/**
* mb_form
*/
function mb_form($params, $content, &$smarty, &$repeat)
{
$fields = array("m" => CMbArray::extract($params, "m", null, true), "dosql" => CMbArray::extract($params, "dosql"), "tab" => CMbArray::extract($params, "tab"), "a" => CMbArray::extract($params, "a"));
$attributes = array("name" => CMbArray::extract($params, "name", null, true), "method" => CMbArray::extract($params, "method", "get"), "action" => CMbArray::extract($params, "action", "?"), "class" => CMbArray::extract($params, "className", ""));
// If protection enabled
if (CAppUI::conf("csrf_protection")) {
// During opening tag, we generate the token
if ($repeat) {
// Form is open
self::$is_open = true;
} else {
if (strtoupper($attributes["method"]) == "POST") {
$lifetime = CMbArray::extract($params, "lifetime", CAppUI::conf("csrf_token_lifetime"));
$lifetime = abs(round($lifetime));
$token = CCSRF::generateToken();
if ($token) {
// Key is token, value is expiration date and fields to check
$_SESSION["tokens"][$token] = array("lifetime" => time() + $lifetime, "fields" => self::$csrf_values);
// In order to add the hidden input
$fields["csrf"] = $token;
self::$csrf_values = array();
}
}
// Form is closing
self::$is_open = false;
}
}
$attributes += $params;
$fields = array_filter($fields);
$_content = "";
foreach ($fields as $name => $value) {
$_content .= "\n" . CHTMLResourceLoader::getTag("input", array("type" => "hidden", "name" => $name, "value" => $value));
}
$_content .= $content;
return CHTMLResourceLoader::getTag("form", $attributes, $_content);
}
