MDL-71760 admin: escape identity fields in token management table.

crazyserver · Jul 8, 2021 · 7d17764 · 7d17764
1 parent 2408f98
commit 7d17764
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/webservice/classes/token_table.php b/webservice/classes/token_table.php
@@ -151,7 +151,7 @@ public function col_fullname($data) {
         $identity = [];
 
         foreach ($this->userextrafields as $userextrafield) {
-            $identity[] = $data->$userextrafield;
+            $identity[] = s($data->$userextrafield);
         }
 
         $userprofilurl = new \moodle_url('/user/profile.php', ['id' => $data->userid]);