2007-09-16 01:52:35 +00:00
|
|
|
<?php
|
2016-06-15 16:03:16 +12:00
|
|
|
|
2016-08-19 10:51:35 +12:00
|
|
|
namespace SilverStripe\Forms;
|
|
|
|
|
|
|
|
use SilverStripe\Control\Controller;
|
|
|
|
use SilverStripe\Control\Director;
|
|
|
|
use SilverStripe\Control\HTTP;
|
2016-12-28 13:52:49 +00:00
|
|
|
use SilverStripe\Control\HTTPRequest;
|
|
|
|
use SilverStripe\Control\HTTPResponse;
|
|
|
|
use SilverStripe\Control\HTTPResponse_Exception;
|
2016-08-19 10:51:35 +12:00
|
|
|
use SilverStripe\Control\RequestHandler;
|
2016-12-28 13:52:49 +00:00
|
|
|
use SilverStripe\Control\Session;
|
|
|
|
use SilverStripe\Core\Convert;
|
|
|
|
use SilverStripe\Core\Injector\Injector;
|
2016-08-19 10:51:35 +12:00
|
|
|
use SilverStripe\Dev\Deprecation;
|
2016-06-23 11:37:22 +12:00
|
|
|
use SilverStripe\ORM\DataObject;
|
2016-06-15 16:03:16 +12:00
|
|
|
use SilverStripe\ORM\DataObjectInterface;
|
2016-08-19 10:51:35 +12:00
|
|
|
use SilverStripe\ORM\FieldType\DBHTMLText;
|
2016-06-23 11:37:22 +12:00
|
|
|
use SilverStripe\ORM\SS_List;
|
2016-11-23 18:09:10 +13:00
|
|
|
use SilverStripe\ORM\ValidationException;
|
|
|
|
use SilverStripe\ORM\ValidationResult;
|
2016-06-23 11:37:22 +12:00
|
|
|
use SilverStripe\Security\NullSecurityToken;
|
2016-12-28 13:52:49 +00:00
|
|
|
use SilverStripe\Security\SecurityToken;
|
2016-08-19 10:51:35 +12:00
|
|
|
use SilverStripe\View\SSViewer;
|
2016-06-23 11:37:22 +12:00
|
|
|
|
2007-07-19 10:40:28 +00:00
|
|
|
/**
|
|
|
|
* Base class for all forms.
|
2012-03-24 16:38:57 +13:00
|
|
|
* The form class is an extensible base for all forms on a SilverStripe application. It can be used
|
2007-07-19 10:40:28 +00:00
|
|
|
* either by extending it, and creating processor methods on the subclass, or by creating instances
|
|
|
|
* of form whose actions are handled by the parent controller.
|
2007-09-16 01:52:35 +00:00
|
|
|
*
|
|
|
|
* In either case, if you want to get a form to do anything, it must be inextricably tied to a
|
2007-07-19 10:40:28 +00:00
|
|
|
* controller. The constructor is passed a controller and a method on that controller. This method
|
|
|
|
* should return the form object, and it shouldn't require any arguments. Parameters, if necessary,
|
|
|
|
* can be passed using the URL or get variables. These restrictions are in place so that we can
|
|
|
|
* recreate the form object upon form submission, without the use of a session, which would be too
|
|
|
|
* resource-intensive.
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
2008-10-01 18:32:10 +00:00
|
|
|
* You will need to create at least one method for processing the submission (through {@link FormAction}).
|
|
|
|
* This method will be passed two parameters: the raw request data, and the form object.
|
|
|
|
* Usually you want to save data into a {@link DataObject} by using {@link saveInto()}.
|
|
|
|
* If you want to process the submitted data in any way, please use {@link getData()} rather than
|
|
|
|
* the raw request data.
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
2009-07-06 22:06:42 +00:00
|
|
|
* <h2>Validation</h2>
|
2009-01-07 23:00:54 +00:00
|
|
|
* Each form needs some form of {@link Validator} to trigger the {@link FormField->validate()} methods for each field.
|
2012-09-27 09:34:00 +12:00
|
|
|
* You can't disable validator for security reasons, because crucial behaviour like extension checks for file uploads
|
|
|
|
* depend on it.
|
2009-01-07 23:00:54 +00:00
|
|
|
* The default validator is an instance of {@link RequiredFields}.
|
|
|
|
* If you want to enforce serverside-validation to be ignored for a specific {@link FormField},
|
|
|
|
* you need to subclass it.
|
2007-07-19 10:40:28 +00:00
|
|
|
*
|
2009-07-06 22:06:42 +00:00
|
|
|
* <h2>URL Handling</h2>
|
|
|
|
* The form class extends {@link RequestHandler}, which means it can
|
|
|
|
* be accessed directly through a URL. This can be handy for refreshing
|
|
|
|
* a form by ajax, or even just displaying a single form field.
|
|
|
|
* You can find out the base URL for your form by looking at the
|
|
|
|
* <form action="..."> value. For example, the edit form in the CMS would be located at
|
|
|
|
* "admin/EditForm". This URL will render the form without its surrounding
|
2014-08-15 18:53:05 +12:00
|
|
|
* template when called through GET instead of POST.
|
|
|
|
*
|
2015-06-12 10:28:32 +12:00
|
|
|
* By appending to this URL, you can render individual form elements
|
2009-07-06 22:06:42 +00:00
|
|
|
* through the {@link FormField->FieldHolder()} method.
|
|
|
|
* For example, the "URLSegment" field in a standard CMS form would be
|
|
|
|
* accessible through "admin/EditForm/field/URLSegment/FieldHolder".
|
2007-07-19 10:40:28 +00:00
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
class Form extends RequestHandler
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
use FormMessage;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Form submission data is URL encoded
|
|
|
|
*/
|
|
|
|
const ENC_TYPE_URLENCODED = 'application/x-www-form-urlencoded';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Form submission data is multipart form
|
|
|
|
*/
|
|
|
|
const ENC_TYPE_MULTIPART = 'multipart/form-data';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Accessed by Form.ss; modified by {@link formHtmlContent()}.
|
|
|
|
* A performance enhancement over the generate-the-form-tag-and-then-remove-it code that was there previously
|
|
|
|
*
|
|
|
|
* @var bool
|
|
|
|
*/
|
|
|
|
public $IncludeFormTag = true;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var FieldList
|
|
|
|
*/
|
|
|
|
protected $fields;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var FieldList
|
|
|
|
*/
|
|
|
|
protected $actions;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var Controller
|
|
|
|
*/
|
|
|
|
protected $controller;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $name;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var Validator
|
|
|
|
*/
|
|
|
|
protected $validator;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var callable {@see setValidationResponseCallback()}
|
|
|
|
*/
|
|
|
|
protected $validationResponseCallback;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $formMethod = "POST";
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var boolean
|
|
|
|
*/
|
|
|
|
protected $strictFormMethodCheck = false;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var DataObject|null $record Populated by {@link loadDataFrom()}.
|
|
|
|
*/
|
|
|
|
protected $record;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Keeps track of whether this form has a default action or not.
|
|
|
|
* Set to false by $this->disableDefaultAction();
|
|
|
|
*
|
|
|
|
* @var boolean
|
|
|
|
*/
|
|
|
|
protected $hasDefaultAction = true;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Target attribute of form-tag.
|
|
|
|
* Useful to open a new window upon
|
|
|
|
* form submission.
|
|
|
|
*
|
|
|
|
* @var string|null
|
|
|
|
*/
|
|
|
|
protected $target;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Legend value, to be inserted into the
|
|
|
|
* <legend> element before the <fieldset>
|
|
|
|
* in Form.ss template.
|
|
|
|
*
|
|
|
|
* @var string|null
|
|
|
|
*/
|
|
|
|
protected $legend;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The SS template to render this form HTML into.
|
|
|
|
* Default is "Form", but this can be changed to
|
|
|
|
* another template for customisation.
