MDL-18223 fixed theoretical XSS

diff --git a/admin/report/spamcleaner/index.php b/admin/report/spamcleaner/index.php
index d98e44a2e187f025d0417764379f522cf9094b17..208a07ca9e3e0724fd491d5e99fd73784a63e0b7 100755 (executable)
--- a/admin/report/spamcleaner/index.php
+++ b/admin/report/spamcleaner/index.php
@@ -246,7 +246,7 @@ function print_user_entry($user, $keywords, $count) {
         $SESSION->users_result[$user->id] = $smalluserobject;
         $html = '<tr valign="top" id="row-'.$user->id.'" class="result-row">';
         $html .= '<td width="10">'.$count.'</td>';
-        $html .= '<td width="30%" align="left"><a href="'.$CFG->wwwroot."/user/view.php?course=1&amp;id=".$user->id.'" title="'.$user->username.'">'.fullname($user).'</a>';
+        $html .= '<td width="30%" align="left"><a href="'.$CFG->wwwroot."/user/view.php?course=1&amp;id=".$user->id.'" title="'.s($user->username).'">'.fullname($user).'</a>';
 
         $html .= "<ul>";
         $profile_set = array('city'=>true, 'country'=>true, 'email'=>true);