Permalink
Browse files

MDL-38431 comment: profile url should be escaped, as it's used in html

  • Loading branch information...
1 parent 5288af6 commit 4f49e74fae48ba75eeeaf14dfbdaccf8173c756f Rajesh Taneja committed Mar 12, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 comment/lib.php
View
@@ -528,7 +528,7 @@ public function get_comments($page = '') {
$c->timecreated = $u->ctimecreated;
$c->strftimeformat = get_string('strftimerecent', 'langconfig');
$url = new moodle_url('/user/view.php', array('id'=>$u->id, 'course'=>$this->courseid));
- $c->profileurl = $url->out(false);
+ $c->profileurl = $url->out(true);
$c->fullname = fullname($u);
$c->time = userdate($c->timecreated, $c->strftimeformat);
$c->content = format_text($c->content, $c->format, $formatoptions);

0 comments on commit 4f49e74

Please sign in to comment.