We're running into this problem trying to add profile and field tokens for users. There aren't any field API fields or profile fields loaded into the global user object, and are unavailable when we try to provide tokens for them. We really, really need to provide the result of user_load() rather than just passing global $user;.

Files: 
CommentFileSizeAuthor
#7 967330-current-user-token-load-D7.patch4.79 KBDave Reid
PASSED: [[SimpleTest]]: [MySQL] 27,648 pass(es).
[ View ]
#5 967330-current-user-token-load-D7.patch4.66 KBDave Reid
FAILED: [[SimpleTest]]: [MySQL] 27,702 pass(es), 1 fail(s), and 0 exception(es).
[ View ]
#1 967330-current-user-token-load-D7.patch851 bytesDave Reid
PASSED: [[SimpleTest]]: [MySQL] 27,035 pass(es).
[ View ]

Comments

Dave Reid’s picture

Status:Active» Needs review
StatusFileSize
new851 bytes
PASSED: [[SimpleTest]]: [MySQL] 27,035 pass(es).
[ View ]
BenK’s picture

Subscribing...

Dave Reid’s picture

This is a blocker for both #125640: Profile tokens and #691078: Field tokens in token module.

Dave Reid’s picture

Issue tags:+realname, +format_username
Dave Reid’s picture

StatusFileSize
new4.66 KB
FAILED: [[SimpleTest]]: [MySQL] 27,702 pass(es), 1 fail(s), and 0 exception(es).
[ View ]

Revised patch that also fixes that format_username() should always be sanitized with check_plain(), since that's exactly what it says in its doc page.

Status:Needs review» Needs work

The last submitted patch, 967330-current-user-token-load-D7.patch, failed testing.

Dave Reid’s picture

Status:Needs work» Needs review
StatusFileSize
new4.79 KB
PASSED: [[SimpleTest]]: [MySQL] 27,648 pass(es).
[ View ]

Error with what parameter was passed to format_username().

fago’s picture

Hm, the question is what would one expect when using the [user:name] token - the name the user has input in the user name field or the formatted user name, which may have been altered by modules. I think, it should be the first, while I agree the formatted user name should be available somewhere too, e.g. as [user].

fago’s picture

@loading the full-account object:
Definitively, passing half-baken objects around is evil.

Dave Reid’s picture

@fago As per #9 care to RTBC? :)

moshe weitzman’s picture

Status:Needs review» Reviewed & tested by the community

Looks good. Thx.

fago’s picture

With that patch, how would I get just the user-name as entered by users if a module implements hook_username_alter()?

Dave Reid’s picture

Same as before the patch. This had no change to the [user:name] token, just to how it was tested. Realname for D7 adds a [user:name-raw] token if it doesn't already exist.

webchick’s picture

Status:Reviewed & tested by the community» Needs review

Hm. Does this need to be benchmarked? How often is this going to get called?

Dave Reid’s picture

It's only used when people use [current-user:*] tokens and performing token replacement, so not exactly too often.

Dave Reid’s picture

Status:Needs review» Reviewed & tested by the community

So in other words, when this happens in core, it's not on every page, and it's only when responding to certain events. Marking back to RTBC.

moshe weitzman’s picture

Well, we statically cache users so user_load() would typically run once and even then would be called only if user specifically requested this token. You can imagine scenarios like a mail merge where we load many users but those are not going to be performance sensitive operations. I don't think we have a performance concern here.

webchick’s picture

Status:Reviewed & tested by the community» Fixed

Okie doke then.

Committed to HEAD. Thanks!

Status:Fixed» Closed (fixed)
Issue tags:-token, -realname, -format_username

Automatically closed -- issue fixed for 2 weeks with no activity.