-
Bug
-
Resolution: Fixed
-
Minor
-
2.6, 2.7
-
MOODLE_26_STABLE, MOODLE_27_STABLE
-
MOODLE_26_STABLE
-
wip-
MDL-43058-master -
-
3
-
BACKEND Sprint 7
The report_security_check_riskxss reports :
You need to update your sql to include additional name fields in the user object.
line 3580 of /lib/moodlelib.php: call to debugging()
line 513 of /report/security/locallib.php: call to fullname()
line 74 of /report/security/index.php: call to report_security_check_riskxss()
Fix:
/report/security/locallib.php |
if ($detailed) {
|
--$users = $DB->get_records_sql("SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt $sqlfrom", $params);
|
++$userfields = user_picture::fields('u');
|
++$users = $DB->get_records_sql("SELECT DISTINCT $userfields $sqlfrom", $params);
|
- is a regression caused by
-
MDL-31776 Additional name fields, to allow Asian languages to flexibly display user names in Chinese characters, local phonetic system or Romanization
- Closed