Path: blob/master/src/infrastructure/javelin/markup.php
12249 views
<?php12function javelin_tag(3$tag,4array $attributes = array(),5$content = null) {67if (isset($attributes['sigil']) ||8isset($attributes['meta']) ||9isset($attributes['mustcapture'])) {10foreach ($attributes as $k => $v) {11switch ($k) {12case 'sigil':13if ($v !== null) {14$attributes['data-sigil'] = $v;15}16unset($attributes[$k]);17break;18case 'meta':19if ($v !== null) {20$response = CelerityAPI::getStaticResourceResponse();21$id = $response->addMetadata($v);22$attributes['data-meta'] = $id;23}24unset($attributes[$k]);25break;26case 'mustcapture':27if ($v) {28$attributes['data-mustcapture'] = '1';29} else {30unset($attributes['data-mustcapture']);31}32unset($attributes[$k]);33break;34}35}36}3738if (isset($attributes['aural'])) {39if ($attributes['aural']) {40$class = idx($attributes, 'class', '');41$class = rtrim('aural-only '.$class);42$attributes['class'] = $class;43} else {44$class = idx($attributes, 'class', '');45$class = rtrim('visual-only '.$class);46$attributes['class'] = $class;47$attributes['aria-hidden'] = 'true';48}49unset($attributes['aural']);50}5152if (isset($attributes['print'])) {53if ($attributes['print']) {54$class = idx($attributes, 'class', '');55$class = rtrim('print-only '.$class);56$attributes['class'] = $class;5758// NOTE: Alternative print content is hidden from screen readers.59$attributes['aria-hidden'] = 'true';60} else {61$class = idx($attributes, 'class', '');62$class = rtrim('screen-only '.$class);63$attributes['class'] = $class;64}65unset($attributes['print']);66}676869return phutil_tag($tag, $attributes, $content);70}7172function phabricator_form(PhabricatorUser $user, $attributes, $content) {73$body = array();7475$http_method = idx($attributes, 'method');76$is_post = (strcasecmp($http_method, 'POST') === 0);7778$http_action = idx($attributes, 'action');79$is_absolute_uri = false;80if ($http_action != null) {81$is_absolute_uri = preg_match('#^(https?:|//)#', $http_action);82}8384if ($is_post) {8586// NOTE: We only include CSRF tokens if a URI is a local URI on the same87// domain. This is an important security feature and prevents forms which88// submit to foreign sites from leaking CSRF tokens.8990// In some cases, we may construct a fully-qualified local URI. For example,91// we can construct these for download links, depending on configuration.9293// These forms do not receive CSRF tokens, even though they safely could.94// This can be confusing, if you're developing for Phabricator and95// manage to construct a local form with a fully-qualified URI, since it96// won't get CSRF tokens and you'll get an exception at the other end of97// the request which is a bit disconnected from the actual root cause.9899// However, this is rare, and there are reasonable cases where this100// construction occurs legitimately, and the simplest fix is to omit CSRF101// tokens for these URIs in all cases. The error message you receive also102// gives you some hints as to this potential source of error.103104if (!$is_absolute_uri) {105$body[] = phutil_tag(106'input',107array(108'type' => 'hidden',109'name' => AphrontRequest::getCSRFTokenName(),110'value' => $user->getCSRFToken(),111));112113$body[] = phutil_tag(114'input',115array(116'type' => 'hidden',117'name' => '__form__',118'value' => true,119));120121// If the profiler was active for this request, keep it active for any122// forms submitted from this page.123if (DarkConsoleXHProfPluginAPI::isProfilerRequested()) {124$body[] = phutil_tag(125'input',126array(127'type' => 'hidden',128'name' => '__profile__',129'value' => true,130));131}132133}134}135136if (is_array($content)) {137$body = array_merge($body, $content);138} else {139$body[] = $content;140}141142return javelin_tag('form', $attributes, $body);143}144145146