From 2b45cab4e8fd7b207cf1d74f54833cbfcb76f1ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lera=20Elvo=C3=A9?= Date: Sat, 6 Dec 2025 19:08:35 +0300 Subject: [PATCH] actually disallow @ in display name --- app/routes/users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/routes/users.py b/app/routes/users.py index 0634109..fe16432 100644 --- a/app/routes/users.py +++ b/app/routes/users.py @@ -404,7 +404,7 @@ def settings_form(username): else: rendered_sig = '' session['subscribe_by_default'] = request.form.get('subscribe_by_default', default='off') == 'on' - display_name = request.form.get('display_name', default='') + display_name = request.form.get('display_name', default='').replace('@', '_') if not validate_display_name(display_name): flash('Invalid display name.', InfoboxKind.ERROR) return redirect('.settings', username=user.username)