From 5621cf0227be1e45e8f9e109c143e5ec376b8450 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20C=2E979?=
 <34628915+sc979@users.noreply.github.com>
Date: Tue, 2 Apr 2019 15:11:25 +0200
Subject: [PATCH] fix(ui): saving configuration > contacts filters (#7360)

* fix(ui): saving configuration > contact users filters
* fix(ui): saving configuration > contact template filters
* fix(ui): saving configuration > contactgroup filters
* fix(ui): saving configuration > timeperiod filters
---
 .../configObject/contact/listContact.php      | 131 +++++++++---------
 .../listContactTemplateModel.php              | 105 +++++++-------
 .../contactgroup/listContactGroup.php         |  68 +++++----
 .../timeperiod/listTimeperiod.php             |  73 +++++-----
 4 files changed, 182 insertions(+), 195 deletions(-)

diff --git a/www/include/configuration/configObject/contact/listContact.php b/www/include/configuration/configObject/contact/listContact.php
index 2e57370a257..4521d4fff0b 100644
--- a/www/include/configuration/configObject/contact/listContact.php
+++ b/www/include/configuration/configObject/contact/listContact.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -37,33 +37,34 @@
     exit();
 }
 
-include_once("./class/centreonUtils.class.php");
+include_once "./class/centreonUtils.class.php";
 
-include("./include/common/autoNumLimit.php");
+include "./include/common/autoNumLimit.php";
 
 /*
  * Create Timeperiod Cache
  */
 $tpCache = array("" => "");
-$DBRESULT = $pearDB->query("SELECT tp_name, tp_id FROM timeperiod");
-while ($data = $DBRESULT->fetchRow()) {
+$dbResult = $pearDB->query("SELECT tp_name, tp_id FROM timeperiod");
+while ($data = $dbResult->fetch()) {
     $tpCache[$data["tp_id"]] = $data["tp_name"];
 }
 unset($data);
-$DBRESULT->closeCursor();
+$dbResult->closeCursor();
+
+$search = filter_var(
+    $_POST['searchC'] ?? $_GET['search'] ?? null,
+    FILTER_SANITIZE_STRING
+);
 
-$clauses = array();
 $search = null;
-if (isset($_POST['searchC'])) {
-    $search = $_POST['searchC'];
-    $centreon->historySearch[$url] = $search;
-} elseif (isset($_GET['search'])) {
-    $search = $_GET['search'];
+if (isset($_POST['searchC']) || isset($_GET['search'])) {
     $centreon->historySearch[$url] = $search;
-} elseif (isset($centreon->historySearch[$url])) {
+} else {
     $search = $centreon->historySearch[$url];
 }
 
+$clauses = array();
 if ($search) {
     $clauses = array(
         'contact_name' => array('LIKE', '%' . $search . '%'),
@@ -94,21 +95,17 @@
 $contacts = $acl->getContactAclConf($aclOptions);
 $rows = count($contacts);
 
-include("./include/common/checkPagination.php");
+include "./include/common/checkPagination.php";
 
-/*
- * Smarty template Init
- */
+// Smarty template Init
 $tpl = new Smarty();
 $tpl = initSmartyTpl($path, $tpl);
 
-/* Access level */
+// Access level
 ($centreon->user->access->page($p) == 1) ? $lvl_access = 'w' : $lvl_access = 'r';
 $tpl->assign('mode_access', $lvl_access);
 
-/*
- * start header menu
- */
+// start header menu
 $tpl->assign("headerMenu_name", _("Full Name"));
 $tpl->assign("headerMenu_desc", _("Alias / Login"));
 $tpl->assign("headerMenu_email", _("Email"));
@@ -130,9 +127,7 @@
 
 $form = new HTML_QuickFormCustom('select_form', 'POST', "?p=" . $p);
 
-/*
- * Different style between each lines
- */
+// Different style between each lines
 $style = "one";
 $contactTypeIcone = array(
     1 => "./img/icons/admin.png",
@@ -145,13 +140,17 @@
     3 => _("This is a contact template.")
 );
 
