basePath = $basePath !== '' ? rtrim($basePath, '/') : __DIR__ . '/../../views'; } public function render(string $template, array $vars = []): string { $path = $this->basePath !== '' ? $this->basePath . '/' . ltrim($template, '/') : $template; if (!is_file($path)) { error_log('AC View missing: ' . $path); return ''; } if ($vars) { extract($vars, EXTR_SKIP); } ob_start(); require $path; $html = ob_get_clean() ?: ''; return $this->injectCsrfTokens($html); } private function injectCsrfTokens(string $html): string { if ($html === '' || stripos($html, ''; return (string)preg_replace_callback( '~]*>~i', static function (array $matches) use ($tokenField): string { $tag = $matches[0]; if (!preg_match('~\bmethod\s*=\s*([\"\']?)post\1~i', $tag)) { return $tag; } return $tag . $tokenField; }, $html ); } }