Apostrophe in Username breaks Tiki

• Error
• Usability

A user registered with an apostroph ' in their username (e.g. "Tes't") will not be able to use some feature of TikiWiki.

For example:
They will be able to select a forum, but after that, all that is displayed is the name of the forum, the "new topic" and "list forum" buttons (depending on permissions, of course), and the breadcrumb forum-navigation. The rest of the page (tiki-view_forum.php?forumid=X) is blank, no header/footer or any menus are displayed.

This is dependant on the rights/permissions of the user in question, SubAdmins and Admins will see the full, expected forum page, regardless of apostrophes in their name (at least with my config, YMMV).

Another problem exists in regards to all JavaScript that uses the name of the user, for example the "tiki-my_tiki.php" page of the user, were JavaScript is used to expand Tabs (e.g. clicking "My Infos" will not work). This is due to JS using ' as string-delimeters, and not escaping any ' within the users name.

May be that the sole cause of all the problems lies within the JS-string-delimeter, but I'm no expert on the workings of TikiWiki, and the forum page breaks rather spectacularly when compared to the user profile page, which just doesn't work as expected.

Not sure. Easiest, but also most draconic, would be to disallow users from having apostrophes within their name.
Another option would be to use an escaping-mechanism for the usernames (as htmlentities() or addind \ before ') at the apropriate places (JavaScript, etc.).

--

This seems to be fixed in trunk. If anyone can reproduce this with Tiki 5 or later, please say so and feel free to reopen.

This bug has been demonstrated on show2.tiki.org

Please demonstrate your bug on show2.tiki.org

This bug has been demonstrated on show.tikiwiki.org

Please demonstrate your bug on show.tikiwiki.org