-/*
- * Fill a tab with a mutlidimensionnal Array we put in $tpl
- */
+// Fill a tab with a multidimensional Array we put in $tpl
 $elemArr = array();
 foreach ($contacts as $contact) {
     if ($centreon->user->get_id() == $contact['contact_id']) {
-        $selectedElements = $form->addElement('checkbox', "select[" . $contact['contact_id'] . "]", '', '', 'disabled');
+        $selectedElements = $form->addElement(
+            'checkbox',
+            "select[" . $contact['contact_id'] . "]",
+            '',
+            '',
+            'disabled'
+        );
     } else {
         $selectedElements = $form->addElement('checkbox', "select[" . $contact['contact_id'] . "]");
     }
@@ -229,38 +228,38 @@
 }
 $tpl->assign("elemArr", $elemArr);
 
-/*
- * Different messages we put in the template
- */
-$tpl->assign('msg', array(
-    "addL" => "main.php?p=" . $p . "&o=a",
-    "addT" => _("Add"),
-    "ldap_importL" => "main.php?p=" . $p . "&o=li",
-    "ldap_importT" => _("LDAP Import"),
-    "view_notif" => _("View contact notifications")
-));
+// Different messages we put in the template
+$tpl->assign(
+    'msg',
+    array(
+        "addL" => "main.php?p=" . $p . "&o=a",
+        "addT" => _("Add"),
+        "ldap_importL" => "main.php?p=" . $p . "&o=li",
+        "ldap_importT" => _("LDAP Import"),
+        "view_notif" => _("View contact notifications")
+    )
+);
 
-# Display import ldap users button if ldap is configured
-$query = "SELECT count(ar_id) as count_ldap "
-    . "FROM auth_ressource ";
-$res = $pearDB->query($query);
-$row = $res->fetchRow();
+// Display import ldap users button if ldap is configured
+$res = $pearDB->query(
+    "SELECT count(ar_id) as count_ldap " .
+    "FROM auth_ressource "
+);
+$row = $res->fetch();
 if ($row['count_ldap'] > 0) {
     $tpl->assign('ldap', '1');
 }
 
-/*
- * Toolbar select
- */
+// Toolbar select
 ?>
-    <script type="text/javascript">
-        function setO(_i) {
-            document.forms['form'].elements['o'].value = _i;
-        }
-    </script>
+<script type="text/javascript">
+    function setO(_i) {
+        document.forms['form'].elements['o'].value = _i;
+    }
+</script>
 <?php
 
-/* Manage options */
+// Manage options
 foreach (array('o1', 'o2') as $option) {
     $attrs1 = array(
         'onchange' => "javascript: " .
@@ -278,14 +277,20 @@ function setO(_i) {
             "   setO(this.form.elements['" . $option . "'].value); submit();} " .
             "this.form.elements['" . $option . "'].selectedIndex = 0"
     );
-    $form->addElement('select', $option, null, array(
-        null => _("More actions..."),
-        "m" => _("Duplicate"),
-        "d" => _("Delete"),
-        "mc" => _("Massive Change"),
-        "ms" => _("Enable"),
-        "mu" => _("Disable")
-    ), $attrs1);
+    $form->addElement(
+        'select',
+        $option,
+        null,
+        array(
+            null => _("More actions..."),
+            "m" => _("Duplicate"),
+            "d" => _("Delete"),
+            "mc" => _("Massive Change"),
+            "ms" => _("Enable"),
+            "mu" => _("Disable")
+        ),
+        $attrs1
+    );
     $form->setDefaults(array($option => null));
 
     $o1 = $form->getElement($option);
@@ -296,9 +301,7 @@ function setO(_i) {
 $tpl->assign('limit', $limit);
 $tpl->assign('searchC', $search);
 
