1<?php 2 3/** 4 * forms.php - html form functions 5 * 6 * Functions to build HTML forms in a safe and consistent manner. 7 * All name, value attributes are htmlentitied. 8 * 9 * @link http://www.section508.gov/ Section 508 10 * @link http://www.w3.org/WAI/ Web Accessibility Initiative (WAI) 11 * @link http://www.w3.org/TR/html4/ W3.org HTML 4.01 form specs 12 * @copyright 2004-2021 The SquirrelMail Project Team 13 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 14 * @version $Id: forms.php 14885 2021-02-05 19:19:32Z pdontthink $ 15 * @package squirrelmail 16 * @subpackage forms 17 * @since 1.4.3 and 1.5.1 18 */ 19 20/** 21 * Helper function to create form fields, not to be called directly, 22 * only by other functions below. 23 */ 24function addInputField($type, $name = null, $value = null, $attributes = '') { 25 return '<input type="'.$type.'"'. 26 ($name !== null ? ' name="'.sm_encode_html_special_chars($name).'"' : ''). 27 ($name !== null && strpos($attributes, 'id="') === FALSE ? ' id="'.sm_encode_html_special_chars(strtr($name, '[]', '__')).'"' : ''). 28 ($value !== null ? ' value="'.sm_encode_html_special_chars($value).'"' : ''). 29 ' ' . $attributes . " />\n"; 30} 31 32/** 33 * Password input field 34 */ 35function addPwField($name , $value = null, $extra_attributes='') { 36 return addInputField('password', $name , $value, $extra_attributes); 37} 38 39 40/** 41 * Form checkbox 42 */ 43function addCheckBox($name, $checked = false, $value = null, $extra_attributes='') { 44 return addInputField('checkbox', $name, $value, 45 ($checked ? ' checked="checked"' : '') . $extra_attributes); 46} 47 48/** 49 * Form radio box 50 */ 51function addRadioBox($name, $checked = false, $value = null) { 52 return addInputField('radio', $name, $value, 53 ($checked ? ' checked="checked"' : '')); 54} 55 56/** 57 * A hidden form field. 58 */ 59function addHidden($name, $value) { 60 return addInputField('hidden', $name, $value); 61} 62 63/** 64 * An input textbox. 65 */ 66function addInput($name, $value = '', $size = 0, $maxlength = 0, $extra_attributes='') { 67 68 if ($size) { 69 $extra_attributes .= ' size="'.(int)$size.'"'; 70 } 71 if ($maxlength) { 72 $extra_attributes .= ' maxlength="'.(int)$maxlength .'"'; 73 } 74 75 return addInputField('text', $name, $value, $extra_attributes); 76} 77 78 79/** 80 * Function to create a selectlist from an array. 81 * Usage: 82 * name: html name attribute 83 * values: array ( key => value ) -> <option value="key">value</option> 84 * default: the key that will be selected 85 * usekeys: use the keys of the array as option value or not 86 */ 87function addSelect($name, $values, $default = null, $usekeys = false) 88{ 89 // only one element 90 if(count($values) == 1) { 91 $k = key($values); $v = array_pop($values); 92 return addHidden($name, ($usekeys ? $k:$v)). 93 sm_encode_html_special_chars($v) . "\n"; 94 } 95 96 $ret = '<select name="'.sm_encode_html_special_chars($name) 97 . ($name !== null ? '" id="'.sm_encode_html_special_chars(strtr($name, '[]', '__')).'"' : '"') 98 . ">\n"; 99 foreach ($values as $k => $v) { 100 if(!$usekeys) $k = $v; 101 $ret .= '<option value="' . 102 sm_encode_html_special_chars( $k ) . '"' . 103 (($default == $k) ? ' selected="selected"' : '') . 104 '>' . sm_encode_html_special_chars($v) ."</option>\n"; 105 } 106 $ret .= "</select>\n"; 107 108 return $ret; 109} 110 111/** 112 * Form submission button 113 * Note the switched value/name parameters! 114 */ 115function addSubmit($value, $name = null, $extra_attributes='') { 116 return addInputField('submit', $name, $value, $extra_attributes); 117} 118/** 119 * Form reset button, $value = caption 120 */ 121function addReset($value) { 122 return addInputField('reset', null, $value); 123} 124 125/** 126 * Textarea form element. 127 */ 128function addTextArea($name, $text = '', $cols = 40, $rows = 10, $attr = '') { 129 return '<textarea name="'.sm_encode_html_special_chars($name).'" '. 130 ($name !== null && strpos($attr, 'id="') === FALSE ? 'id="'.sm_encode_html_special_chars(strtr($name, '[]', '__')).'" ' : ' '). 131 'rows="'.(int)$rows .'" cols="'.(int)$cols.'" '. 132 $attr . '>'. "\n" . sm_encode_html_special_chars($text) ."</textarea>\n"; 133} 134 135/** 136 * Make a <form> start-tag. 137 * 138 * @param string $action 139 * @param string $method 140 * @param string $name 141 * @param string $enctype 142 * @param string $charset 143 * @param string $extra Any other attributes can be added with this parameter; 144 * they should use double quotes around attribute values 145 * (OPTIONAL; default empty) 146 * @param mixed $add_token When given as a string or as boolean TRUE, a hidden 147 * input is also added to the form containing a security 148 * token. When given as TRUE, the input name is "smtoken"; 149 * otherwise the name is the string that is given for this 150 * parameter. When FALSE, no hidden token input field is 151 * added. (OPTIONAL; default not used) 152 * 153 */ 154function addForm($action, $method = 'post', $name = '', $enctype = '', $charset = '', $extra = '', $add_token = FALSE) 155{ 156 if($name) { 157 $name = ' name="'.$name.'"'; 158 } 159 if($enctype) { 160 $enctype = ' enctype="'.$enctype.'"'; 161 } 162 if($charset) { 163 $charset = ' accept-charset="'.sm_encode_html_special_chars($charset).'"'; 164 } 165 166 $form_string = '<form action="'. $action .'" method="'. $method .'"'. 167 $enctype . $name . $charset . ' ' . $extra . " >\n"; 168 169 if($add_token) { 170 $form_string .= '<input type="hidden" value="' . sm_generate_security_token() 171 . '" name="' . (is_string($add_token) ? $add_token : 'smtoken') 172 . "\" />\n"; 173 } 174 175 return $form_string; 176} 177 178