Description: ------------ the action passed to the new() function gets basename()ed when displayed which is irritating and not really very helpful. if i want to make a form that points outside my current directory i can't do it. i haven't experimented with % encoding yet to try and get around it. Reproduce code: --------------- $form = new HTML_Form('http://example.com/doit.cgi'); print $form->returnStart(); Expected result: ---------------- <FORM ACTION="http://example.com/doit.cgi" METHOD="GET"> Actual result: -------------- <FORM ACTION="doit.cgi" METHOD="GET">

using %2f doesn't help. hand coding the <form> tag will obviously work, but it seems like it would be worth fixing the main code. given the lack of docs for this package i hope that noone relies on that basename call :-).

Hello Joey, I spend some time on your bug report. I think that basename is used as a security measure. (Under certain circumstances no basename could represent a security issue) I prepared a patch ( patched source live at http:// php.gurugeek.org/pear/html_form_gg.php ) which basically introduces a new var $basenameSecurity and a private function. In this way the user could set its value to false if desired and enter the full url as per your expected result. An important note: I am not the package lead. I recently asked to be added as helper/developer within HTML_Form and if that is the case, I could apply the patch if approved by the lead. Thanks again for your contribution to PEAR. Regards David Costa

even if there is a possible security problem, this is not data that comes from the user, so i can't see why the code would enforce a basename on it. i am of the camp that trusts the programmer. distrusting the user is ok, but that doesn't seem to apply to this case.

Fixed in CVS.