[geeklog-devel] geeklog-devel Digest, Vol 27, Issue 8

[Joe Mucchiello]

At 11:02 AM 4/13/2009, Tim Patrick wrote:


>Hey Guys,

>

>I think you were already aware of the bug fix I made.. But here it 

>is just in case.

>

>Made some changes to the fix - before it only fixed one aspect - now 

>by calling the rawurlencode function at account creation, there is 

>no more need of it.


But doesn't that break everywhere the username is displayed to the 
browser? If you log in as Night & Day. The rawurlencode becomes 
Night%20%26%20Day. Don't you have to call urldecode and 
htmlspecialchars to get it to Night & Day in order to display it 
in the browser? This fix sounds like it opens a big can of worms. 
While most output can be caught in COM_getDisplayName, I'm sure there 
are places where that is not used to display the user's name.


----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com