diff options
Diffstat (limited to 'views/default/input/form.php')
| -rw-r--r-- | views/default/input/form.php | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php index 31c221688..df30133b3 100644 --- a/views/default/input/form.php +++ b/views/default/input/form.php @@ -1,14 +1,17 @@ <?php /** * Create a form for data submission. - * Use this view for forms rather than creating a form tag in the wild as it provides - * extra security which help prevent CSRF attacks. + * Use this view for forms as it provides protection against CSRF attacks. * * @package Elgg * @subpackage Core * * @uses $vars['body'] The body of the form (made up of other input/xxx views and html + * @uses $vars['action'] The action URL of the form + * @uses $vars['method'] The submit method: post (default) or get + * @uses $vars['enctype'] Set to 'multipart/form-data' if uploading a file * @uses $vars['disable_security'] turn off CSRF security by setting to true + * @uses $vars['class'] Additional class for the form */ $defaults = array( @@ -18,21 +21,24 @@ $defaults = array( $vars = array_merge($defaults, $vars); -$body = $vars['body']; -unset($vars['body']); +if (isset($vars['class'])) { + $vars['class'] = "elgg-form {$vars['class']}"; +} else { + $vars['class'] = 'elgg-form'; +} $vars['action'] = elgg_normalize_url($vars['action']); - -// @todo why? $vars['method'] = strtolower($vars['method']); +$body = $vars['body']; +unset($vars['body']); + // Generate a security header if (!$vars['disable_security']) { - $body .= elgg_view('input/securitytoken'); + $body = elgg_view('input/securitytoken') . $body; } unset($vars['disable_security']); - $attributes = elgg_format_attributes($vars); -echo "<form $attributes>$body</form>";
\ No newline at end of file +echo "<form $attributes><fieldset>$body</fieldset></form>"; |