form.php
1.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php
/**
* @package Joomla.Libraries
* @subpackage HTML
*
* @copyright Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('JPATH_PLATFORM') or die;
use Joomla\Utilities\ArrayHelper;
/**
* Utility class for form elements
*
* @since 1.5
*/
abstract class JHtmlForm
{
/**
* Array containing information for loaded files.
*
* @var array
*
* @since 3.8.0
*/
protected static $loaded = array();
/**
* Displays a hidden token field to reduce the risk of CSRF exploits
*
* Use in conjunction with JSession::checkToken()
*
* @param array $attribs Input element attributes.
*
* @return string A hidden input field with a token
*
* @see JSession::checkToken()
* @since 1.5
*/
public static function token(array $attribs = array())
{
$attributes = '';
if ($attribs !== array())
{
$attributes .= ' ' . ArrayHelper::toString($attribs);
}
return '<input type="hidden" name="' . JSession::getFormToken() . '" value="1"' . $attributes . ' />';
}
/**
* Add CSRF form token to Joomla script options that developers can get it by Javascript.
*
* @param string $name The script option key name.
*
* @return void
*
* @since 3.8.0
*/
public static function csrf($name = 'csrf.token')
{
if (isset(static::$loaded[__METHOD__][$name]))
{
return;
}
/** @var JDocumentHtml $doc */
$doc = JFactory::getDocument();
if (!$doc instanceof JDocumentHtml || $doc->getType() !== 'html')
{
return;
}
$doc->addScriptOptions($name, JSession::getFormToken());
static::$loaded[__METHOD__][$name] = true;
}
}