Currently the call to watchdog in look like:

watchdog('action', 'Blocked user %name.', array('%name' => check_plain($user->name)));

It shouldn't contain a check_plain call because that would double escape the name. Instead it should be:

watchdog('action', 'Blocked user %name.', array('%name' => $user->name));

Haven't got the code for an easy patch though - sorry.

CommentFileSizeAuthor
#6 user_330090.patch511 bytesdrewish
#1 dd_330090_checkplain.patch636 bytesj.somers

Comments

j.somers’s picture

Status: Active » Needs review
StatusFileSize
new636 bytes

I attached a patch which removed the check_plain() call.

dries’s picture

Status: Needs review » Fixed

Committed to CVS HEAD. Thanks.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

gpk’s picture

Version: 7.x-dev » 6.x-dev
Status: Closed (fixed) » Patch (to be ported)

Same in 6.x.

gpk’s picture

drewish’s picture

Status: Patch (to be ported) » Needs review
StatusFileSize
new511 bytes

here's a re-roll

thedavidmeister’s picture

Status: Needs review » Needs work

patch no longer applies.

error: user/user.module: No such file or directory

Status: Needs work » Closed (outdated)

Automatically closed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.