-/*
- * Apply a template definition
- */
+// Apply a template definition
 $renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl);
 $form->accept($renderer);
 $tpl->assign('form', $renderer->toArray());
diff --git a/www/include/configuration/configObject/contact_template_model/listContactTemplateModel.php b/www/include/configuration/configObject/contact_template_model/listContactTemplateModel.php
index bb17be96c99..ed88ca45793 100644
--- a/www/include/configuration/configObject/contact_template_model/listContactTemplateModel.php
+++ b/www/include/configuration/configObject/contact_template_model/listContactTemplateModel.php
@@ -1,8 +1,8 @@
 <?php
 
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -38,9 +38,9 @@
     exit();
 }
 
-include_once("./class/centreonUtils.class.php");
+include_once "./class/centreonUtils.class.php";
 
-include("./include/common/autoNumLimit.php");
+include "./include/common/autoNumLimit.php";
 
 $contactTypeIcone = array(
     1 => "./img/icons/admin.png",
@@ -52,26 +52,25 @@
  * Create Timeperiod Cache
  */
 $tpCache = array("" => "");
-$DBRESULT = $pearDB->query("SELECT tp_name, tp_id FROM timeperiod");
-while ($data = $DBRESULT->fetchRow()) {
+$dbResult = $pearDB->query("SELECT tp_name, tp_id FROM timeperiod");
+while ($data = $dbResult->fetch()) {
     $tpCache[$data["tp_id"]] = $data["tp_name"];
 }
 unset($data);
-$DBRESULT->closeCursor();
+$dbResult->closeCursor();
 
-$clauses = array();
-$search = null;
+$search = filter_var(
+    $_POST['searchCT'] ?? $_GET['searchCT'] ?? null,
+    FILTER_SANITIZE_STRING
+);
 
-if (isset($_POST['searchCT'])) {
-    $search = $_POST['searchCT'];
-    $centreon->historySearch[$url] = $search;
-} elseif (isset($_GET['search'])) {
-    $search = $_GET['search'];
+if (isset($_POST['searchCT']) || isset($_GET['searchCT'])) {
     $centreon->historySearch[$url] = $search;
-} elseif (isset($centreon->historySearch[$url])) {
+} else {
     $search = $centreon->historySearch[$url];
 }
 
+$clauses = array();
 if ($search) {
     $clauses = array('contact_name' => '%' . $search . '%');
 }
@@ -91,7 +90,7 @@
     array(($num * $limit), $limit)
 );
 $rows = $pearDB->query("SELECT FOUND_ROWS()")->fetchColumn();
-include("./include/common/checkPagination.php");
+include "./include/common/checkPagination.php";
 
 /*
  * Smarty template Init
@@ -99,13 +98,11 @@
 $tpl = new Smarty();
 $tpl = initSmartyTpl($path, $tpl);
 
-/* Access level */
+// Access level
 ($centreon->user->access->page($p) == 1) ? $lvl_access = 'w' : $lvl_access = 'r';
 $tpl->assign('mode_access', $lvl_access);
 
-/*
- * start header menu
- */
+// start header menu
 $tpl->assign("headerMenu_name", _("Full Name"));
 $tpl->assign("headerMenu_desc", _("Alias / Login"));
 $tpl->assign("headerMenu_email", _("Email"));
@@ -117,21 +114,15 @@
 $tpl->assign("headerMenu_admin", _("Admin"));
 $tpl->assign("headerMenu_options", _("Options"));
 
-/*
- * Contact list
- */
+// Contact list
 $search = tidySearchKey($search, $advanced_search);
 
 $form = new HTML_QuickFormCustom('select_form', 'POST', "?p=" . $p);
 
-/*
- * Different style between each lines
- */
+// Different style between each lines
 $style = "one";
 
-/*
- * Fill a tab with a mutlidimensionnal Array we put in $tpl
- */
+// Fill a tab with a multidimensional Array we put in $tpl
 $elemArr = array();
 foreach ($contacts as $contact) {
     $selectedElements = $form->addElement('checkbox', "select[" . $contact['contact_id'] . "]");
@@ -199,17 +190,13 @@
 }
 $tpl->assign("elemArr", $elemArr);
 
