Correct ReplaceAll params

ReplaceAll doesn't take a count argument

Author: smowton

go/ql/src/Security/CWE-117/LogInjectionGood.go

@@ -9,7 +9,7 @@ import (
 // GOOD: The user-provided value is escaped before being written to the log.
 func handlerGood(req *http.Request) {
 	username := req.URL.Query()["username"][0]
-	escapedUsername := strings.ReplaceAll(username, "\n", "", -1)
-	escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "", -1)
+	escapedUsername := strings.ReplaceAll(username, "\n", "")
+	escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "")
 	log.Printf("user %s logged in.\n", escapedUsername)
 }