CSecurityFilter::showForm

protected function showForm()
{
	if(!isset($_POST['____SECFILTER_CONVERT_JS']) || empty($_POST['____SECFILTER_CONVERT_JS']))
	{
		if(
			//intranet tasks folder created
			(
				isset($_GET["bx_task_action_request"])
				&& $_GET["bx_task_action_request"] === "Y"
				&& isset($_GET["action"])
				&& $_GET["action"] === "folder_edit"
			)
			//or create ticket with wizard
			|| (
				isset($_GET['show_wizard'])
				&& $_GET['show_wizard'] === "Y"
				&& isset($_POST['AJAX_CALL'])
				&& $_POST['AJAX_CALL'] === "Y"
			)
			//or by bitrix:search.title
			|| (
				isset($_POST['q'])
				&& !empty($_POST['q'])
				&& isset($_POST['ajax_call'])
				&& $_POST['ajax_call'] === "y"
			)
			//or by constant defined on the top of the page
			|| defined('BX_SECURITY_SHOW_MESSAGE')
		)
		{
			$this->showTextForm();
		}
		elseif(defined('BX_PUBLIC_MODE') && BX_PUBLIC_MODE == 1)
		{
			$this->showAjaxForm();
		}
		else
		{
			$originalPostVars = $this->getHttpRequest()->getPostList()->toArrayRaw();
			if (!$originalPostVars)
				$originalPostVars = array();

			$this->showHtmlForm($originalPostVars);
		}

		die();
	}
}