function phabricator_render_form(PhabricatorUser $user, $attributes, $content)
{
if (strcasecmp(idx($attributes, 'method'), 'POST') == 0 && !preg_match('#^(https?:|//)#', idx($attributes, 'action'))) {
$content = phutil_render_tag('input', array('type' => 'hidden', 'name' => AphrontRequest::getCSRFTokenName(), 'value' => $user->getCSRFToken())) . phutil_render_tag('input', array('type' => 'hidden', 'name' => '__form__', 'value' => true)) . $content;
}
return javelin_render_tag('form', $attributes, $content);
}
function phabricator_form(PhabricatorUser $user, $attributes, $content)
{
$body = array();
$http_method = idx($attributes, 'method');
$is_post = strcasecmp($http_method, 'POST') === 0;
$http_action = idx($attributes, 'action');
$is_absolute_uri = preg_match('#^(https?:|//)#', $http_action);
if ($is_post) {
// NOTE: We only include CSRF tokens if a URI is a local URI on the same
// domain. This is an important security feature and prevents forms which
// submit to foreign sites from leaking CSRF tokens.
// In some cases, we may construct a fully-qualified local URI. For example,
// we can construct these for download links, depending on configuration.
// These forms do not receive CSRF tokens, even though they safely could.
// This can be confusing, if you're developing for Phabricator and
// manage to construct a local form with a fully-qualified URI, since it
// won't get CSRF tokens and you'll get an exception at the other end of
// the request which is a bit disconnected from the actual root cause.
// However, this is rare, and there are reasonable cases where this
// construction occurs legitimately, and the simplest fix is to omit CSRF
// tokens for these URIs in all cases. The error message you receive also
// gives you some hints as to this potential source of error.
if (!$is_absolute_uri) {
$body[] = phutil_tag('input', array('type' => 'hidden', 'name' => AphrontRequest::getCSRFTokenName(), 'value' => $user->getCSRFToken()));
$body[] = phutil_tag('input', array('type' => 'hidden', 'name' => '__form__', 'value' => true));
}
}
if (is_array($content)) {
$body = array_merge($body, $content);
} else {
$body[] = $content;
}
return javelin_tag('form', $attributes, $body);
}
function phabricator_render_form(PhabricatorUser $user, $attributes, $content)
{
return javelin_render_tag('form', $attributes, phutil_render_tag('input', array('type' => 'hidden', 'name' => AphrontRequest::getCSRFTokenName(), 'value' => $user->getCSRFToken())) . phutil_render_tag('input', array('type' => 'hidden', 'name' => '__form__', 'value' => true)) . $content);
}
