/** * 创建一个表单 * * $add_token 参数为是否创建一个token验证隐藏表单,用于预防 CSRF 攻击 * * !!! $add_token 功能适用于动态页面,而不能应用于有可能被缓存或HTML静态化的页面 * * // Form will submit back to the current page using POST * echo Form::open(); * * // Form will submit to 'search' using GET * echo Form::open('search', array('method' => 'get')); * * // When "file" inputs are present, you must include the "enctype" * echo Form::open(null, array('enctype' => 'multipart/form-data')); * * @param string form action, defaults to the current request URI * @param array html attributes * @param boolean $add_token 是否添加token验证功能 * @return string * @uses Core::url * @uses HTML::attributes * @uses Text::random * @uses Cache::set * @uses Text::rc4_encrypt * @uses Form::hidden */ public static function open($action = null, array $attributes = null, $add_token = true) { if (null !== $action) { if (false === strpos($action, '://')) { // Make the URI absolute $action = Core::url($action); } // Add the form action to the attributes $attributes['action'] = (string) $action; } // Only accept the default character set $attributes['accept-charset'] = Core::$charset; if (!isset($attributes['method'])) { // Use POST method $attributes['method'] = 'post'; } $str_token = ''; if ($add_token) { foreach (Form::get_token() as $key => $value) { $str_token .= Form::hidden('__form_token__[' . $key . ']', $value); } } return '<form' . HTML::attributes($attributes) . '>' . $str_token; }