Commit 6398759a authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Escape login-as strings

parent b64d6c58
......@@ -467,7 +467,7 @@ $smarty->assign('institutions', count($allinstitutions) > 1);
$smarty->assign('institutionform', $institutionform);
if ($id != $USER->get('id') && is_null($USER->get('parentuser'))) {
$loginas = get_string('loginasuser', 'admin', $user->username);
$loginas = get_string('loginasuser', 'admin', htmlspecialchars($user->username));
} else {
$loginas = null;
}
......
......@@ -277,7 +277,7 @@ else if (!empty($loggedinid)) {
}
if ($userid != $USER->get('id') && $USER->is_admin_for_user($user) && is_null($USER->get('parentuser'))) {
$loginas = get_string('loginasuser', 'admin', $user->username);
$loginas = get_string('loginasuser', 'admin', htmlspecialchars($user->username));
} else {
$loginas = null;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment