From 1758a7093b49425f4f79467a9b10c24332628f09 Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Tue, 26 Jan 2010 17:10:26 +0000
Subject: Display names are limited to 50 chars and have HTML tags removed.

git-svn-id: http://code.elgg.org/elgg/trunk@3845 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 actions/user/name.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'actions/user')

diff --git a/actions/user/name.php b/actions/user/name.php
index bc14d3184..3145c5ee7 100644
--- a/actions/user/name.php
+++ b/actions/user/name.php
@@ -12,7 +12,7 @@ global $CONFIG;
 
 gatekeeper();
 
-$name = get_input('name');
+$name = strip_tags(get_input('name'));
 $user_id = get_input('guid');
 $user = "";
 
@@ -22,8 +22,13 @@ if (!$user_id) {
 	$user = get_entity($user_id);
 }
 
-if (($user) && ($name)) {
-	if (strcmp($name, $user->name)!=0) {
+if (elgg_strlen($name) > 50) {
+	register_error(elgg_echo('user:name:fail'));
+	forward($_SERVER['HTTP_REFERER']);
+}
+
+if (($user) && ($user->canEdit()) && ($name)) {
+	if ($name != $user->name) {
 		$user->name = $name;
 		if ($user->save()) {
 			system_message(elgg_echo('user:name:success'));
-- 
cgit v1.2.3