moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-66762 user: escape extra/email user fields.

Browse source
This commit is contained in:
Paul Holden 2019-10-07 17:33:48 +01:00 committed by Adrian Greeve
parent eb9f830604
commit 7455b741c9
11 changed files with 14 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

7
admin/roles/admins.php
View file

@ -36,15 +36,12 @@ if (!is_siteadmin()) {
}
$admisselector = new core_role_admins_existing_selector();
$admisselector->set_extra_fields(array('username', 'email'));
$potentialadmisselector = new core_role_admins_potential_selector();
$potentialadmisselector->set_extra_fields(array('username', 'email'));
if (optional_param('add', false, PARAM_BOOL) and confirm_sesskey()) {
if ($userstoadd = $potentialadmisselector->get_selected_users()) {
$user = reset($userstoadd);
$username = fullname($user) . " ($user->username, $user->email)";
$username = $potentialadmisselector->output_user($user);
echo $OUTPUT->header();
$yesurl = new moodle_url('/admin/roles/admins.php', array('confirmadd'=>$user->id, 'sesskey'=>sesskey()));
echo $OUTPUT->confirm(get_string('confirmaddadmin', 'core_role', $username), $yesurl, $PAGE->url);
@ -58,7 +55,7 @@ if (optional_param('add', false, PARAM_BOOL) and confirm_sesskey()) {
if ($USER->id == $user->id) {
// Can not remove self.
} else {
$username = fullname($user) . " ($user->username, $user->email)";
$username = $admisselector->output_user($user);
echo $OUTPUT->header();
$yesurl = new moodle_url('/admin/roles/admins.php', array('confirmdel'=>$user->id, 'sesskey'=>sesskey()));
echo $OUTPUT->confirm(get_string('confirmdeladmin', 'core_role', $username), $yesurl, $PAGE->url);