3 files changed, 6 insertions, 5 deletions

diff --git a/services/userservice.php b/services/userservice.php
index e50faaa..9b295da 100644
--- a/services/userservice.php
+++ b/services/userservice.php
@@ -393,8 +393,9 @@ class UserService {
         	if (strlen($username) > 24) {
         		// too long usernames are cut by database and may cause bugs when compared 
         		return false;
-        	} else {
-        		return true;
+        	} elseif (preg_match('/(\W)/', $username) > 0) {
+        		// forbidden non-alphanumeric characters
+        		return false;
         	}
         	return true;
         }        
diff --git a/templates/editprofile.tpl.php b/templates/editprofile.tpl.php
index c9eb8a4..a38dbd8 100644
--- a/templates/editprofile.tpl.php
+++ b/templates/editprofile.tpl.php
@@ -40,7 +40,7 @@ $this->includeTemplate($GLOBALS['top_include']);
 </tr>
 <tr>
     <th align="left"><?php echo T_('Homepage'); ?></th>
-    <td><input type="text" name="pPage" size="75" value="<?php echo filter($row['homepage'], 'xml'); ?>" /></td>
+    <td><input type="text" name="pPage" size="75" value="<?php echo filter($row['homepage']); ?>" /></td>
 </tr>
 <tr>
     <th align="left"><?php echo T_('Description'); ?></th>
diff --git a/templates/profile.tpl.php b/templates/profile.tpl.php
index d7ace7e..ecfadbb 100644
--- a/templates/profile.tpl.php
+++ b/templates/profile.tpl.php
@@ -10,13 +10,13 @@ $this->includeTemplate($GLOBALS['top_include']);
 if ($row['name'] != "") {
 ?>
 <dt><?php echo T_('Name'); ?></dt>
-    <dd><?php echo $row['name']; ?></dd>
+    <dd><?php echo filter($row['name']); ?></dd>
 <?php
 }
 if ($row['homepage'] != "") {
 ?>
 <dt><?php echo T_('Homepage'); ?></dt>
-    <dd><a href="<?php echo $row['homepage']; ?>"><?php echo $row['homepage']; ?></a></dd>
+    <dd><a href="<?php echo filter($row['homepage'], 'url'); ?>"><?php echo filter($row['homepage']); ?></a></dd>
 <?php
 }
 ?>