Commit 74e3c74b authored by Dries's avatar Dries

- Always check the username.

parent 414b5e39
......@@ -310,7 +310,7 @@ function contact_user_page() {
$output = t('You cannot contact more than %number users per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
}
else {
drupal_set_title($account->name);
drupal_set_title(check_plain($account->name));
$output = drupal_get_form('contact_mail_user', $account);
}
......@@ -326,11 +326,11 @@ function contact_mail_user($recipient) {
$form['#token'] = $user->name . $user->mail;
$form['from'] = array('#type' => 'item',
'#title' => t('From'),
'#value' => $user->name .' <'. $user->mail .'>',
'#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>',
);
$form['to'] = array('#type' => 'item',
'#title' => t('To'),
'#value' => $recipient->name,
'#value' => check_plain($recipient->name),
);
$form['subject'] = array('#type' => 'textfield',
'#title' => t('Subject'),
......
......@@ -895,7 +895,7 @@ function theme_forum_display($forums, $topics, $parents, $tid, $sortby, $forum_p
}
}
drupal_set_title($title);
drupal_set_title(check_plain($title));
$breadcrumb[] = array('path' => $_GET['q']);
menu_set_location($breadcrumb);
......
......@@ -477,10 +477,10 @@ function profile_browse() {
$output .= theme('pager', NULL, 20);
if ($field->type == 'selection' || $field->type == 'list' || $field->type == 'textfield') {
$title = strtr($field->page, array('%value' => theme('placeholder', $value)));
$title = strtr(check_plain($field->page), array('%value' => theme('placeholder', $value)));
}
else {
$title = $field->page;
$title = check_plain($field->page);
}
$output .= '</div>';
......
......@@ -242,7 +242,7 @@ function statistics_user_tracker() {
l(t('details'), "admin/logs/access/$log->aid"));
}
drupal_set_title($account->name);
drupal_set_title(check_plain($account->name));
$output = theme('table', $header, $rows);
$output .= theme('pager', NULL, 30, 0);
return $output;
......
......@@ -57,7 +57,7 @@ function tracker_menu($may_cache) {
function tracker_track_user() {
if ($account = user_load(array('uid' => arg(1)))) {
if ($account->status || user_access('administer users')) {
drupal_set_title($account->name);
drupal_set_title(check_plain($account->name));
return tracker_page($account->uid);
}
else {
......
......@@ -554,7 +554,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) {
case 1:
if ($menu = theme('menu_tree')) {
$block['subject'] = $user->uid ? $user->name : t('Navigation');
$block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
$block['content'] = $menu;
}
return $block;
......@@ -1431,7 +1431,7 @@ function user_edit($category = 'account') {
}
$form['#attributes']['enctype'] = 'multipart/form-data';
drupal_set_title($account->name);
drupal_set_title(check_plain($account->name));
return $form;
}
......@@ -1517,7 +1517,7 @@ function user_view($uid = 0) {
$function($account, $fields);
}
drupal_set_title($account->name);
drupal_set_title(check_plain($account->name));
return theme('user_profile', $account, $fields);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment