/**
* Insert a CSRF token to a form
*
* @param string $lockTo This CSRF token is only valid for this HTTP request endpoint
* @param bool $echo if true, echo instead of returning
* @return string
*/
public function insertToken(string $lockTo = '', bool $echo = true) : string
{
$ret = '<input type="hidden"' . ' name="' . Util::noHTML(self::FORM_TOKEN) . '"' . ' value="' . $this->getTokenString($lockTo) . '"' . ' />';
if ($echo) {
echo $ret;
return '';
}
return $ret;
}