Changeset 3328283
- Timestamp:
- 07/15/2025 01:36:48 PM (9 months ago)
- Location:
- quiz-master-next/trunk
- Files:
-
- 7 edited
-
css/qsm-admin.css (modified) (7 diffs)
-
js/qsm-admin.js (modified) (2 diffs)
-
mlw_quizmaster2.php (modified) (2 diffs)
-
php/admin/admin-results-page.php (modified) (2 diffs)
-
php/admin/functions.php (modified) (1 diff)
-
php/template-variables.php (modified) (3 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
quiz-master-next/trunk/css/qsm-admin.css
r3309878 r3328283 3491 3491 .qsm-contact-form-field { 3492 3492 display: flex; 3493 padding: 12px 5px ;3493 padding: 12px 5px 5px 5px; 3494 3494 margin: 0 0 10px; 3495 3495 background: #ffffff; … … 3498 3498 align-items: center; 3499 3499 position: relative; 3500 min-height: 60px; 3500 3501 } 3501 3502 .qsm-contact-form-field.new { … … 3512 3513 } 3513 3514 .qsm-contact-form-field .qsm-contact-form-group { 3514 padding: 0 1 5px;3515 padding: 0 10px; 3515 3516 vertical-align: middle; 3516 3517 } … … 3518 3519 .qsm-contact-form-field .contact-form-actions { 3519 3520 min-width: 150px; 3521 position: relative; 3520 3522 } 3521 3523 .qsm-contact-form-field .sortable-handle { … … 3547 3549 font-weight: bold; 3548 3550 margin: 0 0 5px; 3551 } 3552 .qsm-contact-form-field .qsm-contact-form-group.contact-form-inputs .qsm-contact-form-label { 3553 position: absolute; 3554 top: -20px; 3549 3555 } 3550 3556 .qsm-contact-form-field .qsm-contact-form-group .qsm-contact-form-control, … … 3583 3589 pointer-events: none; 3584 3590 width: 0; 3585 left: 28%;3591 left: 31%; 3586 3592 border-width: 15px; 3587 3593 border-color: rgba(255, 255, 255, 0); … … 4657 4663 font-size: 12px; 4658 4664 padding-bottom: 0; 4665 gap: 20px; 4659 4666 } 4660 4667 .qsm-contact-form-field > div { -
quiz-master-next/trunk/js/qsm-admin.js
r3317056 r3328283 979 979 const uniqueId = button.data('id'); 980 980 const templateType = button.parents('.qsm-insert-page-template-anchor').data('template-type'); 981 let nonce; 981 982 if (templateType == 'result') { 982 983 var editor = tinymce.get('results-page-' + (uniqueId)); 984 nonce = qsmResultsObject.add_tmpl_nonce; 983 985 } else if (templateType == 'email') { 984 986 var editor = tinymce.get('email-template-' + (uniqueId)); 987 nonce = qsmEmailsObject.add_tmpl_nonce; 985 988 } 986 989 … … 1011 1014 template_type: templateType, 1012 1015 template_content: templateContent, 1016 nonce: nonce, 1013 1017 }; 1014 1018 -
quiz-master-next/trunk/mlw_quizmaster2.php
r3317056 r3328283 3 3 * Plugin Name: Quiz And Survey Master 4 4 * Description: Easily and quickly add quizzes and surveys to your website. 5 * Version: 10.2. 25 * Version: 10.2.3 6 6 * Author: ExpressTech 7 7 * Author URI: https://quizandsurveymaster.com/ … … 44 44 * @since 4.0.0 45 45 */ 46 public $version = '10.2. 2';46 public $version = '10.2.3'; 47 47 48 48 /** -
quiz-master-next/trunk/php/admin/admin-results-page.php
r3317056 r3328283 421 421 $values['view_result_page']['style'] = $display_none; 422 422 } 423 if ( ! class_exists( 'QSM_Proctoring_Quiz' ) ) {424 $proctor_class = "qsm-quiz-proctor-addon";425 }else {426 $proctor_class = "";427 }428 423 if ( $mlw_quiz_data ) { 429 424 foreach ( $mlw_quiz_data as $mlw_quiz_info ) { 430 $mlw_quiz_info->proctor_report_class = $proctor_class;431 if ( "" == $proctor_class ) {432 $mlw_quiz_info->proctor_report_link = "admin.php?page=qsm_quiz_result_details&tab=proctor-results&quiz_id=$mlw_quiz_info->quiz_id&result_id=$mlw_quiz_info->result_id";433 }else {434 $mlw_quiz_info->proctor_report_link = "#";435 }436 425 $quiz_infos[] = $mlw_quiz_info; 437 426 $mlw_complete_time = ''; … … 578 567 <?php } ?> 579 568 <a style="color: red;" class="delete_table_quiz_results_item" data-quiz-id="<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>" data-quiz-name="<?php echo esc_attr( $quiz_infos[ $x ]->quiz_name ); ?