diff options
author | thomascube <thomas@roundcube.net> | 2011-09-21 12:16:01 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2011-09-21 12:16:01 +0000 |
commit | 5172ac9389edc2bb6bc567f923b02f8e9efbfbf5 (patch) | |
tree | 99a336ef4e3ce534b14c6b15d901a0cb7097a2e5 /program/include/rcube_template.php | |
parent | 7f03884966c284bfb67b2e85da6408f323200c61 (diff) |
Aread alter forms in rcube_template::parse() instead of write()
Diffstat (limited to 'program/include/rcube_template.php')
-rwxr-xr-x | program/include/rcube_template.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php index a26796bf9..dd14931a8 100755 --- a/program/include/rcube_template.php +++ b/program/include/rcube_template.php @@ -353,10 +353,6 @@ class rcube_template extends rcube_html_page $js .= $this->get_js_commands() . ($this->framed ? ' }' : ''); $this->add_script($js, 'head_top'); - // make sure all <form> tags have a valid request token - $template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template); - $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer); - // send clickjacking protection headers $iframe = $this->framed || !empty($_REQUEST['_framed']); if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) @@ -437,6 +433,10 @@ class rcube_template extends rcube_html_page $output = $this->parse_with_globals($hook['content']); + // make sure all <form> tags have a valid request token + $output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output); + $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer); + if ($write) { // add debug console if ($realname != 'error' && ($this->config['debug_level'] & 8)) { |