MDL-46201 events: Sanitization of username before returning the description.
authorAdrian Greeve <adrian@moodle.com>
Tue, 1 Jul 2014 05:46:25 +0000 (13:46 +0800)
committerDan Poltawski <dan@moodle.com>
Mon, 7 Jul 2014 17:18:45 +0000 (18:18 +0100)
lib/classes/event/user_login_failed.php

index cc1d1a2..8c8d20a 100644 (file)
@@ -68,7 +68,9 @@ class user_login_failed extends base {
      * @return string
      */
     public function get_description() {
-        return "Login failed for the username '{$this->other['username']}' for the reason with id '{$this->other['reason']}'.";
+        // Note that username could be any random user input.
+        $username = s($this->other['username']);
+        return "Login failed for the username '{$username}' for the reason with id '{$this->other['reason']}'.";
     }
 
     /**