case 'add': if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) { api_not_allowed(); } $url = api_get_self() . '?action=' . Security::remove_XSS($_GET['action']) . '&' . $params; $form = $obj->return_form($url, 'add'); // The validation or display if ($form->validate()) { if ($check) { $values = $form->exportValues(); $res = $obj->save_one_item($values); if ($res) { Display::display_confirmation_message(get_lang('ItemAdded')); } } $obj->display(); } else { /*echo '<div class="actions">'; echo '<a href="'.api_get_self().'">'.Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM).'</a>'; echo '</div>'; */ $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $form->display(); } break; case 'edit': // Action handling: Editing $url = api_get_self() . '?action=' . Security::remove_XSS($_GET['action']) . '&id=' . intval($_GET['id']) . '&' . $params; $form = $obj->return_form($url, 'edit'); // The validation or display if ($form->validate()) {