Commit b64d6c58 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Escape name in login-as string

parent 292ac8a1
......@@ -481,7 +481,7 @@ EOF;
if ($USER->get('parentuser')) {
$smarty->assign('USERMASQUERADING', true);
$smarty->assign('masqueradedetails', get_string('youaremasqueradingas', 'mahara', display_name($USER)));
$smarty->assign('masqueradedetails', get_string('youaremasqueradingas', 'mahara', htmlspecialchars(display_name($USER))));
' <a href="' . hsc($wwwroot) . 'admin/users/changeuser.php?restore=1">'
. get_string('becomeadminagain', 'admin', $USER->get('parentuser')->name)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment