Display problems with name containing apostrophe

That looks correct, to me.

To me it display:

Olga D & # 0 3 9 ; Amico

without spaces between the D and the following A.

Yes, this is an ongoing argument with the core developers and arises out of the need to protect you from hackers.

Right now, my code is being updated for another issue, so I can't commit this fix yet, but it does seem to fix it (and I think gives me an idea for a core patch). In "function realname_make_name", on approximately line 319, you will find

Change that line to
And let me know if that solves the problem.

Fix committed to 6.x only.

Verified for the 5.x and your patch works correctly!
Thank you,
Michele

The suggested fix is wrong.

The appearance of &039; means that the name is passed twice through check_plain. The realname in realname_make_name should be treated as the plain text data it is; and escaped upon using it in another context. This means that you need to escape the name with check_plain the moment it is used in an HTML context.

As you can see from the theme_username documentation, it too treats the username as plaintext and escapes it upon output (either via l() or check_plain).

Please read Safe String Theory for the web and Handle text in a secure fashion for background.

My suggestion is to treat the name as plaintext in realname_make_name (do not use check_plain), and review the uses of the name elsewhere in the module for the need for escaping.

Thank you, Heine. I have read those references several times, which is why I use check_plain. Perhaps I use it too liberally.

I have removed the check_plain/htmlspecialchars entirely. Committed to both branches.

Automatically closed -- issue fixed for two weeks with no activity.