/** * Form Declaration * * Creates the opening portion of the form. * * Modified to accomodate HTTPS actions * * @param string the URI segments of the form destination * @param array a key/value pair of attributes * @param array a key/value pair hidden data */ function form_open($action = '', $attributes = '', $hidden = array()) { $CI =& get_instance(); if ($attributes == '') { $attributes = 'method="post"'; } // If an action is not a full URL then turn it into one if ($action && strpos($action, '://') === FALSE) { $action = if_secure_site_url($action); } // If no action is provided then set to the current url $action or $action = if_secure_site_url($CI->uri->uri_string()); $form = '<form action="' . $action . '"'; $form .= _attributes_to_string($attributes, TRUE); $form .= '>'; // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites if ($CI->config->item('csrf_protection') === TRUE and !(strpos($action, if_secure_base_url()) === FALSE or strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } // Add MY CSRF token if MY CSRF library is loaded if ($CI->load->is_loaded('tokens') and !(strpos($action, if_secure_base_url()) === FALSE or strpos($form, 'method="get"'))) { $hidden[$CI->tokens->name] = $CI->tokens->token(); } if (is_array($hidden) and count($hidden) > 0) { $form .= sprintf("<div style=\"display:none\">%s</div>", form_hidden($hidden)); } return $form; }
function form_open($action = '', $attributes = array(), $hidden = array()) { $CI =& get_instance(); // If no action is provided then set to the current url if (!$action) { $action = current_url($action); } elseif (strpos($action, '://') === FALSE) { $action = if_secure_site_url($action); } $attributes = _attributes_to_string($attributes); if (stripos($attributes, 'method=') === FALSE) { $attributes .= ' method="post"'; } if (stripos($attributes, 'accept-charset=') === FALSE) { $attributes .= ' accept-charset="' . strtolower(config_item('charset')) . '"'; } $form = '<form action="' . $action . '"' . $attributes . ">\n"; // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites if ($CI->config->item('csrf_protection') === TRUE && strpos($action, if_secure_base_url()) !== FALSE && !stripos($form, 'method="get"')) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } // Add MY CSRF token if MY CSRF library is loaded if ($CI->load->is_loaded('tokens') && strpos($action, if_secure_base_url()) !== FALSE && !stripos($form, 'method="get"')) { $hidden[$CI->tokens->name] = $CI->tokens->token(); } if (is_array($hidden)) { foreach ($hidden as $name => $value) { $form .= '<input type="hidden" name="' . $name . '" value="' . html_escape($value) . '" style="display:none;" />' . "\n"; } } return $form; }
} else { // Default option if not POST request $vehicle_colors[] = '-- Select Type --'; } } } echo form_dropdown('color', $vehicle_colors, set_value('color'), 'id="color" class="form_select"'); ?> </div> <input type="hidden" id="ci_csrf_token_name" value="<?php echo config_item('csrf_token_name'); ?> " /> <input type="hidden" id="ajax_url" value="<?php echo if_secure_site_url('auto_populate/process_request/example'); ?> " /> </fieldset> <div class="form-row"> <div id="submit_box"> <?php // SUBMIT BUTTON *********************** $input_data = array('name' => 'submit', 'id' => 'submit_button', 'value' => 'Submit'); echo form_submit($input_data); ?> </div> </div> </div>