-/*
- * Different messages we put in the template
- */
+// Different messages we put in the template
 $tpl->assign('msg', array("addL" => "main.php?p=" . $p . "&o=a", "addT" => _("Add")));
 if ($centreon->optGen['ldap_auth_enable']) {
     $tpl->assign('ldap', $centreon->optGen['ldap_auth_enable']);
 }
 
-/*
- * Toolbar select
- */
+// Toolbar select
 ?>
 <script type="text/javascript">
     function setO(_i) {
@@ -234,14 +221,20 @@ function setO(_i) {
         "   setO(this.form.elements['o1'].value); submit();} " .
         "this.form.elements['o1'].selectedIndex = 0"
 );
-$form->addElement('select', 'o1', null, array(
-    null => _("More actions..."),
-    "m" => _("Duplicate"),
-    "d" => _("Delete"),
-    "mc" => _("Massive Change"),
-    "ms" => _("Enable"),
-    "mu" => _("Disable")
-), $attrs1);
+$form->addElement(
+    'select',
+    'o1',
+    null,
+    array(
+        null => _("More actions..."),
+        "m" => _("Duplicate"),
+        "d" => _("Delete"),
+        "mc" => _("Massive Change"),
+        "ms" => _("Enable"),
+        "mu" => _("Disable")
+    ),
+    $attrs1
+);
 $form->setDefaults(array('o1' => null));
 
 $attrs2 = array(
@@ -260,14 +253,20 @@ function setO(_i) {
         "   setO(this.form.elements['o2'].value); submit();} " .
         "this.form.elements['o1'].selectedIndex = 0"
 );
-$form->addElement('select', 'o2', null, array(
-    null => _("More actions..."),
-    "m" => _("Duplicate"),
-    "d" => _("Delete"),
-    "mc" => _("Massive Change"),
-    "ms" => _("Enable"),
-    "mu" => _("Disable")
-), $attrs2);
+$form->addElement(
+    'select',
+    'o2',
+    null,
+    array(
+        null => _("More actions..."),
+        "m" => _("Duplicate"),
+        "d" => _("Delete"),
+        "mc" => _("Massive Change"),
+        "ms" => _("Enable"),
+        "mu" => _("Disable")
+    ),
+    $attrs2
+);
 $form->setDefaults(array('o2' => null));
 
 $o1 = $form->getElement('o1');
@@ -281,9 +280,7 @@ function setO(_i) {
 $tpl->assign('limit', $limit);
 $tpl->assign('searchCT', $search);
 
-/*
- * Apply a template definition
- */
+// Apply a template definition
 $renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl);
 $form->accept($renderer);
 $tpl->assign('form', $renderer->toArray());
diff --git a/www/include/configuration/configObject/contactgroup/listContactGroup.php b/www/include/configuration/configObject/contactgroup/listContactGroup.php
index e4fbf337427..3b099e2b569 100644
--- a/www/include/configuration/configObject/contactgroup/listContactGroup.php
+++ b/www/include/configuration/configObject/contactgroup/listContactGroup.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -40,18 +40,19 @@
 include_once "./include/common/autoNumLimit.php";
 
 $SearchSTR = "";
-$clauses = array();
-$search = null;
-if (isset($_POST['searchCG'])) {
-    $search = $_POST['searchCG'];
-    $centreon->historySearch[$url] = $search;
-} elseif (isset($_GET['search'])) {
-    $search = $_GET['search'];
+
+$search = filter_var(
+    $_POST['searchCG'] ?? $_GET['search'] ?? null,
+    FILTER_SANITIZE_STRING
+);
+
+if (isset($_POST['searchCG']) || isset($_GET['search'])) {
     $centreon->historySearch[$url] = $search;
-} elseif (isset($centreon->historySearch[$url])) {
+} else {
     $search = $centreon->historySearch[$url];
 }
 
