From 5172ac9389edc2bb6bc567f923b02f8e9efbfbf5 Mon Sep 17 00:00:00 2001 From: thomascube Date: Wed, 21 Sep 2011 12:16:01 +0000 Subject: Aread alter forms in rcube_template::parse() instead of write() --- program/include/rcube_template.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php index a26796bf9..dd14931a8 100755 --- a/program/include/rcube_template.php +++ b/program/include/rcube_template.php @@ -353,10 +353,6 @@ class rcube_template extends rcube_html_page $js .= $this->get_js_commands() . ($this->framed ? ' }' : ''); $this->add_script($js, 'head_top'); - // make sure all
tags have a valid request token - $template = preg_replace_callback('/]+)>/Ui', array($this, 'alter_form_tag'), $template); - $this->footer = preg_replace_callback('/]+)>/Ui', array($this, 'alter_form_tag'), $this->footer); - // send clickjacking protection headers $iframe = $this->framed || !empty($_REQUEST['_framed']); if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) @@ -437,6 +433,10 @@ class rcube_template extends rcube_html_page $output = $this->parse_with_globals($hook['content']); + // make sure all tags have a valid request token + $output = preg_replace_callback('/]+)>/Ui', array($this, 'alter_form_tag'), $output); + $this->footer = preg_replace_callback('/]+)>/Ui', array($this, 'alter_form_tag'), $this->footer); + if ($write) { // add debug console if ($realname != 'error' && ($this->config['debug_level'] & 8)) { -- cgit v1.2.3