- Always check the username.

modules/contact/contact.module

@@ -310,7 +310,7 @@ function contact_user_page() {
       $output = t('You cannot contact more than %number users per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
     }
     else {
-      drupal_set_title($account->name);
+      drupal_set_title(check_plain($account->name));
       $output = drupal_get_form('contact_mail_user', $account);
     }
 
@@ -326,11 +326,11 @@ function contact_mail_user($recipient) {
   $form['#token'] = $user->name . $user->mail;
   $form['from'] = array('#type' => 'item',
     '#title' => t('From'),
-    '#value' => $user->name .' <'. $user->mail .'>',
+    '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>',
   );
   $form['to'] = array('#type' => 'item',
     '#title' => t('To'),
-    '#value' => $recipient->name,
+    '#value' => check_plain($recipient->name),
   );
   $form['subject'] = array('#type' => 'textfield',
     '#title' => t('Subject'),

modules/forum/forum.module

@@ -895,7 +895,7 @@ function theme_forum_display($forums, $topics, $parents, $tid, $sortby, $forum_p
     }
   }
 
-  drupal_set_title($title);
+  drupal_set_title(check_plain($title));
 
   $breadcrumb[] = array('path' => $_GET['q']);
   menu_set_location($breadcrumb);

modules/profile/profile.module

@@ -477,10 +477,10 @@ function profile_browse() {
     $output .= theme('pager', NULL, 20);
 
     if ($field->type == 'selection' || $field->type == 'list' || $field->type == 'textfield') {
-      $title = strtr($field->page, array('%value' => theme('placeholder', $value)));
+      $title = strtr(check_plain($field->page), array('%value' => theme('placeholder', $value)));
     }
     else {
-      $title = $field->page;
+      $title = check_plain($field->page);
     }
     $output .= '</div>';
 

modules/statistics/statistics.module

@@ -242,7 +242,7 @@ function statistics_user_tracker() {
         l(t('details'), "admin/logs/access/$log->aid"));
     }
 
-    drupal_set_title($account->name);
+    drupal_set_title(check_plain($account->name));
     $output = theme('table', $header, $rows);
     $output .= theme('pager', NULL, 30, 0);
     return $output;

modules/tracker/tracker.module

@@ -57,7 +57,7 @@ function tracker_menu($may_cache) {
 function tracker_track_user() {
   if ($account = user_load(array('uid' => arg(1)))) {
     if ($account->status || user_access('administer users')) {
-      drupal_set_title($account->name);
+      drupal_set_title(check_plain($account->name));
       return tracker_page($account->uid);
     }
     else {

modules/user/user.module

@@ -554,7 +554,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) {
 
       case 1:
         if ($menu = theme('menu_tree')) {
-           $block['subject'] = $user->uid ? $user->name : t('Navigation');
+           $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
            $block['content'] = $menu;
         }
         return $block;
@@ -1431,7 +1431,7 @@ function user_edit($category = 'account') {
   }
   $form['#attributes']['enctype'] = 'multipart/form-data';
 
-  drupal_set_title($account->name);
+  drupal_set_title(check_plain($account->name));
   return $form;
 }
 
@@ -1517,7 +1517,7 @@ function user_view($uid = 0) {
     $function($account, $fields);
   }
 
-  drupal_set_title($account->name);
+  drupal_set_title(check_plain($account->name));
   return theme('user_profile', $account, $fields);
 }