Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.1013 diff -u -p -r1.1013 common.inc --- includes/common.inc 11 Oct 2009 06:05:53 -0000 1.1013 +++ includes/common.inc 12 Oct 2009 16:23:26 -0000 @@ -1333,14 +1333,14 @@ function fix_gpc_magic() { * check_plain, to escape HTML characters. Use this for any output that's * displayed within a Drupal page. * @code - * drupal_set_title($title = t("@name's blog", array('@name' => $account->name)), PASS_THROUGH); + * drupal_set_title($title = t("@name's blog", array('@name' => format_username($account))), PASS_THROUGH); * @endcode * * - %variable, which indicates that the string should be HTML escaped and * highlighted with theme_placeholder() which shows up by default as * emphasized. * @code - * $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name)); + * $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => format_username($user), '%name-to' => format_username($account))); * @endcode * * When using t(), try to put entire sentences and strings in one t() call. @@ -2352,6 +2352,33 @@ function _format_date_callback(array $ma } /** + * Format a username. + * + * By default, the passed in object's 'name' property is used if it exists, or + * else, the site-defined value for the 'anonymous' variable. However, a module + * may override this by implementing hook_username_alter(&$name, $account). + * + * @see hook_username_alter() + * + * @param $account + * The account object for the user whose name is to be formatted. + * + * @return + * An unsanitized string with the username to display. The code receiving + * this result must ensure that check_plain() is called on it before it is + * printed to the page. + */ +function format_username($account) { + $name = !empty($account->name) ? $account->name : variable_get('anonymous', t('Anonymous')); + // Faster than drupal_alter(), and format_username() gets called a lot. + foreach (module_implements('username_alter') as $module) { + $function = $module . '_username_alter'; + $function($name, $account); + } + return $name; +} + +/** * @} End of "defgroup format". */ Index: includes/theme.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/theme.inc,v retrieving revision 1.533 diff -u -p -r1.533 theme.inc --- includes/theme.inc 9 Oct 2009 16:33:13 -0000 1.533 +++ includes/theme.inc 12 Oct 2009 16:23:26 -0000 @@ -1905,12 +1905,17 @@ function template_preprocess_username(&$ else { $variables['uid'] = (int)$account->uid; } - if (empty($account->name)) { - $variables['name'] = variable_get('anonymous', t('Anonymous')); - } - else { - $variables['name'] = $account->name; + + // Set the name to a formatted name that is safe for printing and + // that won't break tables by being too long. Keep an unshortened, + // unsanitized version, in case other preproces functions want to implement + // their own shortening logic or add markup. If they do so, they must ensure + // that $variables['name'] is safe for printing. + $name = $variables['name_unsafe'] = format_username($account); + if (drupal_strlen($name) > 20) { + $name = drupal_substr($name, 0, 15) . '...'; } + $variables['name'] = check_plain($name); $variables['profile_access'] = user_access('access user profiles'); $variables['link_attributes'] = array(); @@ -1929,12 +1934,6 @@ function template_preprocess_username(&$ $variables['link_options']['html'] = TRUE; // Set a default class. $variables['attributes_array'] = array('class' => array('username')); - // Shorten the name when it is too long or it will break many tables. - if (drupal_strlen($variables['name']) > 20) { - $variables['name'] = drupal_substr($variables['name'], 0, 15) . '...'; - } - // Make sure name is safe for use in the theme function. - $variables['name'] = check_plain($variables['name']); } /** Index: modules/blog/blog.module =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.module,v retrieving revision 1.336 diff -u -p -r1.336 blog.module --- modules/blog/blog.module 9 Oct 2009 00:59:55 -0000 1.336 +++ modules/blog/blog.module 12 Oct 2009 16:23:27 -0000 @@ -27,7 +27,7 @@ function blog_user_view($account) { $account->content['summary']['blog'] = array( '#type' => 'user_profile_item', '#title' => t('Blog'), - '#markup' => l(t('View recent blog entries'), "blog/$account->uid", array('attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => $account->name))))), + '#markup' => l(t('View recent blog entries'), "blog/$account->uid", array('attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => format_username($account)))))), '#attributes' => array('class' => array('blog')), ); } @@ -60,7 +60,7 @@ function blog_form($node, $form_state) { function blog_view($node, $build_mode) { if ((bool)menu_get_object()) { // Breadcrumb navigation. - drupal_set_breadcrumb(array(l(t('Home'), NULL), l(t('Blogs'), 'blog'), l(t("!name's blog", array('!name' => $node->name)), 'blog/' . $node->uid))); + drupal_set_breadcrumb(array(l(t('Home'), NULL), l(t('Blogs'), 'blog'), l(t("!name's blog", array('!name' => format_username($node))), 'blog/' . $node->uid))); } return $node; } @@ -72,9 +72,9 @@ function blog_node_view($node, $build_mo if ($build_mode != 'rss') { if ($node->type == 'blog' && arg(0) != 'blog' || arg(1) != $node->uid) { $links['blog_usernames_blog'] = array( - 'title' => t("!username's blog", array('!username' => $node->name)), + 'title' => t("!username's blog", array('!username' => format_username($node))), 'href' => "blog/$node->uid", - 'attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => $node->name))), + 'attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => format_username($node)))), ); $node->content['links']['blog'] = array( '#theme' => 'links', Index: modules/blog/blog.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.pages.inc,v retrieving revision 1.23 diff -u -p -r1.23 blog.pages.inc --- modules/blog/blog.pages.inc 9 Oct 2009 00:59:55 -0000 1.23 +++ modules/blog/blog.pages.inc 12 Oct 2009 16:23:27 -0000 @@ -12,7 +12,7 @@ function blog_page_user($account) { global $user; - drupal_set_title($title = t("@name's blog", array('@name' => $account->name)), PASS_THROUGH); + drupal_set_title($title = t("@name's blog", array('@name' => format_username($account))), PASS_THROUGH); $items = array(); @@ -123,7 +123,7 @@ function blog_feed_user($account) { ->execute() ->fetchCol(); - $channel['title'] = t("!name's blog", array('!name' => $account->name)); + $channel['title'] = t("!name's blog", array('!name' => format_username($account))); $channel['link'] = url('blog/' . $account->uid, array('absolute' => TRUE)); node_feed($nids, $channel); Index: modules/blog/blog.test =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.test,v retrieving revision 1.19 diff -u -p -r1.19 blog.test --- modules/blog/blog.test 11 Oct 2009 03:07:16 -0000 1.19 +++ modules/blog/blog.test 12 Oct 2009 16:23:27 -0000 @@ -38,7 +38,7 @@ class BlogTestCase extends DrupalWebTest $this->drupalGet('blog/' . $this->big_user->uid); $this->assertResponse(200); - $this->assertTitle(t("@name's blog", array('@name' => $this->big_user->name)) . ' | Drupal', t('Blog title was displayed')); + $this->assertTitle(t("@name's blog", array('@name' => format_username($this->big_user))) . ' | Drupal', t('Blog title was displayed')); $this->assertText(t('You are not allowed to post a new blog entry.'), t('No new entries can be posted without the right permission')); } @@ -50,8 +50,8 @@ class BlogTestCase extends DrupalWebTest $this->drupalGet('blog/' . $this->own_user->uid); $this->assertResponse(200); - $this->assertTitle(t("@name's blog", array('@name' => $this->own_user->name)) . ' | Drupal', t('Blog title was displayed')); - $this->assertText(t('!author has not created any blog entries.', array('!author' => $this->own_user->name)), t('Users blog displayed with no entries')); + $this->assertTitle(t("@name's blog", array('@name' => format_username($this->own_user))) . ' | Drupal', t('Blog title was displayed')); + $this->assertText(t('@author has not created any blog entries.', array('@author' => format_username($this->own_user))), t('Users blog displayed with no entries')); } /** @@ -139,7 +139,7 @@ class BlogTestCase extends DrupalWebTest $this->drupalGet('node/' . $node->nid); $this->assertResponse(200); $this->assertTitle($node->title[FIELD_LANGUAGE_NONE][0]['value'] . ' | Drupal', t('Blog node was displayed')); - $this->assertText(t('Home ' . $crumb . ' Blogs ' . $crumb . ' @name' . $quote . 's blog', array('@name' => $node_user->name)), t('Breadcrumbs were displayed')); + $this->assertText(t('Home ' . $crumb . ' Blogs ' . $crumb . ' @name' . $quote . 's blog', array('@name' => format_username($node_user))), t('Breadcrumbs were displayed')); // View blog edit node. $this->drupalGet('node/' . $node->nid . '/edit'); @@ -180,7 +180,7 @@ class BlogTestCase extends DrupalWebTest // Confirm the recent blog entries link goes to the user's blog page. $this->clickLink('View recent blog entries'); - $this->assertTitle(t("@name's blog | Drupal", array('@name' => $user->name)), t('View recent blog entries link target was correct')); + $this->assertTitle(t("@name's blog | Drupal", array('@name' => format_username($user))), t('View recent blog entries link target was correct')); // Confirm a blog page was displayed. $this->drupalGet('blog'); @@ -191,7 +191,7 @@ class BlogTestCase extends DrupalWebTest // Confirm a blog page was displayed per user. $this->drupalGet('blog/' . $user->uid); - $this->assertTitle(t("@name's blog | Drupal", array('@name' => $user->name)), t('User blog node was displayed')); + $this->assertTitle(t("@name's blog | Drupal", array('@name' => format_username($user))), t('User blog node was displayed')); // Confirm a blog feed was displayed. $this->drupalGet('blog/feed'); @@ -199,6 +199,6 @@ class BlogTestCase extends DrupalWebTest // Confirm a blog feed was displayed per user. $this->drupalGet('blog/' . $user->uid . '/feed'); - $this->assertTitle(t("@name's blog", array('@name' => $user->name)), t('User blog feed was displayed')); + $this->assertTitle(t("@name's blog", array('@name' => format_username($user))), t('User blog feed was displayed')); } } Index: modules/contact/contact.module =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v retrieving revision 1.134 diff -u -p -r1.134 contact.module --- modules/contact/contact.module 11 Oct 2009 18:34:10 -0000 1.134 +++ modules/contact/contact.module 12 Oct 2009 16:23:27 -0000 @@ -174,7 +174,7 @@ function contact_mail($key, &$message, $ '!subject' => $params['subject'], '!category' => isset($params['category']['category']) ? $params['category']['category'] : '', '!form-url' => url($_GET['q'], array('absolute' => TRUE, 'language' => $language)), - '!sender-name' => $params['sender']->name, + '!sender-name' => format_username($params['sender']), '!sender-url' => $params['sender']->uid ? url('user/' . $params['sender']->uid, array('absolute' => TRUE, 'language' => $language)) : $params['sender']->mail, ); @@ -194,7 +194,7 @@ function contact_mail($key, &$message, $ case 'user_mail': case 'user_copy': $variables += array( - '!recipient-name' => $params['recipient']->name, + '!recipient-name' => format_username($params['recipient']), '!recipient-edit-url' => url('user/' . $params['recipient']->uid . '/edit', array('absolute' => TRUE, 'language' => $language)), ); $message['subject'] .= t('[!site-name] !subject', $variables, array('langcode' => $language->language)); Index: modules/contact/contact.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.pages.inc,v retrieving revision 1.32 diff -u -p -r1.32 contact.pages.inc --- modules/contact/contact.pages.inc 11 Oct 2009 18:34:10 -0000 1.32 +++ modules/contact/contact.pages.inc 12 Oct 2009 16:23:27 -0000 @@ -58,7 +58,7 @@ function contact_site_form($form, &$form '#type' => 'textfield', '#title' => t('Your name'), '#maxlength' => 255, - '#default_value' => $user->uid ? $user->name : '', + '#default_value' => $user->uid ? format_username($user) : '', '#required' => TRUE, ); $form['mail'] = array( @@ -174,7 +174,7 @@ function contact_personal_form($form, &$ return drupal_access_denied(); } - drupal_set_title(t('Contact @username', array('@username' => $recipient->name)), PASS_THROUGH); + drupal_set_title(t('Contact @username', array('@username' => format_username($recipient))), PASS_THROUGH); if (!