summaryrefslogtreecommitdiff
path: root/program/include
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2011-09-21 12:16:01 +0000
committerthomascube <thomas@roundcube.net>2011-09-21 12:16:01 +0000
commit5172ac9389edc2bb6bc567f923b02f8e9efbfbf5 (patch)
tree99a336ef4e3ce534b14c6b15d901a0cb7097a2e5 /program/include
parent7f03884966c284bfb67b2e85da6408f323200c61 (diff)
Aread alter forms in rcube_template::parse() instead of write()
Diffstat (limited to 'program/include')
-rwxr-xr-xprogram/include/rcube_template.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
index a26796bf9..dd14931a8 100755
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -353,10 +353,6 @@ class rcube_template extends rcube_html_page
$js .= $this->get_js_commands() . ($this->framed ? ' }' : '');
$this->add_script($js, 'head_top');
- // make sure all <form> tags have a valid request token
- $template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template);
- $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
-
// send clickjacking protection headers
$iframe = $this->framed || !empty($_REQUEST['_framed']);
if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')))
@@ -437,6 +433,10 @@ class rcube_template extends rcube_html_page
$output = $this->parse_with_globals($hook['content']);
+ // make sure all <form> tags have a valid request token
+ $output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
+ $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
+
if ($write) {
// add debug console
if ($realname != 'error' && ($this->config['debug_level'] & 8)) {