>" href='#'><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a> | 580 <a class="<?php echo esc_attr( $quiz_infos[ $x ]->proctor_report_class ); ?>" href='<?php echo esc_attr( $quiz_infos[ $x ]->proctor_report_link ); ?>'><?php esc_html_e( 'Proctor Reports', 'quiz-master-next' ); ?></a> 569 <?php if ( ! class_exists( 'QSM_Proctoring_Quiz' ) ) { ?> 570 <a class="qsm-quiz-proctor-addon" href="#"><?php esc_html_e( 'Proctor Reports', 'quiz-master-next' ); ?></a> 571 <?php } ?> 581 572 <?php do_action('qsm_admin_quiz_results_page_rowactions_after', $quiz_infos[ $x ]); ?> 582 573 </span> -
quiz-master-next/trunk/php/admin/functions.php
r3309878 r3328283 1557 1557 global $wpdb; 1558 1558 1559 // Sanitize the incoming data 1560 $template_id = isset($_POST['template_id']) ? intval($_POST['template_id']) : null; 1561 $template_name = isset($_POST['template_name']) ? sanitize_text_field(wp_unslash($_POST['template_name'])) : ""; 1562 $template_type = isset($_POST['template_type']) ? sanitize_text_field(wp_unslash($_POST['template_type'])) : ""; 1563 $template_content = isset($_POST['template_content']) ? wp_unslash($_POST['template_content']) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 1564 $filtered_content = preg_replace_callback( 1565 '/<qsmvariabletag>([^<]+)<\/qsmvariabletag>/u', 1566 function ( $matches ) { 1567 return '%' . wp_strip_all_tags(preg_replace('/^\s+|\s+$/u', '', $matches[1])) . '%'; 1568 }, 1569 $template_content 1570 ); 1571 $filtered_content = preg_replace_callback( 1572 '/<qsmextrashortcodetag>([^<]+)<\/qsmextrashortcodetag>/u', 1573 function ( $matches ) { 1574 return wp_strip_all_tags(preg_replace('/^\s+|\s+$/u', '', $matches[1])); 1575 }, 1576 $filtered_content 1577 ); 1578 1579 $table_name = $wpdb->prefix . 'mlw_quiz_output_templates'; 1580 1581 if ( $template_id ) { 1582 // Replace (Update) existing template 1583 $update_data = array( 1584 'template_content' => $filtered_content, 1585 ); 1586 $where = array( 'id' => $template_id ); 1587 1588 $updated = $wpdb->update( 1589 $table_name, 1590 $update_data, 1591 $where, 1592 array( '%s' ), 1593 array( '%d' ) 1594 ); 1595 1596 if ( false !== $updated ) { 1597 $template_data = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE id = %d", $template_id), ARRAY_A); 1598 wp_send_json_success($template_data); 1599 } else { 1600 wp_send_json_error(array( 'message' => __('Failed to update template.', 'quiz-master-next') )); 1601 } 1602 } else { 1603 // Insert new template 1604 $template_data = array( 1605 'template_name' => $template_name, 1606 'template_type' => $template_type, 1607 'template_content' => $filtered_content, 1608 'created_at' => current_time('mysql'), 1609 ); 1610 1611 $wpdb->insert( 1612 $table_name, 1613 $template_data, 1614 array( '%s', '%s', '%s', '%s' ) // Format of the inserted data 1615 ); 1616 1617 $template_data['id'] = $wpdb->insert_id; 1618 1619 if ( $template_data['id'] ) { 1620 wp_send_json_success($template_data); 1621 } else { 1622 wp_send_json_error(array( 'message' => __('Failed to insert template.', 'quiz-master-next') )); 1623 } 1624 } 1559 // validate nonce 1560 if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'qsm_add_template' ) && is_user_logged_in() ) { 1561 1562 // Sanitize the incoming data 1563 $template_id = isset($_POST['template_id']) ? intval($_POST['template_id']) : null; 1564 $template_name = isset($_POST['template_name']) ? sanitize_text_field(wp_unslash($_POST['template_name'])) : ""; 1565 $template_type = isset($_POST['template_type']) ? sanitize_text_field(wp_unslash($_POST['template_type'])) : ""; 1566 $template_content = isset($_POST['template_content']) ? wp_unslash($_POST['template_content']) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 1567 $filtered_content = preg_replace_callback( 1568 '/<qsmvariabletag>([^<]+)<\/qsmvariabletag>/u', 1569 function ( $matches ) { 1570 return '%' . wp_strip_all_tags(preg_replace('/^\s+|\s+$/u', '', $matches[1])) . '%'; 1571 }, 1572 $template_content 1573 ); 1574 $filtered_content = preg_replace_callback( 1575 '/<qsmextrashortcodetag>([^<]+)<\/qsmextrashortcodetag>/u', 1576 function ( $matches ) { 1577 return wp_strip_all_tags(preg_replace('/^\s+|\s+$/u', '', $matches[1])); 1578 }, 1579 $filtered_content 1580 ); 1581 1582 $table_name = $wpdb->prefix . 'mlw_quiz_output_templates'; 1583 1584 if ( $template_id ) { 1585 // Replace (Update) existing template 1586 $update_data = array( 1587 'template_content' => $filtered_content, 1588 ); 1589 $where = array( 'id' => $template_id ); 1590 1591 $updated = $wpdb->update( 1592 $table_name, 1593 $update_data, 1594 $where, 1595 array( '%s' ), 1596 array( '%d' ) 1597 ); 1598 1599 if ( false !== $updated ) { 1600 $template_data = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE id = %d", $template_id), ARRAY_A); 1601 wp_send_json_success($template_data); 1602 } else { 1603 wp_send_json_error(array( 'message' => __('Failed to update template.', 'quiz-master-next') )); 1604 } 1605 } else { 1606 // Insert new template 1607 $template_data = array( 1608 'template_name' => $template_name, 1609 'template_type' => $template_type, 1610 'template_content' => $filtered_content, 1611 'created_at' => current_time('mysql'), 1612 ); 1613 1614 $wpdb->insert( 1615 $table_name, 1616 $template_data, 1617 array( '%s', '%s', '%s', '%s' ) // Format of the inserted data 1618 ); 1619 1620 $template_data['id'] = $wpdb->insert_id; 1621 1622 if ( $template_data['id'] ) { 1623 wp_send_json_success($template_data); 1624 } else { 1625 wp_send_json_error(array( 'message' => __('Failed to insert template.', 'quiz-master-next') )); 1626 } 1627 } 1628 } else { 1629 wp_send_json_error( [ 'message' => __( 'Invalid nonce. Busted.', 'quiz-master-next' ) ] ); 1630 wp_die(); 1631 } 1625 1632 } 1626 1633 -
quiz-master-next/trunk/php/template-variables.php
r3317056 r3328283 587 587 */ 588 588 function mlw_qmn_variable_question_answers( $content, $mlw_quiz_array ) { 589 global $mlwQuizMasterNext ;589 global $mlwQuizMasterNext, $qmn_total_questions; 590 590 $quiz_id = is_object( $mlw_quiz_array ) ? $mlw_quiz_array->quiz_id : $mlw_quiz_array['quiz_id']; 591 591 $mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz_id ); … … 624 624 $total_question_cnt = count( $mlw_quiz_array['question_answers_array'] ); 625 625 $qsm_question_cnt = 1; 626 $qmn_total_questions = 0; 626 627 foreach ( $mlw_quiz_array['question_answers_array'] as $answer ) { 627 628 if ( ! empty( $hidden_questions ) && is_array( $hidden_questions ) && in_array( $answer['id'], $hidden_questions, true ) ) { … … 1364 1365 } 1365 1366 $close_span_with_br = '</span><br/>'; 1366 $close_span_with_br = apply_filters('qsm_close_span_with_br', $close_span_with_br, $answer['question_type']);1367 1367 if ( isset( $answer['question_type'] ) && 11 == $answer['question_type'] ) { 1368 1368 $file_extension = substr( $answer[1], -4 ); -
quiz-master-next/trunk/readme.txt
r3317056 r3328283 5 5 Tested up to: 6.8 6 6 Requires PHP: 5.4 7 Stable tag: 10.2. 27 Stable tag: 10.2.3 8 8 License: GPLv2 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 222 222 223 223 == Changelog == 224 = 10.2.3 ( July 15, 2025 ) = 225 * Bug: Fixed vulnerability with result and email templates 226 * Bug: Fixed issue with question count in result PDFs 227 224 228 = 10.2.2 ( June 24, 2025 ) = 225 229 * Bug: Fixed issue with answer type options
Note: See TracChangeset
for help on using the changeset viewer.