aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-01-26 17:10:26 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-01-26 17:10:26 +0000
commit1758a7093b49425f4f79467a9b10c24332628f09 (patch)
tree4168c1c01bcef2d38acc3dc52ad5b72b8e6bc267
parent0b2d26d53874abbb83a776c234507949bd3de947 (diff)
downloadelgg-1758a7093b49425f4f79467a9b10c24332628f09.tar.gz
elgg-1758a7093b49425f4f79467a9b10c24332628f09.tar.bz2
Display names are limited to 50 chars and have HTML tags removed.
git-svn-id: http://code.elgg.org/elgg/trunk@3845 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--actions/user/name.php11
-rw-r--r--languages/en.php2
-rw-r--r--views/default/user/settings/name.php4
3 files changed, 11 insertions, 6 deletions
diff --git a/actions/user/name.php b/actions/user/name.php
index bc14d3184..3145c5ee7 100644
--- a/actions/user/name.php
+++ b/actions/user/name.php
@@ -12,7 +12,7 @@ global $CONFIG;
gatekeeper();
-$name = get_input('name');
+$name = strip_tags(get_input('name'));
$user_id = get_input('guid');
$user = "";
@@ -22,8 +22,13 @@ if (!$user_id) {
$user = get_entity($user_id);
}
-if (($user) && ($name)) {
- if (strcmp($name, $user->name)!=0) {
+if (elgg_strlen($name) > 50) {
+ register_error(elgg_echo('user:name:fail'));
+ forward($_SERVER['HTTP_REFERER']);
+}
+
+if (($user) && ($user->canEdit()) && ($name)) {
+ if ($name != $user->name) {
$user->name = $name;
if ($user->save()) {
system_message(elgg_echo('user:name:success'));
diff --git a/languages/en.php b/languages/en.php
index 7da28a206..39f7e8d43 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -413,7 +413,7 @@ To remove a widget drag it back to the <b>Widget gallery</b>.",
'user:set:name' => "Account name settings",
'user:name:label' => "Your name",
'user:name:success' => "Successfully changed your name on the system.",
- 'user:name:fail' => "Could not change your name on the system.",
+ 'user:name:fail' => "Could not change your name on the system. Please make sure your name isn't too long and try again.",
'user:set:password' => "Account password",
'user:password:label' => "Your new password",
diff --git a/views/default/user/settings/name.php b/views/default/user/settings/name.php
index 072c7cb03..2cbfd0bb6 100644
--- a/views/default/user/settings/name.php
+++ b/views/default/user/settings/name.php
@@ -19,8 +19,8 @@ if ($user) {
<?php echo elgg_echo('user:name:label'); ?>:
<?php
- echo elgg_view('input/text',array('internalname' => 'name', 'value' => $user->name));
- echo elgg_view('input/hidden',array('internalname' => 'guid', 'value' => $user->guid));
+ echo elgg_view('input/text', array('internalname' => 'name', 'value' => $user->name));
+ echo elgg_view('input/hidden', array('internalname' => 'guid', 'value' => $user->guid));
?>
</p>