if (stripos($attributes, 'accept-charset='
) === false
) { $config =
config(App::
class);
$attributes .= ' accept-charset="' .
strtolower($config->charset
) . '"';
} $form = '<form action="' .
$action . '"' .
$attributes . ">\n";
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
$before = Services::
filters()->
getFilters()['before'
];
if ((in_array('csrf',
$before, true
) ||
array_key_exists('csrf',
$before)) &&
strpos($action,
base_url()) !== false && !
stripos($form, 'method="get"'
)) { $form .=
csrf_field($csrfId ?? null
);
} foreach ($hidden as $name =>
$value) { $form .=
form_hidden($name,
$value);
} return $form;
}}