Fix #2560
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index bc14df2..7f4276b 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -54,10 +54,18 @@
{
$CI =& get_instance();
- if ($attributes === '')
+ if (empty($attributes))
{
$attributes = 'method="post"';
}
+ elseif (is_array($attributes) && ! isset($attributes['method']))
+ {
+ $attributes['method'] = 'post';
+ }
+ elseif (stripos($attributes, 'method=') === FALSE)
+ {
+ $attributes .= ' method="post"';
+ }
// If an action is not a full URL then turn it into one
if ($action && strpos($action, '://') === FALSE)
@@ -73,7 +81,7 @@
$form = '<form action="'.$action.'"'._attributes_to_string($attributes, TRUE).">\n";
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE && ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"')))
+ if ($CI->config->item('csrf_protection') === TRUE && ! (strpos($action, $CI->config->base_url()) === FALSE OR stripos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}