moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-66762 user: escape extra/email user fields.

Browse source
This commit is contained in:
Paul Holden 2019-10-07 17:33:48 +01:00 committed by Adrian Greeve
parent eb9f830604
commit 7455b741c9
11 changed files with 14 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

4
report/security/locallib.php
View file

@ -698,7 +698,7 @@ function report_security_check_riskadmin($detailed=false) {
if ($detailed) {
foreach ($admins as $uid=>$user) {
$url = "$CFG->wwwroot/user/view.php?id=$user->id";
$admins[$uid] = '<li><a href="'.$url.'">'.fullname($user).' ('.$user->email.')</a></li>';
$admins[$uid] = '<li><a href="'.$url.'">' . fullname($user, true) . ' (' . s($user->email) . ')</a></li>';
}
$admins = '<ul>'.implode('', $admins).'</ul>';
}
@ -824,7 +824,7 @@ function report_security_check_riskbackup($detailed=false) {
foreach ($rs as $user) {
$context = context::instance_by_id($user->contextid);
$url = "$CFG->wwwroot/$CFG->admin/roles/assign.php?contextid=$user->contextid&amp;roleid=$user->roleid";
$a = (object)array('fullname'=>fullname($user), 'url'=>$url, 'email'=>$user->email,
$a = (object)array('fullname'=>fullname($user), 'url'=>$url, 'email'=>s($user->email),
'contextname'=>$context->get_context_name());
$users[] = '<li>'.get_string('check_riskbackup_unassign', 'report_security', $a).'</li>';
}