obfuscation of the email addresses; merged from MOODLE_16_STABLE SC#282

diff --git a/login/forgot_password.php b/login/forgot_password.php
index 72c42ade55d42241bb6602a0473034411fd7eb1a..384726b9a4420956e8665eb3ea8c83c1760195d3 100644 (file)
--- a/login/forgot_password.php
+++ b/login/forgot_password.php
@@ -218,7 +218,8 @@ if (count($errors)) {
 // check $page for appropriate page to display
 if ($page=='emailconfirm') {
     // Confirm (internal method) email sent
-    $txt->emailpasswordconfirmsent = get_string( 'emailpasswordconfirmsent','',$user->email );
+    $protectedemail = preg_replace('/([^@]*)@(.*)/', '???????@$2', $user->email); // obfuscate the email address to protect privacy
+    $txt->emailpasswordconfirmsent = get_string( 'emailpasswordconfirmsent','',$protectedemail );
     notice( $txt->emailpasswordconfirmsent,$CFG->wwwroot.'/index.php'); 
 }