Thanks for the review Sam.
The reason, i removed it because with 'User attribute to use to match pictures: username' the file name is used to match with the username in DB. if a user was created with extendedusernamechars enabled, then username may contain special characters such as #$~. if we use validation on the file name to eliminate malicious character, the system will skip uploading profile picture for the user.
I did create PARAM_USERNAME to validate username, however it relies on the current setting for extenedusernamechars. a user maybe created with the extendedchars enable and disable it right after. in this case, uploading profile picture will be skip for that user.
Note for petr: PARAM_USERNAME has not been committed yet. Please refer to
MDL-16919 for reference.