Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.1000 diff -u -p -r1.1000 common.inc --- includes/common.inc 29 Sep 2009 17:52:46 -0000 1.1000 +++ includes/common.inc 30 Sep 2009 16:53:00 -0000 @@ -2318,6 +2318,33 @@ function _format_date_callback(array $ma } /** + * Format a username. + * + * By default, the passed in object's 'name' property is used if it exists, or + * else, the site-defined value for the 'anonymous' variable. However, a module + * may override this by implementing hook_username_alter(&$name, $account). + * + * @see hook_username_alter() + * + * @param $account + * The account object for the user whose name is to be formatted. + * + * @return + * An unsanitized string with the username to display. The code receiving + * this result must ensure that check_plain() is called on it before it is + * printed to the page. + */ +function format_username($account) { + $name = !empty($account->name) ? $account->name : variable_get('anonymous', t('Anonymous')); + // Faster than drupal_alter(), and format_username() gets called a lot. + foreach (module_implements('username_alter') as $module) { + $function = $module . '_username_alter'; + $function($name, $account); + } + return $name; +} + +/** * @} End of "defgroup format". */ Index: includes/theme.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/theme.inc,v retrieving revision 1.526 diff -u -p -r1.526 theme.inc --- includes/theme.inc 21 Sep 2009 06:36:54 -0000 1.526 +++ includes/theme.inc 30 Sep 2009 16:53:00 -0000 @@ -1885,12 +1885,17 @@ function template_preprocess_username(&$ else { $variables['object']->uid = (int)$account->uid; } - if (empty($account->name)) { - $variables['object']->name = variable_get('anonymous', t('Anonymous')); - } - else { - $variables['object']->name = $account->name; + + // Set the name property to a formatted name that is safe for printing and + // that won't break tables by being too long. Keep an unshortened, + // unsanitized version, in case other preproces functions want to implement + // their own shortening logic or add markup. If they do so, they must ensure + // that $variables['object']->name is safe for printing. + $name = $variables['object']->name_unsafe = format_username($account); + if (drupal_strlen($name) > 20) { + $name = drupal_substr($name, 0, 15) . '...'; } + $variables['object']->name = check_plain($name); $variables['object']->profile_access = user_access('access user profiles'); $variables['object']->link_attributes = array(); @@ -1909,12 +1914,6 @@ function template_preprocess_username(&$ $variables['object']->link_options['html'] = TRUE; // Set a default class. $variables['object']->attributes = array('class' => array('username')); - // Shorten the name when it is too long or it will break many tables. - if (drupal_strlen($variables['object']->name) > 20) { - $variables['object']->name = drupal_substr($variables['object']->name, 0, 15) . '...'; - } - // Make sure name is safe for use in the theme function. - $variables['object']->name = check_plain($variables['object']->name); } /** @@ -2108,7 +2107,7 @@ function template_preprocess_html(&$vari else { $variables['classes_array'][] = 'no-sidebars'; } - + // Populate the body classes. if ($suggestions = template_page_suggestions(arg(), 'page')) { foreach ($suggestions as $suggestion) { @@ -2122,7 +2121,7 @@ function template_preprocess_html(&$vari } } } - + if ($node = menu_get_object()) { $variables['classes_array'][] = 'node-type-' . form_clean_id($node->type); } @@ -2154,7 +2153,7 @@ function template_preprocess_html(&$vari } } $variables['head_title'] = implode(' | ', $head_title); - + // Populate the page template suggestions. if ($suggestions = template_page_suggestions(arg(), 'html')) { $variables['template_files'] = $suggestions; Index: modules/blog/blog.module =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.module,v retrieving revision 1.335 diff -u -p -r1.335 blog.module --- modules/blog/blog.module 29 Aug 2009 05:46:02 -0000 1.335 +++ modules/blog/blog.module 30 Sep 2009 16:53:00 -0000 @@ -27,7 +27,7 @@ function blog_user_view($account) { $account->content['summary']['blog'] = array( '#type' => 'user_profile_item', '#title' => t('Blog'), - '#markup' => l(t('View recent blog entries'), "blog/$account->uid", array('attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => $account->name))))), + '#markup' => l(t('View recent blog entries'), "blog/$account->uid", array('attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => format_username($account)))))), '#attributes' => array('class' => array('blog')), ); } @@ -60,7 +60,7 @@ function blog_form($node, $form_state) { function blog_view($node, $build_mode) { if ((bool)menu_get_object()) { // Breadcrumb navigation. - drupal_set_breadcrumb(array(l(t('Home'), NULL), l(t('Blogs'), 'blog'), l(t("!name's blog", array('!name' => $node->name)), 'blog/' . $node->uid))); + drupal_set_breadcrumb(array(l(t('Home'), NULL), l(t('Blogs'), 'blog'), l(t("!name's