|
|
|
|
*
|
|
|
|
* @see Form->setTemplate()
|
|
|
|
* @var string|null
|
|
|
|
*/
|
|
|
|
protected $template;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var callable|null
|
|
|
|
*/
|
|
|
|
protected $buttonClickedFunc;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Should we redirect the user back down to the
|
|
|
|
* the form on validation errors rather then just the page
|
|
|
|
*
|
|
|
|
* @var bool
|
|
|
|
*/
|
|
|
|
protected $redirectToFormOnValidationError = false;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var bool
|
|
|
|
*/
|
|
|
|
protected $security = true;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var SecurityToken|null
|
|
|
|
*/
|
|
|
|
protected $securityToken = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var array $extraClasses List of additional CSS classes for the form tag.
|
|
|
|
*/
|
|
|
|
protected $extraClasses = array();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @config
|
|
|
|
* @var array $default_classes The default classes to apply to the Form
|
|
|
|
*/
|
|
|
|
private static $default_classes = array();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var string|null
|
|
|
|
*/
|
|
|
|
protected $encType;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var array Any custom form attributes set through {@link setAttributes()}.
|
|
|
|
* Some attributes are calculated on the fly, so please use {@link getAttributes()} to access them.
|
|
|
|
*/
|
|
|
|
protected $attributes = array();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected $validationExemptActions = array();
|
|
|
|
|
|
|
|
private static $allowed_actions = array(
|
|
|
|
'handleField',
|
|
|
|
'httpSubmission',
|
|
|
|
'forTemplate',
|
|
|
|
);
|
|
|
|
|
|
|
|
private static $casting = array(
|
|
|
|
'AttributesHTML' => 'HTMLFragment',
|
|
|
|
'FormAttributes' => 'HTMLFragment',
|
|
|
|
'FormName' => 'Text',
|
|
|
|
'Legend' => 'HTMLFragment',
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var FormTemplateHelper
|
|
|
|
*/
|
|
|
|
private $templateHelper = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @ignore
|
|
|
|
*/
|
|
|
|
private $htmlID = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @ignore
|
|
|
|
*/
|
|
|
|
private $formActionPath = false;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var bool
|
|
|
|
*/
|
|
|
|
protected $securityTokenAdded = false;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new form, with the given fields an action buttons.
|
|
|
|
*
|
|
|
|
* @param Controller $controller The parent controller, necessary to create the appropriate form action tag.
|
|
|
|
* @param string $name The method on the controller that will return this form object.
|
|
|
|
* @param FieldList $fields All of the fields in the form - a {@link FieldList} of {@link FormField} objects.
|
|
|
|
* @param FieldList $actions All of the action buttons in the form - a {@link FieldLis} of
|
|
|
|
* {@link FormAction} objects
|
|
|
|
* @param Validator|null $validator Override the default validator instance (Default: {@link RequiredFields})
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function __construct($controller, $name, FieldList $fields, FieldList $actions, Validator $validator = null)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
parent::__construct();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
$fields->setForm($this);
|
|
|
|
$actions->setForm($this);
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->fields = $fields;
|
|
|
|
$this->actions = $actions;
|
|
|
|
$this->controller = $controller;
|
|
|
|
$this->setName($name);
|
2016-11-29 12:31:16 +13:00
|
|
|
|
|
|
|
if (!$this->controller) {
|
|
|
|
user_error("$this->class form created without a controller", E_USER_ERROR);
|
|
|
|
}
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Form validation
|
|
|
|
$this->validator = ($validator) ? $validator : new RequiredFields();
|
|
|
|
$this->validator->setForm($this);
|
|
|
|
|
|
|
|
// Form error controls
|
|
|
|
$this->restoreFormState();
|
|
|
|
|
|
|
|
// Check if CSRF protection is enabled, either on the parent controller or from the default setting. Note that
|
|
|
|
// method_exists() is used as some controllers (e.g. GroupTest) do not always extend from Object.
|
|
|
|
if (method_exists($controller, 'securityTokenEnabled') || (method_exists($controller, 'hasMethod')
|
|
|
|
&& $controller->hasMethod('securityTokenEnabled'))) {
|
|
|
|
$securityEnabled = $controller->securityTokenEnabled();
|
|
|
|
} else {
|
|
|
|
$securityEnabled = SecurityToken::is_enabled();
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->securityToken = ($securityEnabled) ? new SecurityToken() : new NullSecurityToken();
|
|
|
|
|
|
|
|
$this->setupDefaultClasses();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private static $url_handlers = array(
|
|
|
|
'field/$FieldName!' => 'handleField',
|
|
|
|
'POST ' => 'httpSubmission',
|
|
|
|
'GET ' => 'httpSubmission',
|
|
|
|
'HEAD ' => 'httpSubmission',
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Load form state from session state
|
|
|
|
* @return $this
|
|
|
|
*/
|
|
|
|
public function restoreFormState()
|
|
|
|
{
|
|
|
|
// Restore messages
|
|
|
|
$result = $this->getSessionValidationResult();
|
|
|
|
if (isset($result)) {
|
|
|
|
$this->loadMessagesFrom($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
// load data in from previous submission upon error
|
|
|
|
$data = $this->getSessionData();
|
|
|
|
if (isset($data)) {
|
|
|
|
$this->loadDataFrom($data);
|
|
|
|
}
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Flush persistant form state details
|
|
|
|
*/
|
|
|
|
public function clearFormState()
|
|
|
|
{
|
|
|
|
Session::clear("FormInfo.{$this->FormName()}.result");
|
|
|
|
Session::clear("FormInfo.{$this->FormName()}.data");
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return any form data stored in the session
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function getSessionData()
|
|
|
|
{
|
|
|
|
return Session::get("FormInfo.{$this->FormName()}.data");
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Store the given form data in the session
|
|
|
|
*
|
|
|
|
* @param array $data
|
|
|
|
*/
|
|
|
|
public function setSessionData($data)
|
|
|
|
{
|
|
|
|
Session::set("FormInfo.{$this->FormName()}.data", $data);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return any ValidationResult instance stored for this object
|
|
|
|
*
|
|
|
|
* @return ValidationResult The ValidationResult object stored in the session
|
|
|
|
*/
|
|
|
|
public function getSessionValidationResult()
|
|
|
|
{
|
|
|
|
$resultData = Session::get("FormInfo.{$this->FormName()}.result");
|
|
|
|
if (isset($resultData)) {
|
|
|
|
return unserialize($resultData);
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the ValidationResult in the session to be used with the next view of this form.
|
|
|
|
* @param ValidationResult $result The result to save
|
|
|
|
* @param bool $combineWithExisting If true, then this will be added to the existing result.
|
|
|
|
*/
|
|
|
|
public function setSessionValidationResult(ValidationResult $result, $combineWithExisting = false)
|
|
|
|
{
|
|
|
|
// Combine with existing result
|
|
|
|
if ($combineWithExisting) {
|
|
|
|
$existingResult = $this->getSessionValidationResult();
|
|
|
|
if ($existingResult) {
|
|
|
|
if ($result) {
|
|
|
|
$existingResult->combineAnd($result);
|
|
|
|
} else {
|
|
|
|
$result = $existingResult;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Serialise
|
|
|
|
$resultData = $result ? serialize($result) : null;
|
|
|
|
Session::set("FormInfo.{$this->FormName()}.result", $resultData);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function clearMessage()
|
|
|
|
{
|
|
|
|
$this->setMessage(null);
|
|
|
|
$this->clearFormState();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Populate this form with messages from the given ValidationResult.
|
|
|
|
* Note: This will not clear any pre-existing messages
|
|
|
|
*
|
|
|
|
* @param ValidationResult $result
|
|
|
|
* @return $this
|
|
|
|
*/
|
|
|
|
public function loadMessagesFrom($result)
|
|
|
|
{
|
|
|
|
// Set message on either a field or the parent form
|
|
|
|
foreach ($result->getMessages() as $message) {
|
|
|
|
$fieldName = $message['fieldName'];
|
|
|
|
if ($fieldName) {
|
|
|
|
$owner = $this->fields->dataFieldByName($fieldName) ?: $this;
|
|
|
|
} else {
|
|
|
|
$owner = $this;
|
|
|
|
}
|
|
|
|
$owner->setMessage($message['message'], $message['messageType'], $message['messageCast']);
|
|
|
|
}
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set message on a given field name. This message will not persist via redirect.
|
|
|
|
*
|
|
|
|
* @param string $fieldName
|
|
|
|
* @param string $message
|
|
|
|
* @param string $messageType
|
|
|
|
* @param string $messageCast
|
|
|
|
* @return $this
|
|
|
|
*/
|
|
|
|
public function setFieldMessage(
|
|
|
|
$fieldName,
|
|
|
|
$message,
|
|
|
|
$messageType = ValidationResult::TYPE_ERROR,
|
|
|
|
$messageCast = ValidationResult::CAST_TEXT
|
|
|
|
) {
|
|
|
|
$field = $this->fields->dataFieldByName($fieldName);
|
|
|
|
if ($field) {
|
|
|
|
$field->setMessage($message, $messageType, $messageCast);
|
|
|
|
}
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function castingHelper($field)
|
|
|
|
{
|
|
|
|
// Override casting for field message
|
|
|
|
if (strcasecmp($field, 'Message') === 0 && ($helper = $this->getMessageCastingHelper())) {
|
|
|
|
return $helper;
|
|
|
|
}
|
|
|
|
return parent::castingHelper($field);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* set up the default classes for the form. This is done on construct so that the default classes can be removed
|
|
|
|
* after instantiation
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
protected function setupDefaultClasses()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$defaultClasses = self::config()->get('default_classes');
|
|
|
|
if ($defaultClasses) {
|
|
|
|
foreach ($defaultClasses as $class) {
|
|
|
|
$this->addExtraClass($class);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handle a form submission. GET and POST requests behave identically.
|
|
|
|
* Populates the form with {@link loadDataFrom()}, calls {@link validate()},
|
|
|
|
* and only triggers the requested form action/method
|
|
|
|
* if the form is valid.
|
|
|
|
*
|
|
|
|
* @param HTTPRequest $request
|
|
|
|
* @return HTTPResponse
|
|
|
|
* @throws HTTPResponse_Exception
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function httpSubmission($request)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
// Strict method check
|
|
|
|
if ($this->strictFormMethodCheck) {
|
|
|
|
// Throws an error if the method is bad...
|
|
|
|
if ($this->formMethod != $request->httpMethod()) {
|
|
|
|
$response = Controller::curr()->getResponse();
|
|
|
|
$response->addHeader('Allow', $this->formMethod);
|
|
|
|
$this->httpError(405, _t("Form.BAD_METHOD", "This form requires a ".$this->formMethod." submission"));
|
|
|
|
}
|
|
|
|
|
|
|
|
// ...and only uses the variables corresponding to that method type
|
|
|
|
$vars = $this->formMethod == 'GET' ? $request->getVars() : $request->postVars();
|
|
|
|
} else {
|
|
|
|
$vars = $request->requestVars();
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-29 12:45:41 +00:00
|
|
|
// Ensure we only process saveable fields (non structural, readonly, or disabled)
|
|
|
|
$allowedFields = array_keys($this->Fields()->saveableFields());
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Populate the form
|
2016-11-29 12:45:41 +00:00
|
|
|
$this->loadDataFrom($vars, true, $allowedFields);
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Protection against CSRF attacks
|
|
|
|
// @todo Move this to SecurityTokenField::validate()
|
|
|
|
$token = $this->getSecurityToken();
|
|
|
|
if (! $token->checkRequest($request)) {
|
|
|
|
$securityID = $token->getName();
|
|
|
|
if (empty($vars[$securityID])) {
|
2016-11-29 12:31:16 +13:00
|
|
|
$this->httpError(400, _t(
|
|
|
|
"Form.CSRF_FAILED_MESSAGE",
|
2016-11-23 18:09:10 +13:00
|
|
|
"There seems to have been a technical problem. Please click the back button, ".
|
|
|
|
"refresh your browser, and try again."
|
|
|
|
));
|
|
|
|
} else {
|
|
|
|
// Clear invalid token on refresh
|
|
|
|
$this->clearFormState();
|
|
|
|
$data = $this->getData();
|
|
|
|
unset($data[$securityID]);
|
|
|
|
$this->setSessionData($data);
|
|
|
|
$this->sessionError(_t(
|
|
|
|
"Form.CSRF_EXPIRED_MESSAGE",
|
|
|
|
"Your session has expired. Please re-submit the form."
|
|
|
|
));
|
|
|
|
|
|
|
|
// Return the user
|
|
|
|
return $this->controller->redirectBack();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Determine the action button clicked
|
|
|
|
$funcName = null;
|
|
|
|
foreach ($vars as $paramName => $paramVal) {
|
|
|
|
if (substr($paramName, 0, 7) == 'action_') {
|
|
|
|
// Break off querystring arguments included in the action
|
|
|
|
if (strpos($paramName, '?') !== false) {
|
|
|
|
list($paramName, $paramVars) = explode('?', $paramName, 2);
|
|
|
|
$newRequestParams = array();
|
|
|
|
parse_str($paramVars, $newRequestParams);
|
|
|
|
$vars = array_merge((array)$vars, (array)$newRequestParams);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Cleanup action_, _x and _y from image fields
|
|
|
|
$funcName = preg_replace(array('/^action_/','/_x$|_y$/'), '', $paramName);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the action wasn't set, choose the default on the form.
|
|
|
|
if (!isset($funcName) && $defaultAction = $this->defaultAction()) {
|
|
|
|
$funcName = $defaultAction->actionName();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($funcName)) {
|
|
|
|
$this->setButtonClicked($funcName);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Permission checks (first on controller, then falling back to form)
|
2016-11-29 12:31:16 +13:00
|
|
|
if (// Ensure that the action is actually a button or method on the form,
|
2016-11-23 18:09:10 +13:00
|
|
|
// and not just a method on the controller.
|
|
|
|
$this->controller->hasMethod($funcName)
|
|
|
|
&& !$this->controller->checkAccessAction($funcName)
|
|
|
|
// If a button exists, allow it on the controller
|
|
|
|
// buttonClicked() validates that the action set above is valid
|
|
|
|
&& !$this->buttonClicked()
|
|
|
|
) {
|
|
|
|
return $this->httpError(
|
|
|
|
403,
|
|
|
|
sprintf('Action "%s" not allowed on controller (Class: %s)', $funcName, get_class($this->controller))
|
|
|
|
);
|
2016-11-29 12:31:16 +13:00
|
|
|
} elseif ($this->hasMethod($funcName)
|
2016-11-23 18:09:10 +13:00
|
|
|
&& !$this->checkAccessAction($funcName)
|
|
|
|
// No checks for button existence or $allowed_actions is performed -
|
|
|
|
// all form methods are callable (e.g. the legacy "callfieldmethod()")
|
|
|
|
) {
|
|
|
|
return $this->httpError(
|
|
|
|
403,
|
|
|
|
sprintf('Action "%s" not allowed on form (Name: "%s")', $funcName, $this->name)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Action handlers may throw ValidationExceptions.
|
|
|
|
try {
|
|
|
|
// Or we can use the Valiator attached to the form
|
|
|
|
$result = $this->validationResult();
|
|
|
|
if (!$result->isValid()) {
|
|
|
|
return $this->getValidationErrorResponse($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
// First, try a handler method on the controller (has been checked for allowed_actions above already)
|
|
|
|
if ($this->controller->hasMethod($funcName)) {
|
|
|
|
return $this->controller->$funcName($vars, $this, $request);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Otherwise, try a handler method on the form object.
|
|
|
|
if ($this->hasMethod($funcName)) {
|
|
|
|
return $this->$funcName($vars, $this, $request);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for inline actions
|
|
|
|
if ($field = $this->checkFieldsForAction($this->Fields(), $funcName)) {
|
|
|
|
return $field->$funcName($vars, $this, $request);
|
|
|
|
}
|
|
|
|
} catch (ValidationException $e) {
|
|
|
|
// The ValdiationResult contains all the relevant metadata
|
|
|
|
$result = $e->getResult();
|
|
|
|
$this->loadMessagesFrom($result);
|
|
|
|
return $this->getValidationErrorResponse($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->httpError(404);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param string $action
|
|
|
|
* @return bool
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function checkAccessAction($action)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if (parent::checkAccessAction($action)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
$actions = $this->getAllActions();
|
|
|
|
foreach ($actions as $formAction) {
|
|
|
|
if ($formAction->actionName() === $action) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Always allow actions on fields
|
|
|
|
$field = $this->checkFieldsForAction($this->Fields(), $action);
|
|
|
|
if ($field && $field->checkAccessAction($action)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @return callable
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getValidationResponseCallback()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->validationResponseCallback;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Overrules validation error behaviour in {@link httpSubmission()}
|
|
|
|
* when validation has failed. Useful for optional handling of a certain accepted content type.
|
|
|
|
*
|
|
|
|
* The callback can opt out of handling specific responses by returning NULL,
|
|
|
|
* in which case the default form behaviour will kick in.
|
|
|
|
*
|
|
|
|
* @param $callback
|
|
|
|
* @return self
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setValidationResponseCallback($callback)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->validationResponseCallback = $callback;
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the appropriate response up the controller chain
|
|
|
|
* if {@link validate()} fails (which is checked prior to executing any form actions).
|
|
|
|
* By default, returns different views for ajax/non-ajax request, and
|
|
|
|
* handles 'application/json' requests with a JSON object containing the error messages.
|
|
|
|
* Behaviour can be influenced by setting {@link $redirectToFormOnValidationError},
|
|
|
|
* and can be overruled by setting {@link $validationResponseCallback}.
|
|
|
|
*
|
|
|
|
* @param ValidationResult $result
|
|
|
|
* @return HTTPResponse
|
|
|
|
*/
|
|
|
|
protected function getValidationErrorResponse(ValidationResult $result)
|
|
|
|
{
|
|
|
|
// Check for custom handling mechanism
|
|
|
|
$callback = $this->getValidationResponseCallback();
|
|
|
|
if ($callback && $callbackResponse = call_user_func($callback, $result)) {
|
|
|
|
return $callbackResponse;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if handling via ajax
|
|
|
|
if ($this->getRequest()->isAjax()) {
|
|
|
|
return $this->getAjaxErrorResponse($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Prior to redirection, persist this result in session to re-display on redirect
|
|
|
|
$this->setSessionValidationResult($result);
|
|
|
|
$this->setSessionData($this->getData());
|
|
|
|
|
|
|
|
// Determine redirection method
|
|
|
|
if ($this->getRedirectToFormOnValidationError() && ($pageURL = $this->getRedirectReferer())) {
|
|
|
|
return $this->controller->redirect($pageURL . '#' . $this->FormName());
|
|
|
|
}
|
|
|
|
return $this->controller->redirectBack();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Build HTTP error response for ajax requests
|
|
|
|
*
|
|
|
|
* @internal called from {@see Form::getValidationErrorResponse}
|
|
|
|
* @param ValidationResult $result
|
|
|
|
* @return HTTPResponse
|
|
|
|
*/
|
|
|
|
protected function getAjaxErrorResponse(ValidationResult $result)
|
|
|
|
{
|
|
|
|
// Ajax form submissions accept json encoded errors by default
|
|
|
|
$acceptType = $this->getRequest()->getHeader('Accept');
|
|
|
|
if (strpos($acceptType, 'application/json') !== false) {
|
|
|
|
// Send validation errors back as JSON with a flag at the start
|
|
|
|
$response = new HTTPResponse(Convert::array2json($result->getMessages()));
|
|
|
|
$response->addHeader('Content-Type', 'application/json');
|
|
|
|
return $response;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Send the newly rendered form tag as HTML
|
|
|
|
$this->loadMessagesFrom($result);
|
|
|
|
$response = new HTTPResponse($this->forTemplate());
|
|
|
|
$response->addHeader('Content-Type', 'text/html');
|
|
|
|
return $response;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get referrer to redirect back to and safely validates it
|
|
|
|
*
|
|
|
|
* @internal called from {@see Form::getValidationErrorResponse}
|
|
|
|
* @return string|null
|
|
|
|
*/
|
|
|
|
protected function getRedirectReferer()
|
|
|
|
{
|
|
|
|
$pageURL = $this->getRequest()->getHeader('Referer');
|
|
|
|
if (!$pageURL) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
if (!Director::is_site_url($pageURL)) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Remove existing pragmas
|
|
|
|
$pageURL = preg_replace('/(#.*)/', '', $pageURL);
|
|
|
|
return Director::absoluteURL($pageURL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Fields can have action to, let's check if anyone of the responds to $funcname them
|
|
|
|
*
|
|
|
|
* @param SS_List|array $fields
|
|
|
|
* @param callable $funcName
|
|
|
|
* @return FormField
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
protected function checkFieldsForAction($fields, $funcName)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
foreach ($fields as $field) {
|
|
|
|
/** @skipUpgrade */
|
|
|
|
if (method_exists($field, 'FieldList')) {
|
|
|
|
if ($field = $this->checkFieldsForAction($field->FieldList(), $funcName)) {
|
|
|
|
return $field;
|
|
|
|
}
|
|
|
|
} elseif ($field->hasMethod($funcName) && $field->checkAccessAction($funcName)) {
|
|
|
|
return $field;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handle a field request.
|
|
|
|
* Uses {@link Form->dataFieldByName()} to find a matching field,
|
|
|
|
* and falls back to {@link FieldList->fieldByName()} to look
|
|
|
|
* for tabs instead. This means that if you have a tab and a
|
|
|
|
* formfield with the same name, this method gives priority
|
|
|
|
* to the formfield.
|
|
|
|
*
|
|
|
|
* @param HTTPRequest $request
|
|
|
|
* @return FormField
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function handleField($request)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$field = $this->Fields()->dataFieldByName($request->param('FieldName'));
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($field) {
|
|
|
|
return $field;
|
|
|
|
} else {
|
|
|
|
// falling back to fieldByName, e.g. for getting tabs
|
|
|
|
return $this->Fields()->fieldByName($request->param('FieldName'));
|
|
|
|
}
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Convert this form into a readonly form
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function makeReadonly()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->transform(new ReadonlyTransformation());
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set whether the user should be redirected back down to the
|
|
|
|
* form on the page upon validation errors in the form or if
|
|
|
|
* they just need to redirect back to the page
|
|
|
|
*
|
|
|
|
* @param bool $bool Redirect to form on error?
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setRedirectToFormOnValidationError($bool)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->redirectToFormOnValidationError = $bool;
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Get whether the user should be redirected back down to the
|
|
|
|
* form on the page upon validation errors
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getRedirectToFormOnValidationError()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->redirectToFormOnValidationError;
|
|
|
|
}
|
2016-11-23 10:29:15 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* @param FormTransformation $trans
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function transform(FormTransformation $trans)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$newFields = new FieldList();
|
|
|
|
foreach ($this->fields as $field) {
|
|
|
|
$newFields->push($field->transform($trans));
|
|
|
|
}
|
|
|
|
$this->fields = $newFields;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
$newActions = new FieldList();
|
|
|
|
foreach ($this->actions as $action) {
|
|
|
|
$newActions->push($action->transform($trans));
|
|
|
|
}
|
|
|
|
$this->actions = $newActions;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// We have to remove validation, if the fields are not editable ;-)
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($this->validator) {
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->validator->removeValidation();
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
}
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Get the {@link Validator} attached to this form.
|
|
|
|
* @return Validator
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getValidator()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->validator;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set the {@link Validator} on this form.
|
|
|
|
* @param Validator $validator
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setValidator(Validator $validator)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($validator) {
|
|
|
|
$this->validator = $validator;
|
|
|
|
$this->validator->setForm($this);
|
|
|
|
}
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Remove the {@link Validator} from this from.
