Commit 4d840495 authored by Dave Reid's avatar Dave Reid
Browse files

by Dave Reid: Strip HTML tags and truncate to 255 characters prior to saving into the database.

parent 87af8ad9
......@@ -188,7 +188,10 @@ function realname_update($account) {
// Perform token replacement on the real name pattern.
$realname = token_replace($pattern, array('user' => $account), array('clear' => TRUE, 'sanitize' => FALSE));
$realname = trim($realname);
$realname = trim(strip_tags($realname));
// The name must be trimmed to 255 characters before inserting into the database.
$realname = truncate_utf8($realname, 255);
// Allow other modules to alter the generated realname.
drupal_alter('realname', $realname, $account);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment