Index: modules/openid/openid.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/openid/openid.module,v
retrieving revision 1.19.2.2
diff -u -p -r1.19.2.2 openid.module
--- modules/openid/openid.module	14 Apr 2008 20:24:05 -0000	1.19.2.2
+++ modules/openid/openid.module	5 Jul 2008 18:43:37 -0000
@@ -117,15 +117,26 @@ function openid_form_alter(&$form, $form
   elseif ($form_id == 'user_register' && isset($_SESSION['openid'])) {
     // We were unable to auto-register a new user. Prefill the registration
     // form with the values we have.
-    $form['name']['#default_value'] = $_SESSION['openid']['values']['name'];
-    $form['mail']['#default_value'] = $_SESSION['openid']['values']['mail'];
+    $form['name']['#default_value'] = isset($_SESSION['openid']['values']['name']) ? $_SESSION['openid']['values']['name'] : '';
+    $form['mail']['#default_value'] = isset($_SESSION['openid']['values']['mail']) ? $_SESSION['openid']['values']['mail'] : '';
+
+    // Make sure that the form is never pre-filled with invalid values. These functions return NULL on valid input.
+    if (user_validate_name($form['name']['#default_value'])) $form['name']['#default_value'] = '';
+    if (user_validate_mail($form['mail']['#default_value'])) $form['mail']['#default_value'] = '';
+    
     // If user_email_verification is off, hide the password field and just fill
     // with random password to avoid confusion.
     if (!variable_get('user_email_verification', TRUE)) {
       $form['pass']['#type'] = 'hidden';
       $form['pass']['#value'] = user_password();
     }
-    $form['auth_openid'] = array('#type' => 'hidden', '#value' => $_SESSION['openid']['values']['auth_openid']);
+    $form['auth_openid'] = array('#type' => 'hidden', '#value' => isset($_SESSION['openid']['values']['auth_openid']) ? $_SESSION['openid']['values']['auth_openid'] : '');
+    $form['openid_display'] = array(
+      '#type' => 'item',
+      '#title' => t('Your OpenID'),
+      '#description' => t('This OpenID will be attached to your account after registration.'),
+      '#value' => $_SESSION['openid']['values']['auth_openid'],    
+    );   
   }
   return $form;
 }
@@ -400,36 +411,45 @@ function openid_authentication($response
   elseif (variable_get('user_register', 1)) {
     // Register new user
     $form_state['redirect'] = NULL;
-    $form_state['values']['name'] = (empty($response['openid.sreg.nickname'])) ? $identity : $response['openid.sreg.nickname'];
-    $form_state['values']['mail'] = (empty($response['openid.sreg.email'])) ? '' : $response['openid.sreg.email'];
+    $form_state['values']['name'] = !empty($response['openid.sreg.nickname']) ? $response['openid.sreg.nickname'] : '';
+    $form_state['values']['mail'] = !empty($response['openid.sreg.email']) ? $response['openid.sreg.email'] : '';
     $form_state['values']['pass']  = user_password();
     $form_state['values']['status'] = variable_get('user_register', 1) == 1;
     $form_state['values']['response'] = $response;
     $form_state['values']['auth_openid'] = $identity;
     $form = drupal_retrieve_form('user_register', $form_state);
     drupal_prepare_form('user_register', $form, $form_state);
-    drupal_validate_form('user_register', $form, $form_state);
-    if (form_get_errors()) {
-      // We were unable to register a valid new user, redirect to standard
-      // user/register and prefill with the values we received.
-      drupal_set_message(t('OpenID registration failed for the reasons listed. You may register now, or if you already have an account you can <a href="@login">log in</a> now and add your OpenID under "My Account"', array('@login' => url('user/login'))), 'error');
-      $_SESSION['openid']['values'] = $form_state['values'];
-      // We'll want to redirect back to the same place.
+
+    if (!$form_state['values']['name'] || !$form_state['values']['mail']) {
+      drupal_set_message(t('You have never registered at this site before. You must supply your name and email address to create an account. You will be able to authenticate with your OpenID in the future.'));
       $destination = drupal_get_destination();
       unset($_REQUEST['destination']);
       drupal_goto('user/register', $destination);
     }
     else {
-      unset($form_state['values']['response']);
-      $account = user_save('', $form_state['values']);
-      // Terminate if an error occured during user_save().
-      if (!$account) {
-        drupal_set_message(t("Error saving user account."), 'error');
-        drupal_goto();
+      drupal_validate_form('user_register', $form, $form_state);
+      if (form_get_errors()) {
+        // We were unable to register a valid new user, redirect to standard
+        // user/register and prefill with the values we received.
+        drupal_set_message(t('OpenID registration failed for the reasons listed. You may register now, or if you already have an account you can <a href="@login">log in</a> now and add your OpenID under "My Account"', array('@login' => url('user/login'))), 'error');
+        $_SESSION['openid']['values'] = $form_state['values'];
+        // We'll want to redirect back to the same place.
+        $destination = drupal_get_destination();
+        unset($_REQUEST['destination']);
+        drupal_goto('user/register', $destination);
+      }
+      else {
+        unset($form_state['values']['response']);
+        $account = user_save('', $form_state['values']);
+        // Terminate if an error occured during user_save().
+        if (!$account) {
+          drupal_set_message(t("Error saving user account."), 'error');
+          drupal_goto();
+        }
+        user_external_login($account);
       }
-      user_external_login($account);
+      drupal_redirect_form($form, $form_state['redirect']);
     }
-    drupal_redirect_form($form, $form_state['redirect']);
   }
   else {
     drupal_set_message(t('Only site administrators can create new user accounts.'), 'error');