$user->uid) { $form['#attached']['library'][] = array('system', 'cookie'); @@ -190,7 +190,7 @@ function contact_personal_form($form, &$ '#type' => 'textfield', '#title' => t('Your name'), '#maxlength' => 255, - '#default_value' => $user->uid ? $user->name : '', + '#default_value' => $user->uid ? format_username($user) : '', '#required' => TRUE, ); $form['mail'] = array( Index: modules/openid/openid.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/openid/openid.pages.inc,v retrieving revision 1.22 diff -u -p -r1.22 openid.pages.inc --- modules/openid/openid.pages.inc 21 Sep 2009 06:44:14 -0000 1.22 +++ modules/openid/openid.pages.inc 12 Oct 2009 16:23:27 -0000 @@ -28,7 +28,7 @@ function openid_authentication_page() { * Menu callback; Manage OpenID identities for the specified user. */ function openid_user_identities($account) { - drupal_set_title($account->name); + drupal_set_title(format_username($account)); drupal_add_css(drupal_get_path('module', 'openid') . '/openid.css'); // Check to see if we got a response Index: modules/php/php.module =================================================================== RCS file: /cvs/drupal/drupal/modules/php/php.module,v retrieving revision 1.21 diff -u -p -r1.21 php.module --- modules/php/php.module 28 Sep 2009 22:22:54 -0000 1.21 +++ modules/php/php.module 12 Oct 2009 16:23:27 -0000 @@ -105,7 +105,7 @@ print t(\'Welcome visitor! Thank you for
global $user; if ($user->uid) { - print t(\'Welcome @name! Thank you for visiting.\', array(\'@name\' => $user->name)); + print t(\'Welcome @name! Thank you for visiting.\', array(\'@name\' => format_username($user))); } else { print t(\'Welcome visitor! Thank you for visiting.\'); Index: modules/profile/profile.module =================================================================== RCS file: /cvs/drupal/drupal/modules/profile/profile.module,v retrieving revision 1.279 diff -u -p -r1.279 profile.module --- modules/profile/profile.module 10 Oct 2009 21:39:03 -0000 1.279 +++ modules/profile/profile.module 12 Oct 2009 16:23:27 -0000 @@ -202,7 +202,7 @@ function profile_block_view($delta = '') } if ($output) { - $block['subject'] = t('About %name', array('%name' => $account->name)); + $block['subject'] = t('About %name', array('%name' => format_username($account))); $block['content'] = $output; return $block; } Index: modules/statistics/statistics.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/statistics/statistics.pages.inc,v retrieving revision 1.18 diff -u -p -r1.18 statistics.pages.inc --- modules/statistics/statistics.pages.inc 11 Oct 2009 03:07:20 -0000 1.18 +++ modules/statistics/statistics.pages.inc 12 Oct 2009 16:23:27 -0000 @@ -83,7 +83,7 @@ function statistics_user_tracker() { $rows[] = array(array('data' => t('No statistics available.'), 'colspan' => 3)); } - drupal_set_title($account->name); + drupal_set_title(format_username($account)); $build['statistics_table'] = array( '#theme' => 'table', '#header' => $header, Index: modules/system/system.api.php =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.api.php,v retrieving revision 1.82 diff -u -p -r1.82 system.api.php --- modules/system/system.api.php 11 Oct 2009 03:07:20 -0000 1.82 +++ modules/system/system.api.php 12 Oct 2009 16:23:28 -0000 @@ -1077,7 +1077,7 @@ function hook_mail($key, &$message, $par $context = $params['context']; $variables = array( '%site_name' => variable_get('site_name', 'Drupal'), - '%username' => $account->name, + '%username' => format_username($account), ); if ($context['hook'] == 'taxonomy') { $object = $params['object']; @@ -2362,5 +2362,27 @@ function hook_action_info_alter(&$action } /** + * Alter the username that is displayed for a user. + * + * Called by format_username() to allow modules to alter the username that's + * displayed. Can be used to ensure user privacy in situations where + * $account->name is too revealing. + * + * @param &$name + * The string that format_username() will return. + * + * @param $account + * The account object passed to format_username(). + * + * @see format_username() + */ +function