Bug: TypeError in form_open('') function #8729
Description
PHP Version
8.2
CodeIgniter4 Version
4.5.0
CodeIgniter4 Installation Method
Composer (as dependency to an existing project)
Which operating systems have you tested for this bug?
Windows
Which server did you use?
cli
Database
MariaDB 10.4
What happened?
When CSRF Filter is On.
I encountered a TypeError when using the form_open('').
The error message is as follows:
TypeError
str_contains(): Argument #1 ($haystack) must be of type string, CodeIgniter\HTTP\SiteURI given
SYSTEMPATH\Helpers\form_helper.php at line 65
58 }
59
60 $form = '<form action="' . $action . '"' . $attributes . ">\n";
61
62 // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
63 $before = service('filters')->getFilters()['before'];
64
65 if ((in_array('csrf', $before, true) || array_key_exists('csrf', $before)) && str_contains($action, base_url()) && ! stripos($form, 'method="get"')) {
66 $form .= csrf_field($csrfId ?? null);
67 }
68
69 foreach ($hidden as $name => $value) {
70 $form .= form_hidden($name, $value);
71 }
72
Debug
// vendor\codeigniter4\framework\system\Helpers\form_helper.php line 65
var_dump(in_array('csrf', $before, true)); // true
var_dump(array_key_exists('csrf', $before)); // false
var_dump(str_contains($action, base_url())); // error
if ((in_array('csrf', $before, true) || array_key_exists('csrf', $before)) && str_contains($action, base_url()) && !stripos($form, 'method="get"')) {
$form .= csrf_field($csrfId ?? null);
}Steps to Reproduce
- Upgrade CodeIgniter to 4.5.0 from 4.4.7.
- Use the form_open('') function in View.
Expected Output
<form action="current_url" method="post">
Anything else?
This issue did not occur when using CodeIgniter version 4.4.7.
Any help on this issue would be greatly appreciated.