From aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de Mon Sep 17 00:00:00 2001
From: Paul Holden <paulh@moodle.com>
Date: Thu, 10 Aug 2023 08:42:05 +0100
Subject: [PATCH] MDL-78971 quiz_grading: escape user identity fields on
 display.

---
 mod/quiz/report/grading/report.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/mod/quiz/report/grading/report.php b/mod/quiz/report/grading/report.php
index 4e22cccb7f6e5..032d6587a7d48 100644
--- a/mod/quiz/report/grading/report.php
+++ b/mod/quiz/report/grading/report.php
@@ -720,13 +720,15 @@ protected function get_question_heading(stdClass $attempt, bool $shownames, bool
         $a = new stdClass();
         $a->attempt = $attempt->attempt;
         $a->fullname = fullname($attempt);
+
         $customfields = [];
         foreach ($this->extrauserfields as $field) {
-            if ($attempt->{s($field)}) {
-                $customfields[] = $attempt->{s($field)};
+            if (strval($attempt->{$field}) !== '') {
+                $customfields[] = s($attempt->{$field});
             }
         }
-        $a->customfields = trim(implode(', ', (array)$customfields), ' ,');
+
+        $a->customfields = implode(', ', $customfields);
 
         if ($shownames && $showcustomfields) {
             return get_string('gradingattemptwithcustomfields', 'quiz_grading', $a);