The application now correctly encodes the url query string for the profile-picture name (for security reasons), removed a left-over print-statement

application/app/templates/registration/login.html

@@ -69,7 +69,7 @@
         <ul class="userlist">
             {% for user_ in user_list %}
                 <li class="userlistButton button" data-username="{{ user_.username }}">
-                    <img src="{{ '/profilepictures?name='|add:user_.profile_picture_filename }}">
+                    <img src="/profilepictures?name={{ user_.profile_picture_filename|urlencode }}">
                     <div>
                         {% if user_.first_name %}