diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/common.inc | 27 | ||||
| -rw-r--r-- | includes/theme.inc | 21 |
2 files changed, 35 insertions, 13 deletions
diff --git a/includes/common.inc b/includes/common.inc index c6686ee01..adacdee5e 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1289,14 +1289,14 @@ function fix_gpc_magic() { * check_plain, to escape HTML characters. Use this for any output that's * displayed within a Drupal page. * @code - * drupal_set_title($title = t("@name's blog", array('@name' => $account->name)), PASS_THROUGH); + * drupal_set_title($title = t("@name's blog", array('@name' => format_username($account))), PASS_THROUGH); * @endcode * * - %variable, which indicates that the string should be HTML escaped and * highlighted with theme_placeholder() which shows up by default as * <em>emphasized</em>. * @code - * $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name)); + * $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => format_username($user), '%name-to' => format_username($account))); * @endcode * * When using t(), try to put entire sentences and strings in one t() call. @@ -2330,6 +2330,29 @@ function _format_date_callback(array $matches = NULL, $new_langcode = NULL) { } /** + * Format a username. + * + * By default, the passed in object's 'name' property is used if it exists, or + * else, the site-defined value for the 'anonymous' variable. However, a module + * may override this by implementing hook_username_alter(&$name, $account). + * + * @see hook_username_alter() + * + * @param $account + * The account object for the user whose name is to be formatted. + * + * @return + * An unsanitized string with the username to display. The code receiving + * this result must ensure that check_plain() is called on it before it is + * printed to the page. + */ +function format_username($account) { + $name = !empty($account->name) ? $account->name : variable_get('anonymous', t('Anonymous')); + drupal_alter('username', $name, $account); + return $name; +} + +/** * @} End of "defgroup format". */ diff --git a/includes/theme.inc b/includes/theme.inc index 32140a62f..0f1fde321 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -1912,12 +1912,17 @@ function template_preprocess_username(&$variables) { else { $variables['uid'] = (int)$account->uid; } - if (empty($account->name)) { - $variables['name'] = variable_get('anonymous', t('Anonymous')); - } - else { - $variables['name'] = $account->name; + + // Set the name to a formatted name that is safe for printing and + // that won't break tables by being too long. Keep an unshortened, + // unsanitized version, in case other preproces functions want to implement + // their own shortening logic or add markup. If they do so, they must ensure + // that $variables['name'] is safe for printing. + $name = $variables['name_raw'] = format_username($account); + if (drupal_strlen($name) > 20) { + $name = drupal_substr($name, 0, 15) . '...'; } + $variables['name'] = check_plain($name); $variables['profile_access'] = user_access('access user profiles'); $variables['link_attributes'] = array(); @@ -1936,12 +1941,6 @@ function template_preprocess_username(&$variables) { $variables['link_options']['html'] = TRUE; // Set a default class. $variables['attributes_array'] = array('class' => array('username')); - // Shorten the name when it is too long or it will break many tables. - if (drupal_strlen($variables['name']) > 20) { - $variables['name'] = drupal_substr($variables['name'], 0, 15) . '...'; - } - // Make sure name is safe for use in the theme function. - $variables['name'] = check_plain($variables['name']); } /** |