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function unsetValidator()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->validator = null;
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set actions that are exempt from validation
|
|
|
|
*
|
|
|
|
* @param array
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setValidationExemptActions($actions)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->validationExemptActions = $actions;
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Get a list of actions that are exempt from validation
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getValidationExemptActions()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->validationExemptActions;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Passed a FormAction, returns true if that action is exempt from Form validation
|
|
|
|
*
|
|
|
|
* @param FormAction $action
|
|
|
|
* @return bool
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function actionIsValidationExempt($action)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($action->getValidationExempt()) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
if (in_array($action->actionName(), $this->getValidationExemptActions())) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generate extra special fields - namely the security token field (if required).
|
|
|
|
*
|
|
|
|
* @return FieldList
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getExtraFields()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$extraFields = new FieldList();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
$token = $this->getSecurityToken();
|
|
|
|
if ($token) {
|
|
|
|
$tokenField = $token->updateFieldSet($this->fields);
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($tokenField) {
|
|
|
|
$tokenField->setForm($this);
|
2016-11-23 18:09:10 +13:00
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
}
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->securityTokenAdded = true;
|
2016-11-23 10:29:15 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// add the "real" HTTP method if necessary (for PUT, DELETE and HEAD)
|
|
|
|
if (strtoupper($this->FormMethod()) != $this->FormHttpMethod()) {
|
|
|
|
$methodField = new HiddenField('_method', '', $this->FormHttpMethod());
|
|
|
|
$methodField->setForm($this);
|
|
|
|
$extraFields->push($methodField);
|
|
|
|
}
|
2016-11-23 10:29:15 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $extraFields;
|
|
|
|
}
|
2016-11-23 10:29:15 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Return the form's fields - used by the templates
|
|
|
|
*
|
|
|
|
* @return FieldList The form fields
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function Fields()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
foreach ($this->getExtraFields() as $field) {
|
2016-11-29 12:31:16 +13:00
|
|
|
if (!$this->fields->fieldByName($field->getName())) {
|
|
|
|
$this->fields->push($field);
|
|
|
|
}
|
2016-11-23 18:09:10 +13:00
|
|
|
}
|
|
|
|
|
|
|
|
return $this->fields;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return all <input type="hidden"> fields
|
|
|
|
* in a form - including fields nested in {@link CompositeFields}.
|
|
|
|
* Useful when doing custom field layouts.
|
|
|
|
*
|
|
|
|
* @return FieldList
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function HiddenFields()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->Fields()->HiddenFields();
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Return all fields except for the hidden fields.
|
|
|
|
* Useful when making your own simplified form layouts.
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function VisibleFields()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->Fields()->VisibleFields();
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Setter for the form fields.
|
|
|
|
*
|
|
|
|
* @param FieldList $fields
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setFields($fields)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->fields = $fields;
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Return the form's action buttons - used by the templates
|
|
|
|
*
|
|
|
|
* @return FieldList The action list
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function Actions()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->actions;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Setter for the form actions.
|
|
|
|
*
|
|
|
|
* @param FieldList $actions
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setActions($actions)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->actions = $actions;
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Unset all form actions
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function unsetAllActions()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->actions = new FieldList();
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* @param string $name
|
|
|
|
* @param string $value
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setAttribute($name, $value)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->attributes[$name] = $value;
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* @param string $name
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getAttribute($name)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if (isset($this->attributes[$name])) {
|
|
|
|
return $this->attributes[$name];
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* @return array
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getAttributes()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$attrs = array(
|
|
|
|
'id' => $this->FormName(),
|
|
|
|
'action' => $this->FormAction(),
|
|
|
|
'method' => $this->FormMethod(),
|
|
|
|
'enctype' => $this->getEncType(),
|
|
|
|
'target' => $this->target,
|
|
|
|
'class' => $this->extraClass(),
|
|
|
|
);
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($this->validator && $this->validator->getErrors()) {
|
2016-11-29 12:31:16 +13:00
|
|
|
if (!isset($attrs['class'])) {
|
|
|
|
$attrs['class'] = '';
|
|
|
|
}
|
2016-11-23 18:09:10 +13:00
|
|
|
$attrs['class'] .= ' validationerror';
|
|
|
|
}
|
|
|
|
|
|
|
|
$attrs = array_merge($attrs, $this->attributes);
|
|
|
|
|
|
|
|
return $attrs;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the attributes of the form tag - used by the templates.
|
|
|
|
*
|
|
|
|
* @param array $attrs Custom attributes to process. Falls back to {@link getAttributes()}.
|
|
|
|
* If at least one argument is passed as a string, all arguments act as excludes by name.
|
|
|
|
*
|
|
|
|
* @return string HTML attributes, ready for insertion into an HTML tag
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getAttributesHTML($attrs = null)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$exclude = (is_string($attrs)) ? func_get_args() : null;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Figure out if we can cache this form
|
|
|
|
// - forms with validation shouldn't be cached, cos their error messages won't be shown
|
|
|
|
// - forms with security tokens shouldn't be cached because security tokens expire
|
|
|
|
$needsCacheDisabled = false;
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($this->getSecurityToken()->isEnabled()) {
|
|
|
|
$needsCacheDisabled = true;
|
|
|
|
}
|
|
|
|
if ($this->FormMethod() != 'GET') {
|
|
|
|
$needsCacheDisabled = true;
|
|
|
|
}
|
2016-11-23 18:09:10 +13:00
|
|
|
if (!($this->validator instanceof RequiredFields) || count($this->validator->getRequired())) {
|
|
|
|
$needsCacheDisabled = true;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// If we need to disable cache, do it
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($needsCacheDisabled) {
|
|
|
|
HTTP::set_cache_age(0);
|
|
|
|
}
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
$attrs = $this->getAttributes();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Remove empty
|
|
|
|
$attrs = array_filter((array)$attrs, create_function('$v', 'return ($v || $v === 0);'));
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Remove excluded
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($exclude) {
|
|
|
|
$attrs = array_diff_key($attrs, array_flip($exclude));
|
|
|
|
}
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Prepare HTML-friendly 'method' attribute (lower-case)
|
|
|
|
if (isset($attrs['method'])) {
|
|
|
|
$attrs['method'] = strtolower($attrs['method']);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Create markup
|
|
|
|
$parts = array();
|
|
|
|
foreach ($attrs as $name => $value) {
|
|
|
|
$parts[] = ($value === true) ? "{$name}=\"{$name}\"" : "{$name}=\"" . Convert::raw2att($value) . "\"";
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return implode(' ', $parts);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
|
|
|
public function FormAttributes()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->getAttributesHTML();
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set the target of this form to any value - useful for opening the form contents in a new window or refreshing
|
|
|
|
* another frame
|
|
|
|
*
|
|
|
|
* @param string|FormTemplateHelper
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setTemplateHelper($helper)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->templateHelper = $helper;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Return a {@link FormTemplateHelper} for this form. If one has not been
|
|
|
|
* set, return the default helper.
|
|
|
|
*
|
|
|
|
* @return FormTemplateHelper
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getTemplateHelper()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($this->templateHelper) {
|
|
|
|
if (is_string($this->templateHelper)) {
|
|
|
|
return Injector::inst()->get($this->templateHelper);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->templateHelper;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return FormTemplateHelper::singleton();
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set the target of this form to any value - useful for opening the form
|
|
|
|
* contents in a new window or refreshing another frame.
|
|
|
|
*
|
|
|
|
* @param string $target The value of the target
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setTarget($target)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->target = $target;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set the legend value to be inserted into
|
|
|
|
* the <legend> element in the Form.ss template.
|
|
|
|
* @param string $legend
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setLegend($legend)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->legend = $legend;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the SS template that this form should use
|
|
|
|
* to render with. The default is "Form".
|
|
|
|
*
|
|
|
|
* @param string $template The name of the template (without the .ss extension)
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setTemplate($template)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->template = $template;
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Return the template to render this form with.
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getTemplate()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->template;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Returs the ordered list of preferred templates for rendering this form
|
|
|
|
* If the template isn't set, then default to the
|
|
|
|
* form class name e.g "Form".
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getTemplates()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$templates = SSViewer::get_templates_by_class(get_class($this), '', __CLASS__);
|
|
|
|
// Prefer any custom template
|
|
|
|
if ($this->getTemplate()) {
|
|
|
|
array_unshift($templates, $this->getTemplate());
|
|
|
|
}
|
|
|
|
return $templates;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the encoding type for the form.
|
|
|
|
*
|
|
|
|
* By default this will be URL encoded, unless there is a file field present
|
|
|
|
* in which case multipart is used. You can also set the enc type using
|
|
|
|
* {@link setEncType}.
