form_open enhancments (reusing existing code)

nowackipawel · web-flow · commit 4d6773e42015 · 2018-12-27T20:33:58.000+01:00
Allows to pass the ID of CSRF field as a key of form_open $attribute arr.
`form_open(['csrf_id' =&gt; 'id-foo-bar']);`
diff --git a/system/Helpers/form_helper.php b/system/Helpers/form_helper.php
@@ -65,6 +65,12 @@ function form_open(string $action = '', $attributes = [], array $hidden = []): s
 			$action = site_url($action);
 		}
 
+		if(is_array($attributes) && array_key_exists('csrf_id', $attributes))
+		{
+			$csrf_id = $attributes['csrf_id'];
+			unset($attributes['csrf_id']);
+		}
+
 		$attributes = stringify_attributes($attributes);
 
 		if (stripos($attributes, 'method=') === false)
@@ -82,17 +88,16 @@ function form_open(string $action = '', $attributes = [], array $hidden = []): s
 		// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
 		$before = Services::filters()->getFilters()['before'];
 
-		if ((in_array('csrf', $before) || array_key_exists('csrf', $before)) && strpos($action, base_url()) !== false && ! stripos($form, 'method="get"')
-		)
+		if ((in_array('csrf', $before) || array_key_exists('csrf', $before)) && strpos($action, base_url()) !== false && ! stripos($form, 'method="get"'))
 		{
-			$hidden[csrf_token()] = csrf_hash();
+			$form .= csrf_field($csrf_id ?? null);
 		}
 
 		if (is_array($hidden))
 		{
 			foreach ($hidden as $name => $value)
 			{
-				$form .= '<input type="hidden" name="' . $name . '" value="' . esc($value, 'html') . '" style="display: none;" />' . "\n";
+				$form .= form_hidden($name, $value);
 			}
 		}
 
@@ -167,7 +172,7 @@ function form_hidden($name, $value = '', bool $recursing = false): string
 
 		if (! is_array($value))
 		{
-			$form .= '<input type="hidden" name="' . $name . '" value="' . esc($value, 'html') . "\" />\n";
+			$form .= '<input type="hidden" name="' . $name . '" value="' . esc($value, 'html') . "\" style="display:none;" />\n";
 		}
 		else
 		{

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,12 @@ function form_open(string $action = '', $attributes = [], array $hidden = []): s`
`65`	`65`	`$action = site_url($action);`
`66`	`66`	`}`
`67`	`67`
	`68`	`+ if(is_array($attributes) && array_key_exists('csrf_id', $attributes))`
	`69`	`+ {`
	`70`	`+ $csrf_id = $attributes['csrf_id'];`
	`71`	`+ unset($attributes['csrf_id']);`
	`72`	`+ }`
	`73`	`+`
`68`	`74`	`$attributes = stringify_attributes($attributes);`
`69`	`75`
`70`	`76`	`if (stripos($attributes, 'method=') === false)`
`@@ -82,17 +88,16 @@ function form_open(string $action = '', $attributes = [], array $hidden = []): s`
`82`	`88`	`// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites`
`83`	`89`	`$before = Services::filters()->getFilters()['before'];`
`84`	`90`
`85`		`- if ((in_array('csrf', $before) \|\| array_key_exists('csrf', $before)) && strpos($action, base_url()) !== false && ! stripos($form, 'method="get"')`
`86`		`- )`
	`91`	`+ if ((in_array('csrf', $before) \|\| array_key_exists('csrf', $before)) && strpos($action, base_url()) !== false && ! stripos($form, 'method="get"'))`
`87`	`92`	`{`
`88`		`- $hidden[csrf_token()] = csrf_hash();`
	`93`	`+ $form .= csrf_field($csrf_id ?? null);`
`89`	`94`	`}`
`90`	`95`
`91`	`96`	`if (is_array($hidden))`
`92`	`97`	`{`
`93`	`98`	`foreach ($hidden as $name => $value)`
`94`	`99`	`{`
`95`		`- $form .= '<input type="hidden" name="' . $name . '" value="' . esc($value, 'html') . '" style="display: none;" />' . "\n";`
	`100`	`+ $form .= form_hidden($name, $value);`
`96`	`101`	`}`
`97`	`102`	`}`
`98`	`103`
`@@ -167,7 +172,7 @@ function form_hidden($name, $value = '', bool $recursing = false): string`
`167`	`172`
`168`	`173`	`if (! is_array($value))`
`169`	`174`	`{`
`170`		`- $form .= '<input type="hidden" name="' . $name . '" value="' . esc($value, 'html') . "\" />\n";`
	`175`	`+ $form .= '<input type="hidden" name="' . $name . '" value="' . esc($value, 'html') . "\" style="display:none;" />\n";`
`171`	`176`	`}`
`172`	`177`	`else`
`173`	`178`	`{`