Quiz And Survey Master (Formerly Quiz Master Next) - Version 4.4.3

Version Description

Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs. Please update immediately.

Download this release

Release Info

Developer fpcorso
Plugin Icon 128x128 Quiz And Survey Master (Formerly Quiz Master Next)
Version 4.4.3
Comparing to
See all releases

Code changes from version 4.4.2 to 4.4.3

Files changed (5) hide show
  1. mlw_quizmaster2.php +3 -3
  2. php/qmn_credits.php +2 -3
  3. php/qmn_options_text_tab.php +3 -3
  4. php/qmn_options_tools_tab.php +4 -4
  5. readme.txt +9 -3
mlw_quizmaster2.php CHANGED
@@ -2,7 +2,7 @@
2
  /**
3
  * Plugin Name: Quiz Master Next
4
  * Description: Use this plugin to add multiple quizzes, tests, or surveys to your website.
5
- * Version: 4.4.2
6
  * Author: Frank Corso
7
  * Author URI: http://www.mylocalwebstop.com/
8
  * Plugin URI: http://www.quizmasternext.com/
@@ -16,7 +16,7 @@
16
  * You understand that you install, operate, and unistall the plugin at your own discretion and risk.
17
  *
18
  * @author Frank Corso
19
- * @version 4.4.2
20
  */
21
  if ( ! defined( 'ABSPATH' ) ) exit;
22
  /**
@@ -34,7 +34,7 @@ class MLWQuizMasterNext
34
  * @var string
35
  * @since 4.0.0
36
  */
37
- public $version = '4.4.2';
38
 
39
  /**
40
  * QMN Alert Manager Object
2
  /**
3
  * Plugin Name: Quiz Master Next
4
  * Description: Use this plugin to add multiple quizzes, tests, or surveys to your website.
5
+ * Version: 4.4.3
6
  * Author: Frank Corso
7
  * Author URI: http://www.mylocalwebstop.com/
8
  * Plugin URI: http://www.quizmasternext.com/
16
  * You understand that you install, operate, and unistall the plugin at your own discretion and risk.
17
  *
18
  * @author Frank Corso
19
+ * @version 4.4.3
20
  */
21
  if ( ! defined( 'ABSPATH' ) ) exit;
22
  /**
34
  * @var string
35
  * @since 4.0.0
36
  */
37
+ public $version = '4.4.3';
38
 
39
  /**
40
  * QMN Alert Manager Object
php/qmn_credits.php CHANGED
@@ -56,10 +56,9 @@ function mlw_generate_about_page()
56
  <br />
57
  </div>
58
  <div id="mlw_quiz_changelog" style="display: none;">
59
- <h3><?php echo $mlw_quiz_version; ?> (June 20, 2015)</h3>
60
  <ul>
61
- <li>* Bug Fix: Fixed bug that caused issues with validation<a href="https://github.com/fpcorso/quiz_master_next/issues/254">Github Issue #254</a></li>
62
- <li>* Bug Fix: Fixed a rare permalink issue<a href="https://github.com/fpcorso/quiz_master_next/issues/253">Github Issue #253</a></li>
63
  </ul>
64
  </div>
65
  </div>
56
  <br />
57
  </div>
58
  <div id="mlw_quiz_changelog" style="display: none;">
59
+ <h3><?php echo $mlw_quiz_version; ?> (July 17, 2015)</h3>
60
  <ul>
61
+ <li>* Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs</li>
 
62
  </ul>
63
  </div>
64
  </div>
php/qmn_options_text_tab.php CHANGED
@@ -24,7 +24,7 @@ function mlw_options_text_tab_content()
24
  {
25
  global $wpdb;
26
  global $mlwQuizMasterNext;
27
- $quiz_id = $_GET["quiz_id"];
28
  //Submit saved templates into database
29
  if ( isset($_POST["save_templates"]) && $_POST["save_templates"] == "confirmation")
30
  {
@@ -46,7 +46,7 @@ function mlw_options_text_tab_content()
46
  $qmn_social_media_text = serialize(array('twitter' => $_POST["mlw_quiz_twitter_text_template"], 'facebook' => $_POST["mlw_quiz_facebook_text_template"]));
47
 
48
  $mlw_question_answer_template = htmlspecialchars($_POST["mlw_quiz_question_answer_template"], ENT_QUOTES);
49
- $quiz_id = $_POST["quiz_id"];
50
 
51
  $update = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET message_before='".$mlw_before_message."', message_comment='".$mlw_before_comments."', message_end_template='".$mlw_qmn_message_end."', comment_field_text='".$mlw_comment_field_text."', question_answer_template='".$mlw_question_answer_template."', submit_button_text='".$mlw_submit_button_text."', name_field_text='".$mlw_name_field_text."', business_field_text='".$mlw_business_field_text."', email_field_text='".$mlw_email_field_text."', phone_field_text='".$mlw_phone_field_text."', total_user_tries_text='".$mlw_user_tries_text."', social_media_text='".$qmn_social_media_text."', pagination_text='".$mlw_qmn_pagination_field."', require_log_in_text='".$mlw_require_log_in_text."', limit_total_entries_text='".$mlw_limit_total_entries_text."', last_activity='".date("Y-m-d H:i:s")."', scheduled_timeframe_text='".$mlw_scheduled_timeframe_text."' WHERE quiz_id=".$quiz_id;
52
  $results = $wpdb->query( $update );
@@ -72,7 +72,7 @@ function mlw_options_text_tab_content()
72
  if (isset($_GET["quiz_id"]))
73
  {
74
  $table_name = $wpdb->prefix . "mlw_quizzes";
75
- $mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $_GET["quiz_id"]));
76
  }
77
 
