/** * Adds options to the select box control * * <b>If the "multiple" attribute is not set, the first option will be always considered as the "nothing is selected" * state of the control!</b> * * @param array $options An associative array of options where the key is the value of the option and the * value is the actual text to be displayed for the option. * * <b>Option groups</b> can be set by giving an array of associative arrays as argument: * * <code> * // add as groups: * $obj->add_options(array( * 'group' => array('option 1', 'option 2') * )); * </code> * * @param boolean $overwrite (Optional) By default, succesive calls of this method will appended the options * given as arguments to the already existing options. * * Setting this argument to TRUE will instead overwrite the previously existing options. * * Default is FALSE * * @return void */ function add_options($options, $overwrite = false) { // continue only if parameter is an array if (is_array($options)) { // get some properties of the select control $attributes = $this->get_attributes(array('options', 'multiple')); // if there are no options so far AND // we're not overwriting existing options AND // the "multiple" attribute is not set if (empty($attributes['options']) && $overwrite === false && !isset($attributes['multiple'])) { // add the default value // we'll replace the value with the appropriate language $options = array('' => $this->form_properties['language']['select']) + $options; } // set the options attribute of the control $this->set_attributes(array('options' => $overwrite ? $options : $attributes['options'] + $options)); // if options are not specified as an array } else { // trigger an error message _myzebra_form_show_error(' Selectable values for the <strong>' . $this->attributes['id'] . '</strong> control must be specified as an array '); } }
/** * Generates a CSRF token, unique to the current form. * * Note that this will generate a new CSRF token only when the form is generated and not also when the form is * submitted - unless the <b>$force</b> argument is set to TRUE. * * @param boolean $force (Optional) Instructs the method to forcefully generate a new CSRF token. * * This parameter will be TRUE when the method is called after an unsuccessful * CSRF token validation or after a successful form validation. * * By default, this method will generate a new CSRF token *only* if the form * is not being currently submitted (form information is not available in the $_POST * superglobal). * * Default is FALSE. * * @return void * * @access private */ function _csrf_generate_token($force = false) { // if CSRF protection is enabled (is not boolean FALSE) and CSRF token was not already generated if ($this->form_properties['csrf_storage_method'] !== false) { // reference to the form submission method global ${'_' . $this->form_properties['method']}; $method =& ${'_' . $this->form_properties['method']}; // if if (isset($method[$this->form_properties['identifier']]) && $force === false && $this->form_properties['csrf_storage_method'] == 'session' && isset($_SESSION[$this->form_properties['csrf_cookie_name']]) && is_array($_SESSION[$this->form_properties['csrf_cookie_name']]) && count($_SESSION[$this->form_properties['csrf_cookie_name']]) == 2) { $this->form_properties['csrf_token'] = $_SESSION[$this->form_properties['csrf_cookie_name']][0]; } elseif (isset($method[$this->form_properties['identifier']]) && $force === false && $this->form_properties['csrf_storage_method'] == 'cookie' && isset($_COOKIE[$this->form_properties['csrf_cookie_name']])) { $this->form_properties['csrf_token'] = $_COOKIE[$this->form_properties['csrf_cookie_name']]; } elseif (!isset($method[$this->form_properties['identifier']]) || $force === true) { // generate a random token $this->form_properties['csrf_token'] = md5(uniqid(rand(), true)); // compute token expiry timestamp $csrf_token_expiry = $this->form_properties['csrf_token_lifetime'] == 0 ? 0 : time() + $this->form_properties['csrf_token_lifetime']; // if storage method is "session" if ($this->form_properties['csrf_storage_method'] == 'session') { // if no session is started, trigger an error message if (!isset($_SESSION)) { _myzebra_form_show_error('You have chosen to enable protection against cross-site request forgery (CSRF) attacks and to use sessions for storing the CSRF token, but a session is not started! Start a session prior to calling the "csrf()" method', E_USER_ERROR); } // if sessions are on, store the CSRF token and the expiration data in session $_SESSION[$this->form_properties['csrf_cookie_name']] = array($this->form_properties['csrf_token'], $csrf_token_expiry); // if storage method is "cookie" } else { // store the CSRF token in a cookie setcookie($this->form_properties['csrf_cookie_name'], $this->form_properties['csrf_token'], $csrf_token_expiry, $this->form_properties['csrf_cookie_config']['path'], $this->form_properties['csrf_cookie_config']['domain'], $this->form_properties['csrf_cookie_config']['secure'], $this->form_properties['csrf_cookie_config']['httponly']); } } } }
function doActions() { // if there are any actions to be performed when the form is valid // (file upload, resize, convert) $form_is_valid = true; if (isset($this->actions) && !empty($this->actions) && !$this->form->preview) { // iterate through the actions foreach ($this->actions as $actions) { // if the respective action (method) exists if (method_exists($this, $actions[0])) { // if the method was erroneous if (!call_user_func_array(array(&$this, $actions[0]), array_slice($actions, 1))) { // add error message to indicated error block //$this->form->add_error($actions['block'], $actions['message']); $this->form->add_error($this->attributes['id'], $actions['message']); // set the form as not being valid $form_is_valid = false; break; } // if the task (method) could not be found, trigger an error message } else { _myzebra_form_show_error('Method ' . $actions[0] . ' does not exist!', E_USER_ERROR); } } } return $form_is_valid; }
/** * Generates the control's HTML code. * * <i>This method is automatically called by the {@link MyZebra_Form::render() render()} method!</i> * * @return string The control's HTML code */ function _toHTML() { // all file upload controls must have the "upload" rule set or we trigger an error if (!isset($this->rules['upload'])) { _myzebra_form_show_error('The control named <strong>"' . $this->attributes['name'] . '"</strong> in form <strong>"' . $this->form_properties['name'] . '"</strong> must have the <em>"upload"</em> rule set', E_USER_ERROR); } // show the file upload control $output = '<input ' . $this->_render_attributes() . ($this->form_properties['doctype'] == 'xhtml' ? '/' : '') . '>'; if (isset($this->attributes['display_featured_html']) && !empty($this->attributes['display_featured_html'])) { $output .= '<div class="myzebra-featured-container">'; $output .= $this->attributes['display_featured_html']; $output .= '</div>'; } // return the generated output return $output; }