fix(SecurityController): be carefful to string interpolation for regexp

tools/security/controllers/SecurityController.php

@@ -118,13 +118,13 @@ public function checkCaptchaBeforeSave(string $mode = 'page'): array
                 if (empty($_POST['captcha'])) {
                     $error = _t('CAPTCHA_ERROR_PAGE_UNSAVED');
                 } elseif (!$this->captchaController->check(
-                        $_POST['captcha'] ?? '',
-                        $_POST['captcha_hash'] ?? ''
-                    )) {
+                    $_POST['captcha'] ?? '',
+                    $_POST['captcha_hash'] ?? ''
+                )) {
                     $error = _t('CAPTCHA_ERROR_WRONG_WORD');
                 }
                 // clean if error
-                if (!empty($error)){
+                if (!empty($error)) {
                     $_POST['submit'] = '';
                     if ($mode == 'entry') {
                         unset($_POST['bf_titre']);
@@ -146,11 +146,16 @@ public function renderCaptcha(string &$output)
     {
         if (!$this->wiki->UserIsAdmin() && $this->params->get('use_captcha')) {
             $champsCaptcha = $this->renderCaptchaField();
-            $output = preg_replace(
-                '/(\<div class="form-actions">.*<button type=\"submit\" name=\"submit\")/Uis',
-                "$champsCaptcha$1",
-                $output
-            );
+            $matches = [];
+            if (preg_match_all('/(\<div class="form-actions">.*<button type=\"submit\" name=\"submit\")/Uis', $output, $matches)) {
+                foreach ($matches[0] as $key => $match) {
+                    $output = str_replace(
+                        $match,
+                        $champsCaptcha . $matches[1][$key],
+                        $output
+                    );
+                }
+            }
         }
     }