blog", array('!name' => format_username($node))), 'blog/' . $node->uid))); } return $node; } @@ -72,9 +72,9 @@ function blog_node_view($node, $build_mo if ($build_mode != 'rss') { if ($node->type == 'blog' && arg(0) != 'blog' || arg(1) != $node->uid) { $links['blog_usernames_blog'] = array( - 'title' => t("!username's blog", array('!username' => $node->name)), + 'title' => t("!username's blog", array('!username' => format_username($node))), 'href' => "blog/$node->uid", - 'attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => $node->name))), + 'attributes' => array('title' => t("Read !username's latest blog entries.", array('!username' => format_username($node)))), ); $node->content['links']['blog'] = array( '#theme' => 'links', Index: modules/blog/blog.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.pages.inc,v retrieving revision 1.22 diff -u -p -r1.22 blog.pages.inc --- modules/blog/blog.pages.inc 10 Aug 2009 22:39:24 -0000 1.22 +++ modules/blog/blog.pages.inc 30 Sep 2009 16:53:00 -0000 @@ -12,7 +12,7 @@ function blog_page_user($account) { global $user; - drupal_set_title($title = t("@name's blog", array('@name' => $account->name)), PASS_THROUGH); + drupal_set_title($title = t("@name's blog", array('@name' => format_username($account))), PASS_THROUGH); $items = array(); @@ -123,7 +123,7 @@ function blog_feed_user($account) { ->execute() ->fetchCol(); - $channel['title'] = t("!name's blog", array('!name' => $account->name)); + $channel['title'] = t("!name's blog", array('!name' => format_username($account))); $channel['link'] = url('blog/' . $account->uid, array('absolute' => TRUE)); node_feed($nids, $channel); Index: modules/blog/blog.test =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.test,v retrieving revision 1.18 diff -u -p -r1.18 blog.test --- modules/blog/blog.test 22 Aug 2009 00:58:52 -0000 1.18 +++ modules/blog/blog.test 30 Sep 2009 16:53:00 -0000 @@ -38,7 +38,7 @@ class BlogTestCase extends DrupalWebTest $this->drupalGet('blog/' . $this->big_user->uid); $this->assertResponse(200); - $this->assertTitle(t("@name's blog", array('@name' => $this->big_user->name)) . ' | Drupal', t('Blog title was displayed')); + $this->assertTitle(t("@name's blog", array('@name' => format_username($this->big_user))) . ' | Drupal', t('Blog title was displayed')); $this->assertText(t('You are not allowed to post a new blog entry.'), t('No new entries can be posted without the right permission')); } @@ -50,7 +50,7 @@ class BlogTestCase extends DrupalWebTest $this->drupalGet('blog/' . $this->own_user->uid); $this->assertResponse(200); - $this->assertTitle(t("@name's blog", array('@name' => $this->own_user->name)) . ' | Drupal', t('Blog title was displayed')); + $this->assertTitle(t("@name's blog", array('@name' => format_username($this->own_user))) . ' | Drupal', t('Blog title was displayed')); $this->assertText(t('!author has not created any blog entries.', array('!author' => $this->own_user->name)), t('Users blog displayed with no entries')); } @@ -180,7 +180,7 @@ class BlogTestCase extends DrupalWebTest // Confirm the recent blog entries link goes to the user's blog page. $this->clickLink('View recent blog entries'); - $this->assertTitle(t("@name's blog | Drupal", array('@name' => $user->name)), t('View recent blog entries link target was correct')); + $this->assertTitle(t("@name's blog | Drupal", array('@name' => format_username($user))), t('View recent blog entries link target was correct')); // Confirm a blog page was displayed. $this->drupalGet('blog'); @@ -191,7 +191,7 @@ class BlogTestCase extends DrupalWebTest // Confirm a blog page was displayed per user. $this->drupalGet('blog/' . $user->uid); - $this->assertTitle(t("@name's blog | Drupal", array('@name' => $user->name)), t('User blog node was displayed')); + $this->assertTitle(t("@name's blog | Drupal", array('@name' => format_username($user))), t('User blog node was displayed')); // Confirm a blog feed was displayed. $this->drupalGet('blog/feed'); @@ -199,6 +199,6 @@ class BlogTestCase extends DrupalWebTest // Confirm a blog feed was displayed per user. $this->drupalGet('blog/' . $user->uid . '/feed'); - $this->assertTitle(t("@name's blog", array('@name' => $user->name)), t('User blog feed was displayed')); + $this->assertTitle(t("@name's blog", array('@name' => format_username($user))), t('User blog feed was displayed')); } } Index: modules/contact/contact.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.pages.inc,v retrieving revision 1.26 diff -u -p -r1.26 contact.pages.inc --- modules/contact/contact.pages.inc 29 Sep 2009 15:31:14 -0000 1.26 +++ modules/contact/contact.pages.inc 30 Sep 2009 16:53:00 -0000 @@ -54,7 +54,7 @@ function contact_site_form() { '#type' => 'textfield', '#title' => t('Your name'), '#maxlength' => 255, - '#default_value' => $user->uid ? $user->name : '', + '#default_value' => format_username($user), '#required' => TRUE, ); $form['mail'] = array( @@ -161,7 +161,7 @@ function contact_personal_page($account) $output = t("You cannot send more than %number messages in @interval. Please try again later.", array('%number' => variable_get('contact_threshold_limit', 3), '@interval' => format_interval(variable_get('contact_threshold_window', 3600)))); } else { - drupal_set_title($account->name); + drupal_set_title(format_username($account)); $output = drupal_get_form('contact_personal_form', $account); } Index: modules/openid/openid.