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getEncType()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($this->encType) {
|
|
|
|
return $this->encType;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($fields = $this->fields->dataFields()) {
|
|
|
|
foreach ($fields as $field) {
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($field instanceof FileField) {
|
|
|
|
return self::ENC_TYPE_MULTIPART;
|
|
|
|
}
|
2016-11-23 18:09:10 +13:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return self::ENC_TYPE_URLENCODED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the form encoding type. The most common encoding types are defined
|
|
|
|
* in {@link ENC_TYPE_URLENCODED} and {@link ENC_TYPE_MULTIPART}.
|
|
|
|
*
|
|
|
|
* @param string $encType
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setEncType($encType)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->encType = $encType;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the real HTTP method for the form:
|
|
|
|
* GET, POST, PUT, DELETE or HEAD.
|
|
|
|
* As most browsers only support GET and POST in
|
|
|
|
* form submissions, all other HTTP methods are
|
|
|
|
* added as a hidden field "_method" that
|
|
|
|
* gets evaluated in {@link Director::direct()}.
|
|
|
|
* See {@link FormMethod()} to get a HTTP method
|
|
|
|
* for safe insertion into a <form> tag.
|
|
|
|
*
|
|
|
|
* @return string HTTP method
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function FormHttpMethod()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->formMethod;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Returns the form method to be used in the <form> tag.
|
|
|
|
* See {@link FormHttpMethod()} to get the "real" method.
|
|
|
|
*
|
|
|
|
* @return string Form HTTP method restricted to 'GET' or 'POST'
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function FormMethod()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if (in_array($this->formMethod, array('GET','POST'))) {
|
|
|
|
return $this->formMethod;
|
|
|
|
} else {
|
|
|
|
return 'POST';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the form method: GET, POST, PUT, DELETE.
|
|
|
|
*
|
|
|
|
* @param string $method
|
|
|
|
* @param bool $strict If non-null, pass value to {@link setStrictFormMethodCheck()}.
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setFormMethod($method, $strict = null)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->formMethod = strtoupper($method);
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($strict !== null) {
|
|
|
|
$this->setStrictFormMethodCheck($strict);
|
|
|
|
}
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* If set to true, enforce the matching of the form method.
|
|
|
|
*
|
|
|
|
* This will mean two things:
|
|
|
|
* - GET vars will be ignored by a POST form, and vice versa
|
|
|
|
* - A submission where the HTTP method used doesn't match the form will return a 400 error.
|
|
|
|
*
|
|
|
|
* If set to false (the default), then the form method is only used to construct the default
|
|
|
|
* form.
|
|
|
|
*
|
|
|
|
* @param $bool boolean
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setStrictFormMethodCheck($bool)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->strictFormMethodCheck = (bool)$bool;
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* @return boolean
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getStrictFormMethodCheck()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->strictFormMethodCheck;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Return the form's action attribute.
|
|
|
|
* This is build by adding an executeForm get variable to the parent controller's Link() value
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function FormAction()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($this->formActionPath) {
|
|
|
|
return $this->formActionPath;
|
|
|
|
} elseif ($this->controller->hasMethod("FormObjectLink")) {
|
|
|
|
return $this->controller->FormObjectLink($this->name);
|
|
|
|
} else {
|
|
|
|
return Controller::join_links($this->controller->Link(), $this->name);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the form action attribute to a custom URL.
|
|
|
|
*
|
|
|
|
* Note: For "normal" forms, you shouldn't need to use this method. It is
|
|
|
|
* recommended only for situations where you have two relatively distinct
|
|
|
|
* parts of the system trying to communicate via a form post.
|
|
|
|
*
|
|
|
|
* @param string $path
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setFormAction($path)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->formActionPath = $path;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Returns the name of the form.
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function FormName()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->getTemplateHelper()->generateFormID($this);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set the HTML ID attribute of the form.
|
|
|
|
*
|
|
|
|
* @param string $id
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setHTMLID($id)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->htmlID = $id;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getHTMLID()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->htmlID;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Get the controller.
|
|
|
|
*
|
|
|
|
* @return Controller
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getController()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->controller;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set the controller.
|
|
|
|
*
|
|
|
|
* @param Controller $controller
|
|
|
|
* @return Form
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setController($controller)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->controller = $controller;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Get the name of the form.
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getName()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->name;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set the name of the form.
|
|
|
|
*
|
|
|
|
* @param string $name
|
|
|
|
* @return Form
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setName($name)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->name = $name;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Returns an object where there is a method with the same name as each data
|
|
|
|
* field on the form.
|
|
|
|
*
|
|
|
|
* That method will return the field itself.
|
|
|
|
*
|
|
|
|
* It means that you can execute $firstName = $form->FieldMap()->FirstName()
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function FieldMap()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return new Form_FieldMap($this);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Set a message to the session, for display next time this form is shown.
|
|
|
|
*
|
|
|
|
* @param string $message the text of the message
|
|
|
|
* @param string $type Should be set to good, bad, or warning.
|
|
|
|
* @param string|bool $cast Cast type; One of the CAST_ constant definitions.
|
|
|
|
* Bool values will be treated as plain text flag.
|
|
|
|
*/
|
|
|
|
public function sessionMessage($message, $type = ValidationResult::TYPE_ERROR, $cast = ValidationResult::CAST_TEXT)
|
|
|
|
{
|
|
|
|
$this->setMessage($message, $type, $cast);
|
|
|
|
$result = $this->getSessionValidationResult() ?: ValidationResult::create();
|
|
|
|
$result->addMessage($message, $type, null, $cast);
|
|
|
|
$this->setSessionValidationResult($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set an error to the session, for display next time this form is shown.
|
|
|
|
*
|
|
|
|
* @param string $message the text of the message
|
|
|
|
* @param string $type Should be set to good, bad, or warning.
|
|
|
|
* @param string|bool $cast Cast type; One of the CAST_ constant definitions.
|
|
|
|
* Bool values will be treated as plain text flag.
|
|
|
|
*/
|
|
|
|
public function sessionError($message, $type = ValidationResult::TYPE_ERROR, $cast = ValidationResult::CAST_TEXT)
|
|
|
|
{
|
|
|
|
$this->setMessage($message, $type, $cast);
|
|
|
|
$result = $this->getSessionValidationResult() ?: ValidationResult::create();
|
|
|
|
$result->addError($message, $type, null, $cast);
|
|
|
|
$this->setSessionValidationResult($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the DataObject that has given this form its data
|
|
|
|
* through {@link loadDataFrom()}.
|
|
|
|
*
|
|
|
|
* @return DataObject
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getRecord()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->record;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Get the legend value to be inserted into the
|
|
|
|
* <legend> element in Form.ss
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getLegend()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->legend;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Processing that occurs before a form is executed.
|
|
|
|
*
|
|
|
|
* This includes form validation, if it fails, we throw a ValidationException
|
|
|
|
*
|
|
|
|
* This includes form validation, if it fails, we redirect back
|
|
|
|
* to the form with appropriate error messages.
|
|
|
|
* Always return true if the current form action is exempt from validation
|
|
|
|
*
|
|
|
|
* Triggered through {@link httpSubmission()}.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* Note that CSRF protection takes place in {@link httpSubmission()},
|
|
|
|
* if it fails the form data will never reach this method.
|
|
|
|
*
|
|
|
|
* @return ValidationResult
|
|
|
|
*/
|
|
|
|
public function validationResult()
|
|
|
|
{
|
|
|
|
// Opportunity to invalidate via validator
|
|
|
|
$action = $this->buttonClicked();
|
|
|
|
if ($action && $this->actionIsValidationExempt($action)) {
|
|
|
|
return ValidationResult::create();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Invoke validator
|
|
|
|
if ($this->validator) {
|
|
|
|
$result = $this->validator->validate();
|
|
|
|
$this->loadMessagesFrom($result);
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Successful result
|
|
|
|
return ValidationResult::create();
|
|
|
|
}
|
|
|
|
|
|
|
|
const MERGE_DEFAULT = 0;
|
|
|
|
const MERGE_CLEAR_MISSING = 1;
|
|
|
|
const MERGE_IGNORE_FALSEISH = 2;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Load data from the given DataObject or array.
|
|
|
|
*
|
|
|
|
* It will call $object->MyField to get the value of MyField.
|
|
|
|
* If you passed an array, it will call $object[MyField].
|
|
|
|
* Doesn't save into dataless FormFields ({@link DatalessField}),
|
|
|
|
* as determined by {@link FieldList->dataFields()}.
|
|
|
|
*
|
|
|
|
* By default, if a field isn't set (as determined by isset()),
|
|
|
|
* its value will not be saved to the field, retaining
|
|
|
|
* potential existing values.
