Aread alter forms in rcube_template::parse() instead of write()

git-svn-id: https://svn.roundcube.net/trunk@5260 208e9e7b-5314-0410-a742-e7e81cd9613c

1 files changed, 4 insertions, 4 deletions

diff --git a/roundcubemail/program/include/rcube_template.php b/roundcubemail/program/include/rcube_template.php
index a26796bf9..dd14931a8 100755
--- a/roundcubemail/program/include/rcube_template.php
+++ b/roundcubemail/program/include/rcube_template.php
@@ -353,10 +353,6 @@ class rcube_template extends rcube_html_page
         $js .= $this->get_js_commands() . ($this->framed ? ' }' : '');
         $this->add_script($js, 'head_top');
 
-        // make sure all <form> tags have a valid request token
-        $template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template);
-        $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
-        
         // send clickjacking protection headers
         $iframe = $this->framed || !empty($_REQUEST['_framed']);
         if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')))
@@ -437,6 +433,10 @@ class rcube_template extends rcube_html_page
 
         $output = $this->parse_with_globals($hook['content']);
 
+        // make sure all <form> tags have a valid request token
+        $output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
+        $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
+
         if ($write) {
             // add debug console
             if ($realname != 'error' && ($this->config['debug_level'] & 8)) {