From: skodak <skodak>
Date: Tue, 17 Feb 2009 22:44:38 +0000 (+0000)
Subject: MDL-18223 fixed theoretical XSS
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=209c122b650da8e05b6456e6a4bb1cd0ed19d361;p=moodle.git

MDL-18223 fixed theoretical XSS
---

diff --git a/admin/report/spamcleaner/index.php b/admin/report/spamcleaner/index.php
index d98e44a2e1..208a07ca9e 100755
--- a/admin/report/spamcleaner/index.php
+++ b/admin/report/spamcleaner/index.php
@@ -246,7 +246,7 @@ function print_user_entry($user, $keywords, $count) {
         $SESSION->users_result[$user->id] = $smalluserobject;
         $html = '<tr valign="top" id="row-'.$user->id.'" class="result-row">';
         $html .= '<td width="10">'.$count.'</td>';
-        $html .= '<td width="30%" align="left"><a href="'.$CFG->wwwroot."/user/view.php?course=1&amp;id=".$user->id.'" title="'.$user->username.'">'.fullname($user).'</a>';
+        $html .= '<td width="30%" align="left"><a href="'.$CFG->wwwroot."/user/view.php?course=1&amp;id=".$user->id.'" title="'.s($user->username).'">'.fullname($user).'</a>';
 
         $html .= "<ul>";
         $profile_set = array('city'=>true, 'country'=>true, 'email'=>true);