We're running into this problem trying to add profile and field tokens for users. There aren't any field API fields or profile fields loaded into the global user object, and are unavailable when we try to provide tokens for them. We really, really need to provide the result of user_load() rather than just passing global $user;.

CommentFileSizeAuthor
#7 967330-current-user-token-load-D7.patch4.79 KBdave reid
#5 967330-current-user-token-load-D7.patch4.66 KBdave reid
#1 967330-current-user-token-load-D7.patch851 bytesdave reid

Comments

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Status: Active » Needs review
StatusFileSize
new 967330-current-user-token-load-D7.patch851 bytes
BenK’s picture

BenK commented

Subscribing...

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

This is a blocker for both #125640: Profile tokens and #691078: Field tokens in token module.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Issue tags: +realname, +format_username
dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
StatusFileSize
new 967330-current-user-token-load-D7.patch4.66 KB

Revised patch that also fixes that format_username() should always be sanitized with check_plain(), since that's exactly what it says in its doc page.

Status: Needs review » Needs work

The last submitted patch, 967330-current-user-token-load-D7.patch, failed testing.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Status: Needs work » Needs review
StatusFileSize
new 967330-current-user-token-load-D7.patch4.79 KB

Error with what parameter was passed to format_username().

fago’s picture

fago
Primary language German
Location Vienna
commented

Hm, the question is what would one expect when using the [user:name] token - the name the user has input in the user name field or the formatted user name, which may have been altered by modules. I think, it should be the first, while I agree the formatted user name should be available somewhere too, e.g. as [user].

fago’s picture

fago
Primary language German
Location Vienna
commented

@loading the full-account object:
Definitively, passing half-baken objects around is evil.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

@fago As per #9 care to RTBC? :)

moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Reviewed & tested by the community

Looks good. Thx.

fago’s picture

fago
Primary language German
Location Vienna
commented

With that patch, how would I get just the user-name as entered by users if a module implements hook_username_alter()?

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

Same as before the patch. This had no change to the [user:name] token, just to how it was tested. Realname for D7 adds a [user:name-raw] token if it doesn't already exist.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
Status: Reviewed & tested by the community » Needs review

Hm. Does this need to be benchmarked? How often is this going to get called?

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

It's only used when people use [current-user:*] tokens and performing token replacement, so not exactly too often.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Status: Needs review » Reviewed & tested by the community

So in other words, when this happens in core, it's not on every page, and it's only when responding to certain events. Marking back to RTBC.

moshe weitzman’s picture

moshe weitzman commented

Well, we statically cache users so user_load() would typically run once and even then would be called only if user specifically requested this token. You can imagine scenarios like a mail merge where we load many users but those are not going to be performance sensitive operations. I don't think we have a performance concern here.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
Status: Reviewed & tested by the community » Fixed

Okie doke then.

Committed to HEAD. Thanks!

Status: Fixed » Closed (fixed)
Issue tags: -token, -realname, -format_username

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +token, +realname, +format_username

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.