|
|
|
|
*
|
|
|
|
* Passed data should not be escaped, and is saved to the FormField instances unescaped.
|
|
|
|
* Escaping happens automatically on saving the data through {@link saveInto()}.
|
|
|
|
*
|
|
|
|
* Escaping happens automatically on saving the data through
|
|
|
|
* {@link saveInto()}.
|
|
|
|
*
|
|
|
|
* @uses FieldList->dataFields()
|
|
|
|
* @uses FormField->setValue()
|
|
|
|
*
|
|
|
|
* @param array|DataObject $data
|
|
|
|
* @param int $mergeStrategy
|
|
|
|
* For every field, {@link $data} is interrogated whether it contains a relevant property/key, and
|
|
|
|
* what that property/key's value is.
|
|
|
|
*
|
|
|
|
* By default, if {@link $data} does contain a property/key, the fields value is always replaced by {@link $data}'s
|
|
|
|
* value, even if that value is null/false/etc. Fields which don't match any property/key in {@link $data} are
|
|
|
|
* "left alone", meaning they retain any previous value.
|
|
|
|
*
|
|
|
|
* You can pass a bitmask here to change this behaviour.
|
|
|
|
*
|
|
|
|
* Passing CLEAR_MISSING means that any fields that don't match any property/key in
|
|
|
|
* {@link $data} are cleared.
|
|
|
|
*
|
|
|
|
* Passing IGNORE_FALSEISH means that any false-ish value in {@link $data} won't replace
|
|
|
|
* a field's value.
|
|
|
|
*
|
|
|
|
* For backwards compatibility reasons, this parameter can also be set to === true, which is the same as passing
|
|
|
|
* CLEAR_MISSING
|
|
|
|
*
|
|
|
|
* @param array $fieldList An optional list of fields to process. This can be useful when you have a
|
|
|
|
* form that has some fields that save to one object, and some that save to another.
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function loadDataFrom($data, $mergeStrategy = 0, $fieldList = null)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if (!is_object($data) && !is_array($data)) {
|
|
|
|
user_error("Form::loadDataFrom() not passed an array or an object", E_USER_WARNING);
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Handle the backwards compatible case of passing "true" as the second argument
|
|
|
|
if ($mergeStrategy === true) {
|
|
|
|
$mergeStrategy = self::MERGE_CLEAR_MISSING;
|
2016-11-29 12:31:16 +13:00
|
|
|
} elseif ($mergeStrategy === false) {
|
2016-11-23 18:09:10 +13:00
|
|
|
$mergeStrategy = 0;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// if an object is passed, save it for historical reference through {@link getRecord()}
|
2016-11-29 12:31:16 +13:00
|
|
|
if (is_object($data)) {
|
|
|
|
$this->record = $data;
|
|
|
|
}
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// dont include fields without data
|
|
|
|
$dataFields = $this->Fields()->dataFields();
|
|
|
|
if (!$dataFields) {
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/** @var FormField $field */
|
|
|
|
foreach ($dataFields as $field) {
|
|
|
|
$name = $field->getName();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Skip fields that have been excluded
|
|
|
|
if ($fieldList && !in_array($name, $fieldList)) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// First check looks for (fieldname)_unchanged, an indicator that we shouldn't overwrite the field value
|
|
|
|
if (is_array($data) && isset($data[$name . '_unchanged'])) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Does this property exist on $data?
|
|
|
|
$exists = false;
|
|
|
|
// The value from $data for this field
|
|
|
|
$val = null;
|
|
|
|
|
|
|
|
if (is_object($data)) {
|
|
|
|
$exists = (
|
|
|
|
isset($data->$name) ||
|
|
|
|
$data->hasMethod($name) ||
|
|
|
|
($data->hasMethod('hasField') && $data->hasField($name))
|
|
|
|
);
|
|
|
|
|
|
|
|
if ($exists) {
|
|
|
|
$val = $data->__get($name);
|
|
|
|
}
|
|
|
|
} elseif (is_array($data)) {
|
|
|
|
if (array_key_exists($name, $data)) {
|
|
|
|
$exists = true;
|
|
|
|
$val = $data[$name];
|
2016-12-28 13:52:49 +00:00
|
|
|
} elseif (preg_match_all('/(.*)\[(.*)\]/U', $name, $matches)) {
|
|
|
|
// If field is in array-notation we need to access nested data
|
|
|
|
//discard first match which is just the whole string
|
|
|
|
array_shift($matches);
|
|
|
|
$keys = array_pop($matches);
|
|
|
|
$name = array_shift($matches);
|
|
|
|
$name = array_shift($name);
|
|
|
|
if (array_key_exists($name, $data)) {
|
|
|
|
$tmpData = &$data[$name];
|
|
|
|
// drill down into the data array looking for the corresponding value
|
|
|
|
foreach ($keys as $arrayKey) {
|
|
|
|
if ($arrayKey !== '') {
|
|
|
|
$tmpData = &$tmpData[$arrayKey];
|
|
|
|
} else {
|
|
|
|
//empty square brackets means new array
|
|
|
|
if (is_array($tmpData)) {
|
|
|
|
$tmpData = array_shift($tmpData);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($tmpData) {
|
|
|
|
$val = $tmpData;
|
|
|
|
$exists = true;
|
|
|
|
}
|
2016-11-23 18:09:10 +13:00
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
}
|
2016-11-23 18:09:10 +13:00
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// save to the field if either a value is given, or loading of blank/undefined values is forced
|
|
|
|
if ($exists) {
|
|
|
|
if ($val != false || ($mergeStrategy & self::MERGE_IGNORE_FALSEISH) != self::MERGE_IGNORE_FALSEISH) {
|
|
|
|
// pass original data as well so composite fields can act on the additional information
|
2016-11-29 12:31:16 +13:00
|
|
|
$field->setValue($val, $data);
|
2016-11-23 18:09:10 +13:00
|
|
|
}
|
|
|
|
} elseif (($mergeStrategy & self::MERGE_CLEAR_MISSING) == self::MERGE_CLEAR_MISSING) {
|
|
|
|
$field->setValue($val, $data);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Save the contents of this form into the given data object.
|
|
|
|
* It will make use of setCastedField() to do this.
|
|
|
|
*
|
|
|
|
* @param DataObjectInterface $dataObject The object to save data into
|
|
|
|
* @param FieldList $fieldList An optional list of fields to process. This can be useful when you have a
|
|
|
|
* form that has some fields that save to one object, and some that save to another.
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function saveInto(DataObjectInterface $dataObject, $fieldList = null)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$dataFields = $this->fields->saveableFields();
|
|
|
|
$lastField = null;
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($dataFields) {
|
|
|
|
foreach ($dataFields as $field) {
|
2016-11-23 18:09:10 +13:00
|
|
|
// Skip fields that have been excluded
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($fieldList && is_array($fieldList) && !in_array($field->getName(), $fieldList)) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
$saveMethod = "save{$field->getName()}";
|
|
|
|
if ($field->getName() == "ClassName") {
|
|
|
|
$lastField = $field;
|
|
|
|
} elseif ($dataObject->hasMethod($saveMethod)) {
|
|
|
|
$dataObject->$saveMethod($field->dataValue());
|
|
|
|
} elseif ($field->getName() !== "ID") {
|
|
|
|
$field->saveInto($dataObject);
|
|
|
|
}
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
}
|
|
|
|
if ($lastField) {
|
|
|
|
$lastField->saveInto($dataObject);
|
2016-11-23 18:09:10 +13:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the submitted data from this form through
|
|
|
|
* {@link FieldList->dataFields()}, which filters out
|
|
|
|
* any form-specific data like form-actions.
|
|
|
|
* Calls {@link FormField->dataValue()} on each field,
|
|
|
|
* which returns a value suitable for insertion into a DataObject
|
|
|
|
* property.
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getData()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$dataFields = $this->fields->dataFields();
|
|
|
|
$data = array();
|
|
|
|
|
|
|
|
if ($dataFields) {
|
|
|
|
foreach ($dataFields as $field) {
|
|
|
|
if ($field->getName()) {
|
|
|
|
$data[$field->getName()] = $field->dataValue();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return $data;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a rendered version of this form.
|
|
|
|
*
|
|
|
|
* This is returned when you access a form as $FormObject rather
|
|
|
|
* than <% with FormObject %>
|
|
|
|
*
|
|
|
|
* @return DBHTMLText
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function forTemplate()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$return = $this->renderWith($this->getTemplates());
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Now that we're rendered, clear message
|
|
|
|
$this->clearMessage();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $return;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Return a rendered version of this form, suitable for ajax post-back.
|
|
|
|
*
|
|
|
|
* It triggers slightly different behaviour, such as disabling the rewriting
|
|
|
|
* of # links.
|
|
|
|
*
|
|
|
|
* @return DBHTMLText
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function forAjaxTemplate()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$view = new SSViewer($this->getTemplates());
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
$return = $view->dontRewriteHashlinks()->process($this);
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Now that we're rendered, clear message
|
|
|
|
$this->clearMessage();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $return;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Returns an HTML rendition of this form, without the <form> tag itself.
|
|
|
|
*
|
|
|
|
* Attaches 3 extra hidden files, _form_action, _form_name, _form_method,
|
|
|
|
* and _form_enctype. These are the attributes of the form. These fields
|
|
|
|
* can be used to send the form to Ajax.
|
|
|
|
*
|
|
|
|
* @deprecated 5.0
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function formHtmlContent()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
Deprecation::notice('5.0');
|
|
|
|
$this->IncludeFormTag = false;
|
|
|
|
$content = $this->forTemplate();
|
|
|
|
$this->IncludeFormTag = true;
|
|
|
|
|
|
|
|
$content .= "<input type=\"hidden\" name=\"_form_action\" id=\"" . $this->FormName . "_form_action\""
|
|
|
|
. " value=\"" . $this->FormAction() . "\" />\n";
|
|
|
|
$content .= "<input type=\"hidden\" name=\"_form_name\" value=\"" . $this->FormName() . "\" />\n";
|
|
|
|
$content .= "<input type=\"hidden\" name=\"_form_method\" value=\"" . $this->FormMethod() . "\" />\n";
|
|
|
|
$content .= "<input type=\"hidden\" name=\"_form_enctype\" value=\"" . $this->getEncType() . "\" />\n";
|
|
|
|
|
|
|
|
return $content;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Render this form using the given template, and return the result as a string
|
|
|
|
* You can pass either an SSViewer or a template name
|
|
|
|
* @param string|array $template
|
|
|
|
* @return DBHTMLText
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function renderWithoutActionButton($template)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$custom = $this->customise(array(
|
|
|
|
"Actions" => "",
|
|
|
|
));
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
if (is_string($template)) {
|
|
|
|
$template = new SSViewer($template);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $template->process($custom);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Sets the button that was clicked. This should only be called by the Controller.
|
|
|
|
*
|
|
|
|
* @param callable $funcName The name of the action method that will be called.
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function setButtonClicked($funcName)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->buttonClickedFunc = $funcName;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* @return FormAction
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function buttonClicked()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$actions = $this->getAllActions();
|
|
|
|
foreach ($actions as $action) {
|
|
|
|
if ($this->buttonClickedFunc === $action->actionName()) {
|
|
|
|
return $action;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get a list of all actions, including those in the main "fields" FieldList
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
protected function getAllActions()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$fields = $this->fields->dataFields() ?: array();
|
|
|
|
$actions = $this->actions->dataFields() ?: array();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
$fieldsAndActions = array_merge($fields, $actions);
|
|
|
|
$actions = array_filter($fieldsAndActions, function ($fieldOrAction) {
|
|
|
|
return $fieldOrAction instanceof FormAction;
|
|
|
|
});
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $actions;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Return the default button that should be clicked when another one isn't
|
|
|
|
* available.
|
|
|
|
*
|
|
|
|
* @return FormAction
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function defaultAction()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
if ($this->hasDefaultAction && $this->actions) {
|
|
|
|
return $this->actions->first();
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Disable the default button.
|
|
|
|
*
|
|
|
|
* Ordinarily, when a form is processed and no action_XXX button is
|
|
|
|
* available, then the first button in the actions list will be pressed.
|
|
|
|
* However, if this is "delete", for example, this isn't such a good idea.
|
|
|
|
*
|
|
|
|
* @return Form
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function disableDefaultAction()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->hasDefaultAction = false;
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Disable the requirement of a security token on this form instance. This
|
|
|
|
* security protects against CSRF attacks, but you should disable this if
|
|
|
|
* you don't want to tie a form to a session - eg a search form.
|
|
|
|
*
|
|
|
|
* Check for token state with {@link getSecurityToken()} and
|
|
|
|
* {@link SecurityToken->isEnabled()}.
|
|
|
|
*
|
|
|
|
* @return Form
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function disableSecurityToken()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->securityToken = new NullSecurityToken();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Enable {@link SecurityToken} protection for this form instance.
|
|
|
|
*
|
|
|
|
* Check for token state with {@link getSecurityToken()} and
|
|
|
|
* {@link SecurityToken->isEnabled()}.
|
|
|
|
*
|
|
|
|
* @return Form
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function enableSecurityToken()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$this->securityToken = new SecurityToken();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Returns the security token for this form (if any exists).
|
|
|
|
*
|
|
|
|
* Doesn't check for {@link securityTokenEnabled()}.
|
|
|
|
*
|
|
|
|
* Use {@link SecurityToken::inst()} to get a global token.
|
|
|
|
*
|
|
|
|
* @return SecurityToken|null
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function getSecurityToken()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return $this->securityToken;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Compiles all CSS-classes.
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function extraClass()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return implode(array_unique($this->extraClasses), ' ');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Add a CSS-class to the form-container. If needed, multiple classes can
|
|
|
|
* be added by delimiting a string with spaces.
|
|
|
|
*
|
|
|
|
* @param string $class A string containing a classname or several class
|
|
|
|
* names delimited by a single space.
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function addExtraClass($class)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
//split at white space
|
|
|
|
$classes = preg_split('/\s+/', $class);
|
|
|
|
foreach ($classes as $class) {
|
|
|
|
//add classes one by one
|
|
|
|
$this->extraClasses[$class] = $class;
|
|
|
|
}
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove a CSS-class from the form-container. Multiple class names can
|
|
|
|
* be passed through as a space delimited string
|
|
|
|
*
|
|
|
|
* @param string $class
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function removeExtraClass($class)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
//split at white space
|
|
|
|
$classes = preg_split('/\s+/', $class);
|
|
|
|
foreach ($classes as $class) {
|
|
|
|
//unset one by one
|
|
|
|
unset($this->extraClasses[$class]);
|
|
|
|
}
|
|
|
|
return $this;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
|
|
|
public function debug()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$result = "<h3>$this->class</h3><ul>";
|
|
|
|
foreach ($this->fields as $field) {
|
|
|
|
$result .= "<li>$field" . $field->debug() . "</li>";
|
|
|
|
}
|
|
|
|
$result .= "</ul>";
|
|
|
|
|
|
|
|
if ($this->validator) {
|
|
|
|
/** @skipUpgrade */
|
|
|
|
$result .= '<h3>'._t('Form.VALIDATOR', 'Validator').'</h3>' . $this->validator->debug();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
// TESTING HELPERS
|
|
|
|
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test a submission of this form.
|
|
|
|
* @param string $action
|
|
|
|
* @param array $data
|
|
|
|
* @return HTTPResponse the response object that the handling controller produces. You can interrogate this in
|
|
|
|
* your unit test.
|
|
|
|
* @throws HTTPResponse_Exception
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function testSubmission($action, $data)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$data['action_' . $action] = true;
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
return Director::test($this->FormAction(), $data, Controller::curr()->getSession());
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
/**
|
|
|
|
* Test an ajax submission of this form.
|
|
|
|
*
|
|
|
|
* @param string $action
|
|
|
|
* @param array $data
|
|
|
|
* @return HTTPResponse the response object that the handling controller produces. You can interrogate this in
|
|
|
|
* your unit test.
|
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
public function testAjaxSubmission($action, $data)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$data['ajax'] = 1;
|
|
|
|
return $this->testSubmission($action, $data);
|
|
|
|
}
|
2007-07-19 10:40:28 +00:00
|
|
|
}
|