diff options
author | David Heinemeier Hansson <david@loudthinking.com> | 2008-01-11 16:25:23 +0000 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2008-01-11 16:25:23 +0000 |
commit | 5d1a305f066daf5a60b2b1158d5d2aeae6fe32cb (patch) | |
tree | a6dd78c9386d5c0615e161643808f4a2536bfc65 /actionpack/lib/action_view/helpers | |
parent | 104f31af1dc412160b624da1b09c5456fa862f53 (diff) | |
download | rails-5d1a305f066daf5a60b2b1158d5d2aeae6fe32cb.tar.gz rails-5d1a305f066daf5a60b2b1158d5d2aeae6fe32cb.tar.bz2 rails-5d1a305f066daf5a60b2b1158d5d2aeae6fe32cb.zip |
Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used (closes #10739) [jeremyevans]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8626 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib/action_view/helpers')
-rw-r--r-- | actionpack/lib/action_view/helpers/active_record_helper.rb | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/actionpack/lib/action_view/helpers/active_record_helper.rb b/actionpack/lib/action_view/helpers/active_record_helper.rb index 9736b7e438..170ad84e43 100644 --- a/actionpack/lib/action_view/helpers/active_record_helper.rb +++ b/actionpack/lib/action_view/helpers/active_record_helper.rb @@ -56,6 +56,14 @@ module ActionView # form << content_tag("b", "Department") # form << collection_select("department", "id", @departments, "id", "name") # end + # + # The following options are available: + # + # * <tt>action</tt> - the action used when submitting the form (default: create if a new record, otherwise update) + # * <tt>input_block</tt> - specialize the output using a different block, see above + # * <tt>method</tt> - the method used when submitting the form (default: post) + # * <tt>multipart</tt> - whether to change the enctype of the form to multipart/form-date, used when uploading a file (default: false) + # * <tt>submit_value</tt> - the text of the submit button (default: Create if a new record, otherwise Update) def form(record_name, options = {}) record = instance_variable_get("@#{record_name}") @@ -65,13 +73,12 @@ module ActionView submit_value = options[:submit_value] || options[:action].gsub(/[^\w]/, '').capitalize - contents = '' + contents = form_tag({:action => action}, :method =>(options[:method] || 'post'), :enctype => options[:multipart] ? 'multipart/form-data': nil) contents << hidden_field(record_name, :id) unless record.new_record? contents << all_input_tags(record, record_name, options) yield contents if block_given? contents << submit_tag(submit_value) - - content_tag('form', contents, :action => action, :method => 'post', :enctype => options[:multipart] ? 'multipart/form-data': nil) + contents << '</form>' end # Returns a string containing the error message attached to the +method+ on the +object+ if one exists. |