Reject HTML and macros in usernames

lib/WebGUI/Auth.pm

@@ -78,7 +78,12 @@ sub _isValidUsername {
 
 	return 1 if($self->userId ne "1" && $self->session->user->username eq $username);
 
-	my $i18n = WebGUI::International->new($self->session);
+    my $i18n = WebGUI::International->new($self->session);
+
+    my $filteredUsername = WebGUI::HTML::filter($username, 'all');
+    if ($username ne $filteredUsername) {
+        $error .= '<li>' . $i18n->get('username no html') . '</li>';
+    }
 
 	if ($username =~ /^\s/ || $username =~ /\s$/) {
 		$error .= '<li>'.$i18n->get(724).'</li>';
@@ -889,7 +894,6 @@ Validates the a username.
 sub validUsername {
 	my $self = shift;
 	my $username = shift;
-	WebGUI::Macro::negate(\$username);
 	my $error = "";
 
 	if ($self->_isDuplicateUsername($username)) {

lib/WebGUI/i18n/English/WebGUI.pm

@@ -912,6 +912,11 @@ to add or remove users from their groups.
 		lastUpdated => 1129431859
 	},
 
+    'username no html' => {
+        message => q|Your username cannot contain HTML or WebGUI Macros.|,
+        lastUpdated => 1203059016,
+    },
+
 	'432' => {
 		message => q|Expires|,
 		lastUpdated => 1031514049