hook_username_alter(&$name, $account) { + // Display the user's uid instead of name. + if (isset($account->uid)) { + $name = t('User !uid', array('!uid' => $account->uid)); + } +} + +/** * @} End of "addtogroup hooks". */ Index: modules/toolbar/toolbar.module =================================================================== RCS file: /cvs/drupal/drupal/modules/toolbar/toolbar.module,v retrieving revision 1.13 diff -u -p -r1.13 toolbar.module --- modules/toolbar/toolbar.module 15 Sep 2009 20:50:48 -0000 1.13 +++ modules/toolbar/toolbar.module 12 Oct 2009 16:23:28 -0000 @@ -89,7 +89,7 @@ function toolbar_build() { '#theme' => 'links', '#links' => array( 'account' => array( - 'title' => t('Hello @username', array('@username' => $user->name)), + 'title' => t('Hello @username', array('@username' => format_username($user))), 'href' => 'user', 'html' => TRUE, ), Index: modules/tracker/tracker.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/tracker/tracker.pages.inc,v retrieving revision 1.26 diff -u -p -r1.26 tracker.pages.inc --- modules/tracker/tracker.pages.inc 9 Oct 2009 01:00:06 -0000 1.26 +++ modules/tracker/tracker.pages.inc 12 Oct 2009 16:23:28 -0000 @@ -19,7 +19,7 @@ function tracker_page($account = NULL, $ // When viewed from user/%user/track, display the name of the user // as page title -- the tab title remains Track so this needs to be done // here and not in the menu definition. - drupal_set_title($account->name); + drupal_set_title(format_username($account)); } } else { Index: modules/user/user.api.php =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.api.php,v retrieving revision 1.14 diff -u -p -r1.14 user.api.php --- modules/user/user.api.php 10 Oct 2009 16:48:39 -0000 1.14 +++ modules/user/user.api.php 12 Oct 2009 16:23:28 -0000 @@ -320,7 +320,7 @@ function hook_user_view($account) { $account->content['summary']['blog'] = array( '#type' => 'user_profile_item', '#title' => t('Blog'), - '#markup' => l(t('View recent blog entries'), "blog/$account->uid", array('attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => $account->name))))), + '#markup' => l(t('View recent blog entries'), "blog/$account->uid", array('attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => format_username($account)))))), '#attributes' => array('class' => array('blog')), ); } Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.1062 diff -u -p -r1.1062 user.module --- modules/user/user.module 10 Oct 2009 21:39:03 -0000 1.1062 +++ modules/user/user.module 12 Oct 2009 16:23:28 -0000 @@ -1261,7 +1261,7 @@ function template_preprocess_user_pictur $filepath = variable_get('user_picture_default', ''); } if (isset($filepath)) { - $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous')))); + $alt = t("@user's picture", array('@user' => format_username($account))); if (module_exists('image') && $style = variable_get('user_picture_style', '')) { $variables['user_picture'] = theme('image_style', array('style_name' => $style, 'path' => $filepath, 'alt' => $alt, 'title' => $alt, 'attributes' => array(), 'getsize' => FALSE)); } @@ -1635,7 +1635,7 @@ function user_uid_optional_to_arg($arg) * Menu item title callback - use the user name. */ function user_page_title($account) { - return $account->name; + return format_username($account); } /** Index: modules/user/user.test =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.test,v retrieving revision 1.63 diff -u -p -r1.63 user.test --- modules/user/user.test 10 Oct 2009 16:48:39 -0000 1.63 +++ modules/user/user.test 12 Oct 2009 16:23:28 -0000 @@ -701,7 +701,7 @@ class UserPictureTestCase extends Drupal // user's profile page. $text = t('The image was resized to fit within the maximum allowed dimensions of %dimensions pixels.', array('%dimensions' => $test_dim)); $this->assertRaw($text, t('Image was resized.')); - $alt = t("@user's picture", array('@user' => $this->user->name)); + $alt = t("@user's picture", array('@user' => format_username($this->user))); $style = variable_get('user_picture_style', ''); $this->assertRaw(image_style_url($style, $pic_path), t("Image is displayed in user's edit page"));