actually disallow @ in display name

2025-12-06 19:08:35 +03:00
parent 37c1ffc2a1
commit 2b45cab4e8
1 changed files with 1 additions and 1 deletions
--- a/app/routes/users.py
+++ b/app/routes/users.py
@@ -404,7 +404,7 @@ def settings_form(username):
    else:
        rendered_sig = ''
    session['subscribe_by_default'] = request.form.get('subscribe_by_default', default='off') == 'on'
-    display_name = request.form.get('display_name', default='')
+    display_name = request.form.get('display_name', default='').replace('@', '_')
    if not validate_display_name(display_name):
        flash('Invalid display name.', InfoboxKind.ERROR)
        return redirect('.settings', username=user.username)