset).'"'; +function addForm($sAction, $sMethod = 'post', $sName = '', $sEnctype = '', $sCharset = '', $aAttribs = array(), $bAddToken = FALSE) { + + global $oTemplate; + +//FIXME: all the values in the $aAttribs list as well as $charset used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sCharset = htmlspecialchars($sCharset); + $oTemplate->assign('aAttribs', $aAttribs); + $oTemplate->assign('name', $sName); + $oTemplate->assign('method', $sMethod); + $oTemplate->assign('action', $sAction); + $oTemplate->assign('enctype', $sEnctype); + $oTemplate->assign('charset', $sCharset); + + $sForm = $oTemplate->fetch('form.tpl'); + + if ($bAddToken) { + $sForm .= addHidden((is_string($bAddToken) ? $bAddToken : 'smtoken'), + sm_generate_security_token()); } - return '\n"; + return $sForm; +} + +/** + * Creates unique widget names + * + * Names are formatted as such: "send1", "send2", "send3", etc., + * where "send" in this example is what was given for $base_name + * + * @param string $base_name The name upon which to base the + * returned widget name. + * @param boolean $return_count When TRUE, this function will + * return the last number used to + * create a widget name for $base_name + * (OPTIONAL; default = FALSE). + * + * @return mixed When $return_output is FALSE, a string containing + * the unique widget name; otherwise an integer with + * the last number used to create the last widget + * name for the given $base_name (where 0 (zero) means + * that no such widgets have been created yet). + * + * @since 1.5.2 + * + */ +function unique_widget_name($base_name, $return_count=FALSE) +{ + static $counts = array(); + + if (!isset($counts[$base_name])) + $counts[$base_name] = 0; + + if ($return_count) + return $counts[$base_name]; + + ++$counts[$base_name]; + return $base_name . $counts[$base_name]; } -?> \ No newline at end of file