/**
* 创建一个表单
*
* $add_token 参数为是否创建一个token验证隐藏表单,用于预防 CSRF 攻击
*
* !!! $add_token 功能适用于动态页面,而不能应用于有可能被缓存或HTML静态化的页面
*
* // Form will submit back to the current page using POST
* echo Form::open();
*
* // Form will submit to 'search' using GET
* echo Form::open('search', array('method' => 'get'));
*
* // When "file" inputs are present, you must include the "enctype"
* echo Form::open(null, array('enctype' => 'multipart/form-data'));
*
* @param string form action, defaults to the current request URI
* @param array html attributes
* @param boolean $add_token 是否添加token验证功能
* @return string
* @uses Core::url
* @uses HTML::attributes
* @uses Text::random
* @uses Cache::set
* @uses Text::rc4_encrypt
* @uses Form::hidden
*/
public static function open($action = null, array $attributes = null, $add_token = true)
{
if (null !== $action) {
if (false === strpos($action, '://')) {
// Make the URI absolute
$action = Core::url($action);
}
// Add the form action to the attributes
$attributes['action'] = (string) $action;
}
// Only accept the default character set
$attributes['accept-charset'] = Core::$charset;
if (!isset($attributes['method'])) {
// Use POST method
$attributes['method'] = 'post';
}
$str_token = '';
if ($add_token) {
foreach (Form::get_token() as $key => $value) {
$str_token .= Form::hidden('__form_token__[' . $key . ']', $value);
}
}
return '<form' . HTML::attributes($attributes) . '>' . $str_token;
}