+$clauses = array();
 if ($search) {
     $clauses = array(
         'cg_name' => array('LIKE', '%' . $search . '%'),
@@ -76,7 +77,7 @@
 $tpl = new Smarty();
 $tpl = initSmartyTpl($path, $tpl);
 
-/* Access level */
+// Access level
 ($centreon->user->access->page($p) == 1) ? $lvl_access = 'w' : $lvl_access = 'r';
 $tpl->assign('mode_access', $lvl_access);
 
@@ -96,14 +97,10 @@
 
 $form = new HTML_QuickFormCustom('select_form', 'POST', "?p=" . $p);
 
-/*
- * Different style between each lines
- */
+// Different style between each lines
 $style = "one";
 
-/*
- * Fill a tab with a mutlidimensionnal Array we put in $tpl
- */
+// Fill a tab with a multidimensional Array we put in $tpl
 $elemArr = array();
 foreach ($cgs as $cg) {
     $selectedElements = $form->addElement('checkbox', "select[" . $cg['cg_id'] . "]");
@@ -127,8 +124,8 @@
            FROM `contactgroup_contact_relation` `cgr` 
            WHERE `cgr`.`contactgroup_cg_id` = '" . $cg['cg_id'] . "' " .
         $acl->queryBuilder('AND', 'contact_contact_id', $contactstring);
-    $DBRESULT2 = $pearDB->query($rq);
-    $ctNbr = $DBRESULT2->fetchRow();
+    $dbResult2 = $pearDB->query($rq);
+    $ctNbr = $dbResult2->fetch();
     $elemArr[] = array(
         "MenuClass" => "list_" . $style,
         "RowMenu_select" => $selectedElements->toHtml(),
@@ -144,15 +141,16 @@
 }
 $tpl->assign("elemArr", $elemArr);
 
-/*
- * Different messages we put in the template
- */
-$tpl->assign('msg', array(
-    "addL" => "main.php?p=" . $p . "&o=a",
-    "addT" => _("Add"),
-    "delConfirm" => _("Do you confirm the deletion ?"),
-    "view_notif" => _("View contact group notifications")
-));
+// Different messages we put in the template
+$tpl->assign(
+    'msg',
+    array(
+        "addL" => "main.php?p=" . $p . "&o=a",
+        "addT" => _("Add"),
+        "delConfirm" => _("Do you confirm the deletion ?"),
+        "view_notif" => _("View contact group notifications")
+    )
+);
 
 foreach (array('o1', 'o2') as $option) {
     $attrs1 = array(
@@ -183,16 +181,14 @@
     $o1->setSelected(null);
 }
 ?>
-    <script type="text/javascript">
-        function setO(_i) {
-            document.forms['form'].elements['o'].value = _i;
-        }
-    </script>
+<script type="text/javascript">
+    function setO(_i) {
+        document.forms['form'].elements['o'].value = _i;
+    }
+</script>
 <?php
 
-/*
- * Apply a template definition
- */
+// Apply a template definition
 $renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl);
 $form->accept($renderer);
 $tpl->assign('form', $renderer->toArray());
diff --git a/www/include/configuration/configObject/timeperiod/listTimeperiod.php b/www/include/configuration/configObject/timeperiod/listTimeperiod.php
index 552f55341ef..7937ba3fe4c 100644
--- a/www/include/configuration/configObject/timeperiod/listTimeperiod.php
+++ b/www/include/configuration/configObject/timeperiod/listTimeperiod.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -37,32 +37,30 @@
     exit();
 }
 
-include("./include/common/autoNumLimit.php");
+include "./include/common/autoNumLimit.php";
 