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/openid/openid.pages.inc,v retrieving revision 1.22 diff -u -p -r1.22 openid.pages.inc --- modules/openid/openid.pages.inc 21 Sep 2009 06:44:14 -0000 1.22 +++ modules/openid/openid.pages.inc 30 Sep 2009 16:53:00 -0000 @@ -28,7 +28,7 @@ function openid_authentication_page() { * Menu callback; Manage OpenID identities for the specified user. */ function openid_user_identities($account) { - drupal_set_title($account->name); + drupal_set_title(format_username($account)); drupal_add_css(drupal_get_path('module', 'openid') . '/openid.css'); // Check to see if we got a response @@ -54,8 +54,8 @@ function openid_user_identities($account } $build['openid_table'] = array( - '#theme' => 'table', - '#header' => $header, + '#theme' => 'table', + '#header' => $header, '#rows' => $rows, ); $build['openid_user_add'] = drupal_get_form('openid_user_add'); Index: modules/system/system.api.php =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.api.php,v retrieving revision 1.79 diff -u -p -r1.79 system.api.php --- modules/system/system.api.php 29 Sep 2009 15:13:56 -0000 1.79 +++ modules/system/system.api.php 30 Sep 2009 16:53:00 -0000 @@ -2361,5 +2361,27 @@ function hook_action_info_alter(&$action } /** + * Alter the username that is displayed for a user. + * + * Called by format_username() to allow modules to alter the username that's + * displayed. Can be used to ensure user privacy in situations where + * $account->name is too revealing. + * + * @param &$name + * The string that format_username() will return. + * + * @param $account + * The account object passed to format_username(). + * + * @see format_username() + */ +function hook_username_alter(&$name, $account) { + // Display the user's uid instead of name. + if (isset($account->uid)) { + $name = t('User !uid', array('!uid' => $account->uid)); + } +} + +/** * @} End of "addtogroup hooks". */ Index: modules/tracker/tracker.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/tracker/tracker.pages.inc,v retrieving revision 1.25 diff -u -p -r1.25 tracker.pages.inc --- modules/tracker/tracker.pages.inc 5 Sep 2009 15:05:05 -0000 1.25 +++ modules/tracker/tracker.pages.inc 30 Sep 2009 16:53:00 -0000 @@ -19,7 +19,7 @@ function tracker_page($account = NULL, $ // When viewed from user/%user/track, display the name of the user // as page title -- the tab title remains Track so this needs to be done // here and not in the menu definition. - drupal_set_title($account->name); + drupal_set_title(format_username($account)); } } else { Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.1054 diff -u -p -r1.1054 user.module --- modules/user/user.module 29 Sep 2009 15:31:16 -0000 1.1054 +++ modules/user/user.module 30 Sep 2009 16:53:01 -0000 @@ -817,7 +817,7 @@ function user_search_execute($keys = NUL ->limit(15) ->execute(); foreach ($result as $account) { - $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); + $find[] = array('title' => format_username($account) . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); } return $find; } @@ -1473,7 +1473,7 @@ function user_uid_optional_to_arg($arg) * Menu item title callback - use the user name. */ function user_page_title($account) { - return $account->name; + return format_username($account); } /** @@ -2057,7 +2057,7 @@ function _user_cancel($edit, $account, $ * The user account of the profile being viewed. * * To theme user profiles, copy modules/user/user-profile.tpl.php - * to your theme directory, and edit it as instructed in that file's comments. + * to your theme directory, and edit it as instructed in that file's comments. * * @param $account * A user object. @@ -2072,7 +2072,7 @@ function user_build($account) { $build = $account->content; // We don't need duplicate rendering info in account->content. unset($account->content); - + $build += array( '#theme' => 'user_profile', '#account' => $account, Index: modules/user/user.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.pages.inc,v retrieving revision 1.57 diff -u -p -r1.57 user.pages.inc --- modules/user/user.pages.inc 29 Sep 2009 15:31:17 -0000 1.57 +++ modules/user/user.pages.inc 30 Sep 2009 16:53:01 -0000 @@ -213,7 +213,7 @@ function template_preprocess_user_profil * Menu callback; Present the form to edit a given user or profile category. */ function user_edit($account, $category = 'account') { - drupal_set_title($account->name); + drupal_set_title(format_username($account)); return drupal_get_form('user_profile_form', $account, $category); }