- Added a new form() method to ease form handling

2020-01-30 11:19:41 -05:00 · 2020-01-30 11:19:41 -05:00 · 9c8a28d294
parent 94e42747a4
commit 9c8a28d294
2 changed files with 80 additions and 6 deletions
--- a/src/Form/UiForm.php
+++ b/src/Form/UiForm.php
@ -2,9 +2,9 @@

 namespace Picea\Ui\Form;

-use Picea\Ui\Common\UiElement;
-use Picea\Extension\Extension;
-use Picea\Extension\ExtensionTrait;
+use Picea\Ui\Common\UiElement,
+    Picea\Extension\Extension,
+    Picea\Extension\ExtensionTrait;

 class UiForm extends UiElement implements Extension {
    use ExtensionTrait;
@ -23,7 +23,7 @@ class UiForm extends UiElement implements Extension {
    {
        switch($token) {
            case 'ui.endform':
-                return "</form>";
+                return ( new UiHidden() )->attributes([ 'name' =>"picea-csrf-protection", 'value' => "abcdefg" ])->render() . "</form>";

            case "ui.form.get":
                $method = "get";
@ -50,10 +50,12 @@ class UiForm extends UiElement implements Extension {
        return "<?php echo ( new \\" . static::class . "() )->buildHtml('$method', $arguments) ?>";
    }

+    
    public function buildHtml(string $method, string $action, array $attributes = []) : string
    {
        $this->option('tag-type', 'single');
-        $this->attributes([ 'action' => $action ] + $attributes);
+        $this->attributes([ 'method' => $method, 'action' => $action ] + $attributes);
+
        return $this->render() . PHP_EOL;
    }
-}
+}
--- a/src/Method/Form.php
+++ b/src/Method/Form.php
@ -0,0 +1,72 @@
+<?php
+
+namespace Picea\Ui\Method;
+
+use Picea\Extension\Extension,
+    Picea\Extension\ExtensionTrait;
+
+use Picea\Compiler\Context;
+
+use Psr\Http\Message\ServerRequestInterface;
+
+class Form implements Extension {
+    use ExtensionTrait;
+
+    public array $tokens;
+
+    public string $token;
+
+    public function __construct(Context $context) {
+        $this->register($context);
+    }
+
+    public function parse(/*\Picae\Compiler\Context*/ &$context, ?string $arguments, string $token) : string { }
+
+    public function register(Context $context) : void
+    {
+        $context->pushFunction("form", [ $this, 'formClass' ]);
+    }
+
+    public function form_csrf(string $field, string $value) {
+        $values = $this->session("View.form.csrf.$field") ?: [];
+
+        # keeps 20 (from config) latest CSRF key for this form into session,
+        # allowing more than one tab opened and preventing information loss
+        if ( count($values) >= 20 ) {
+            #array_shift($values);
+        }
+
+        $values[] = $value;
+
+        $this->session("View.form.csrf.$field", $values);
+
+        return $value;
+    }
+
+    public function formClass(ServerRequestInterface $request) {
+        return new class($request) {
+
+            public bool $sent = false;
+
+            protected ServerRequestInterface $request;
+
+            public function __construct(ServerRequestInterface $request)
+            {
+                $this->request = $request;
+                $this->sent = $this->requestSent();
+            }
+
+            protected function requestSent() : bool
+            {
+                return in_array($this->request->getMethod(), [
+                    "DELETE", "PATCH", "POST", "PUT",
+                ]);
+            }
+
+            protected function honeyPot() : bool
+            {
+                $this->request->getServerParams();
+            }
+        };
+    }
+}