Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When sending a message, if you select a username that contains an apostrophe, it will be returned encoded (replacing the apostrophe with '. That causes the form to throw an error that the username doesn't exist.
Comments
Comment #1
mstef CreditAttribution: mstef commentedWhat do you think about using strip_tags() instead of check_plain() in theme_privatemsg_username()?
Comment #3
mstef CreditAttribution: mstef commentedUpdate the test to match
Comment #4
BerdirWell, strip_tags() would on the other side break a username that has in it, which is not possible by default but still.
Not sure, how does core handle this? There is a user autocomplete on the node author textfield, I think.
Comment #5
mstef CreditAttribution: mstef commentedIt uses:
Also has check_plain(), but I just tested and the autocomplete doesn't return it to the textfield encoded, and there's no problems submitted.
Hmm..?
Comment #6
BerdirAh yes, makes sense. Only the label that is displayed is run through check_plain(), the key is then what is actually inserted into the textfield, and that doesn't need to be escaped. That's the way then :)
Comment #7
mstef CreditAttribution: mstef commentedYea but it's not displayed on the textfield as escaped..that's what is confusing me.
And what's confusing me is that privatemsg_autocomplete() is also only escaping the label. But not working..
Comment #8
GBurg CreditAttribution: GBurg commentedI have the same issue. Only want to note that probably it is a problem in the js?
Comment #9
stefgosselin CreditAttribution: stefgosselin commentedThe fix seems to do the trick but the bundled private message realname module has the same issue.
Attached patch replicates the strategy in privatemsg_realname.module.
Comment #11
stefgosselin CreditAttribution: stefgosselin commentedRetest patch at #9
Comment #12
stefgosselin CreditAttribution: stefgosselin commentedRetest patch at #9
Comment #13
BerdirComment #15
stefgosselin CreditAttribution: stefgosselin commentedI think testbot is choking on the patch because it applies a fix in a submodule (privatemsg_realname). To anyone stumbling on this thread needing the fix for privatemsg_realname, patch 12 fixed up the issue for me.
Comment #16
Sutharsan CreditAttribution: Sutharsan commentedPatch re-rolled and made to apply cleanly.
Comment #17
ptmkenny CreditAttribution: ptmkenny commented(deleted)
Comment #18
ptmkenny CreditAttribution: ptmkenny commentedRe-setting status; sorry, mistakenly posted on wrong issue (had multiple tabs open- sorry)
Comment #19
ptmkenny CreditAttribution: ptmkenny commentedI tested this patch with both realname usernames and standard usernames with apostrophes, including multiple apostrophes, and it worked. Note that on 7.x-2.x, for this patch to work, another patch (https://drupal.org/node/1956038) must be applied.
Comment #20
BerdirCommitted and pushed. Do we need this for 6..x as well, not sure right now.
Comment #21
oadaeh CreditAttribution: oadaeh as a volunteer commentedThis issue is being closed because it is against a branch for a version of Drupal that is no longer supported.
If you feel that this issue is still valid, feel free to re-open and update it (and any possible patch) to work with the 7.x-1.x branch (bug fixes only) or the 7.x-2.x branch.
Thank you.