-$SearchTool = '';
-$search = null;
-
-if (isset($_POST['searchTP'])) {
-    $search = $_POST['searchTP'];
-    $centreon->historySearch[$url] = $search;
-} elseif (isset($_GET['searchTP'])) {
-    $search = $_GET['searchTP'];
+$search = filter_var(
+    $_POST['searchTP'] ?? $_GET['searchTP'] ?? null,
+    FILTER_SANITIZE_STRING
+);
+if (isset($_POST['searchTP']) || $_GET['searchTP']) {
     $centreon->historySearch[$url] = $search;
-} elseif (isset($centreon->historySearch[$url])) {
+} else {
     $search = $centreon->historySearch[$url];
 }
 
+$SearchTool = '';
 if ($search) {
     $SearchTool .= " WHERE tp_name LIKE '%" . htmlentities($search, ENT_QUOTES, "UTF-8") . "%'";
 }
 
-//Timeperiod list
+// Timeperiod list
 $query = "SELECT SQL_CALC_FOUND_ROWS tp_id, tp_name, tp_alias FROM timeperiod $SearchTool " .
     "ORDER BY tp_name LIMIT " . $num * $limit . ", " . $limit;
-$DBRESULT = $pearDB->query($query);
+$dbResult = $pearDB->query($query);
 $rows = $pearDB->query("SELECT FOUND_ROWS()")->fetchColumn();
 
-include("./include/common/checkPagination.php");
+include "./include/common/checkPagination.php";
 
 /*
  * Smarty template Init
@@ -70,13 +68,11 @@
 $tpl = new Smarty();
 $tpl = initSmartyTpl($path, $tpl);
 
-/* Access level */
+// Access level
 ($centreon->user->access->page($p) == 1) ? $lvl_access = 'w' : $lvl_access = 'r';
 $tpl->assign('mode_access', $lvl_access);
 
-/*
- * start header menu
- */
+// start header menu
 $tpl->assign("headerMenu_name", _("Name"));
 $tpl->assign("headerMenu_desc", _("Description"));
 $tpl->assign("headerMenu_options", _("Options"));
@@ -84,17 +80,13 @@
 $search = tidySearchKey($search, $advanced_search);
 
 $form = new HTML_QuickFormCustom('select_form', 'POST', "?p=" . $p);
-/*
- * Different style between each lines
- */
+// Different style between each lines
 $style = "one";
 
-/*
- * Fill a tab with a mutlidimensionnal Array we put in $tpl
- */
+// Fill a tab with a multidimensional Array we put in $tpl
 $elemArr = array();
 
-for ($i = 0; $timeperiod = $DBRESULT->fetchRow(); $i++) {
+for ($i = 0; $timeperiod = $dbResult->fetch(); $i++) {
     $moptions = "";
     $selectedElements = $form->addElement('checkbox', "select[" . $timeperiod['tp_id'] . "]");
     $moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) " .
@@ -113,23 +105,24 @@
     $style != "two" ? $style = "two" : $style = "one";
 }
 $tpl->assign("elemArr", $elemArr);
-/*
- * Different messages we put in the template
- */
+
+// Different messages we put in the template
 $tpl->assign(
     'msg',
-    array("addL" => "main.php?p=" . $p . "&o=a", "addT" => _("Add"), "delConfirm" => _("Do you confirm the deletion ?"))
+    array(
+        "addL" => "main.php?p=" . $p . "&o=a",
+        "addT" => _("Add"),
+        "delConfirm" => _("Do you confirm the deletion ?")
+    )
 );
 
-/*
- * Toolbar select
- */
+// Toolbar select
 ?>
-    <script type="text/javascript">
-        function setO(_i) {
-            document.forms['form'].elements['o'].value = _i;
-        }
-    </script>
+<script type="text/javascript">
+    function setO(_i) {
+        document.forms['form'].elements['o'].value = _i;
+    }
+</script>
 <?php
 
 foreach (array('o1', 'o2') as $option) {
@@ -164,9 +157,7 @@ function setO(_i) {
 $tpl->assign('limit', $limit);
 $tpl->assign('searchTP', $search);
 
-/*
- * Apply a template definition
- */
+// Apply a template definition
 $renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl);
 $form->accept($renderer);
 $tpl->assign('form', $renderer->toArray());