public function open($action = NULL, $attributes = NULL) { $this->check_prepared(); $out = HTML::open($action, $attributes); $is_post = $attributes === null || !isset($attributes['method']) || strcasecmp($attributes['method'], 'post') === 0; if (\Mii::$app->request->сsrf_validation && $is_post) { $out .= HTML::hidden(\Mii::$app->request->csrf_token_name, \Mii::$app->request->csrf_token()); } return $out; }