diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-11-01 21:26:44 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-11-01 21:26:44 +0000 |
| commit | ca8eee7545f75c199bde0121bd6a0792d67c5b91 (patch) | |
| tree | 5e805f30c93c7a005e0cb422dd0ea95ca849d84f /modules/contact | |
| parent | b882d991d01544fb458cb58614fdba4fab0997eb (diff) | |
| download | brdo-ca8eee7545f75c199bde0121bd6a0792d67c5b91.tar.gz brdo-ca8eee7545f75c199bde0121bd6a0792d67c5b91.tar.bz2 | |
#192056 by effulgentsia, Dave Cohen, andypost, hswong3i, geodaniel, pwolanin, and dahacouk: Ensure user's raw login name is never output directly.
Diffstat (limited to 'modules/contact')
| -rw-r--r-- | modules/contact/contact.module | 4 | ||||
| -rw-r--r-- | modules/contact/contact.pages.inc | 6 |
2 files changed, 5 insertions, 5 deletions
diff --git a/modules/contact/contact.module b/modules/contact/contact.module index 891992703..3ba19a55e 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -174,7 +174,7 @@ function contact_mail($key, &$message, $params) { '!subject' => $params['subject'], '!category' => isset($params['category']['category']) ? $params['category']['category'] : '', '!form-url' => url($_GET['q'], array('absolute' => TRUE, 'language' => $language)), - '!sender-name' => $params['sender']->name, + '!sender-name' => format_username($params['sender']), '!sender-url' => $params['sender']->uid ? url('user/' . $params['sender']->uid, array('absolute' => TRUE, 'language' => $language)) : $params['sender']->mail, ); @@ -194,7 +194,7 @@ function contact_mail($key, &$message, $params) { case 'user_mail': case 'user_copy': $variables += array( - '!recipient-name' => $params['recipient']->name, + '!recipient-name' => format_username($params['recipient']), '!recipient-edit-url' => url('user/' . $params['recipient']->uid . '/edit', array('absolute' => TRUE, 'language' => $language)), ); $message['subject'] .= t('[!site-name] !subject', $variables, array('langcode' => $language->language)); diff --git a/modules/contact/contact.pages.inc b/modules/contact/contact.pages.inc index 72603a39d..f3827083d 100644 --- a/modules/contact/contact.pages.inc +++ b/modules/contact/contact.pages.inc @@ -64,7 +64,7 @@ function contact_site_form($form, &$form_state) { '#type' => 'textfield', '#title' => t('Your name'), '#maxlength' => 255, - '#default_value' => $user->uid ? $user->name : '', + '#default_value' => $user->uid ? format_username($user) : '', '#required' => TRUE, ); $form['mail'] = array( @@ -180,7 +180,7 @@ function contact_personal_form($form, &$form_state, stdClass $recipient) { return drupal_access_denied(); } - drupal_set_title(t('Contact @username', array('@username' => $recipient->name)), PASS_THROUGH); + drupal_set_title(t('Contact @username', array('@username' => format_username($recipient))), PASS_THROUGH); if (!$user->uid) { $form['#attached']['library'][] = array('system', 'cookie'); @@ -196,7 +196,7 @@ function contact_personal_form($form, &$form_state, stdClass $recipient) { '#type' => 'textfield', '#title' => t('Your name'), '#maxlength' => 255, - '#default_value' => $user->uid ? $user->name : '', + '#default_value' => $user->uid ? format_username($user) : '', '#required' => TRUE, ); $form['mail'] = array( |