From 8e5673e3d289e4d28b4fc9f20721bda9f1c858c7 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Sat, 4 Oct 2014 23:31:03 -0400
Subject: Improve settings page and move some config parameters to the database

---
 app/helpers.php | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

(limited to 'app/helpers.php')

diff --git a/app/helpers.php b/app/helpers.php
index 5cb7b82e..1ab8586a 100644
--- a/app/helpers.php
+++ b/app/helpers.php
@@ -556,16 +556,37 @@ function form_numeric($name, $values = array(), array $errors = array(), array $
  * @param  string   $controller  Controller name
  * @param  string   $action      Action name
  * @param  array    $params      Url parameters
+ * @param  boolean  $csrf        Add a CSRF token
  * @param  string   $class       CSS class attribute
  * @return string
  */
-function a($label, $controller, $action, array $params = array(), $css = '')
+function a($label, $controller, $action, array $params = array(), $csrf = false, $class = '')
 {
-    $html = '<a href="?controller='.$controller.'&amp;action='.$action;
+    return '<a href="'.u($controller, $action, $params, $csrf).'" class="'.$class.'"/>'.$label.'</a>';
+}
+
+/**
+ * URL
+ *
+ * a('link', 'task', 'show', array('task_id' => $task_id))
+ *
+ * @param  string   $controller  Controller name
+ * @param  string   $action      Action name
+ * @param  array    $params      Url parameters
+ * @param  boolean  $csrf        Add a CSRF token
+ * @return string
+ */
+function u($controller, $action, array $params = array(), $csrf = false)
+{
+    $html = '?controller='.$controller.'&amp;action='.$action;
+
+    if ($csrf) {
+        $params['csrf_token'] = Security::getCSRFToken();
+    }
 
     foreach ($params as $key => $value) {
         $html .= '&amp;'.$key.'='.$value;
     }
 
-    return '" class="'.$class.'"/>'.$label.'</a>';
-}
+    return $html;
+}
\ No newline at end of file
-- 
cgit v1.2.3