Real names instead of user names used for placeholders

[atrol]

Placeholders for users are replaced by the real name instead of the user name if the following configuration is used and the access level of the current user is >= $g_show_user_realname_threshold

$g_show_realname = ON;
$g_show_user_realname_threshold = DEVELOPER;

When using such a snippet, real names are published to any user, even those who are not allowed to view real names.

[dregad]

The incorrect behavior has been introduced in MantisBT 2.12.0, which changed the semantics of these 2 configs. The problem is that the plugin generates static text, so we can't dynamically set the name at view time. But always displaying the username may go against the user's settings as well, which could be confusing...

E.g. consider the setup in my previous company, where I had $g_show_user_realname_threshold = ANYBODY;

[dregad]

I'm tagging this with security because it's a potential information disclosure.