78
  //Load Pagination Text
24
  {
25
  global $wpdb;
26
  global $mlwQuizMasterNext;
27
+ $quiz_id = intval($_GET["quiz_id"]);
28
  //Submit saved templates into database
29
  if ( isset($_POST["save_templates"]) && $_POST["save_templates"] == "confirmation")
30
  {
46
  $qmn_social_media_text = serialize(array('twitter' => $_POST["mlw_quiz_twitter_text_template"], 'facebook' => $_POST["mlw_quiz_facebook_text_template"]));
47
 
48
  $mlw_question_answer_template = htmlspecialchars($_POST["mlw_quiz_question_answer_template"], ENT_QUOTES);
49
+ $quiz_id = intval($_POST["quiz_id"]);
50
 
51
  $update = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET message_before='".$mlw_before_message."', message_comment='".$mlw_before_comments."', message_end_template='".$mlw_qmn_message_end."', comment_field_text='".$mlw_comment_field_text."', question_answer_template='".$mlw_question_answer_template."', submit_button_text='".$mlw_submit_button_text."', name_field_text='".$mlw_name_field_text."', business_field_text='".$mlw_business_field_text."', email_field_text='".$mlw_email_field_text."', phone_field_text='".$mlw_phone_field_text."', total_user_tries_text='".$mlw_user_tries_text."', social_media_text='".$qmn_social_media_text."', pagination_text='".$mlw_qmn_pagination_field."', require_log_in_text='".$mlw_require_log_in_text."', limit_total_entries_text='".$mlw_limit_total_entries_text."', last_activity='".date("Y-m-d H:i:s")."', scheduled_timeframe_text='".$mlw_scheduled_timeframe_text."' WHERE quiz_id=".$quiz_id;
52
  $results = $wpdb->query( $update );
72
  if (isset($_GET["quiz_id"]))
73
  {
74
  $table_name = $wpdb->prefix . "mlw_quizzes";
75
+ $mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $quiz_id));
76
  }
77
 
78
  //Load Pagination Text
php/qmn_options_tools_tab.php CHANGED
@@ -24,12 +24,12 @@ function mlw_options_tools_tab_content()
24
  {
25
  global $wpdb;
26
  global $mlwQuizMasterNext;
27
- $quiz_id = $_GET["quiz_id"];
28
  //Update Quiz Table
29
  if (isset($_POST["mlw_reset_quiz_stats"]) && $_POST["mlw_reset_quiz_stats"] == "confirmation")
30
  {
31
  //Variables from reset stats form
32
- $mlw_reset_stats_quiz_id = $_POST["mlw_reset_quiz_id"];
33
  $mlw_reset_update_sql = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET quiz_views=0, quiz_taken=0, last_activity='".date("Y-m-d H:i:s")."' WHERE quiz_id=".$mlw_reset_stats_quiz_id;
34
  $mlw_reset_sql_results = $wpdb->query( $mlw_reset_update_sql );
35
  if ($mlw_reset_sql_results != false)
@@ -42,7 +42,7 @@ function mlw_options_tools_tab_content()
42
  $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
43
  $insert = "INSERT INTO " . $table_name .
44
  "(trail_id, action_user, action, time) " .
45
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Quiz Stats Have Been Reset For Quiz Number ".$mlw_leaderboard_quiz_id."' , '" . date("h:i:s A m/d/Y") . "')";
46
  $results = $wpdb->query( $insert );
47
  }
48
  else
@@ -54,7 +54,7 @@ function mlw_options_tools_tab_content()
54
  if (isset($_GET["quiz_id"]))
55
  {
56
  $table_name = $wpdb->prefix . "mlw_quizzes";
57
- $mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $_GET["quiz_id"]));
58
  }
59
  ?>
60
  <div id="tabs-8" class="mlw_tab_content">
24
  {
25
  global $wpdb;
26
  global $mlwQuizMasterNext;
27
+ $quiz_id = intval($_GET["quiz_id"]);
28
  //Update Quiz Table
29
  if (isset($_POST["mlw_reset_quiz_stats"]) && $_POST["mlw_reset_quiz_stats"] == "confirmation")
30
  {
31
  //Variables from reset stats form
32
+ $mlw_reset_stats_quiz_id = intval($_POST["mlw_reset_quiz_id"]);
33
  $mlw_reset_update_sql = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET quiz_views=0, quiz_taken=0, last_activity='".date("Y-m-d H:i:s")."' WHERE quiz_id=".$mlw_reset_stats_quiz_id;
34
  $mlw_reset_sql_results = $wpdb->query( $mlw_reset_update_sql );
35
  if ($mlw_reset_sql_results != false)
42
  $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
43
  $insert = "INSERT INTO " . $table_name .
44
  "(trail_id, action_user, action, time) " .
45
+ "VALUES (NULL , '" . $current_user->display_name . "' , 'Quiz Stats Have Been Reset For Quiz Number $mlw_reset_stats_quiz_id' , '" . date("h:i:s A m/d/Y") . "')";
46
  $results = $wpdb->query( $insert );
47
  }
48
  else
54
  if (isset($_GET["quiz_id"]))
55
  {
56
  $table_name = $wpdb->prefix . "mlw_quizzes";
57
+ $mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $quiz_id));
58
  }
59
  ?>
60
  <div id="tabs-8" class="mlw_tab_content">
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://mylocalwebstop.com/downloads/donation-service-payment/
4
  Tags: quiz, test, score, exam, survey, contact, form, email, answer, question, certificate, points, results, math
5
  Requires at least: 3.8.1
6
  Tested up to: 4.2
7
- Stable tag: 4.4.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -121,10 +121,14 @@ Feel free to use the widget on the help page within the plugin or from our [cont
121
  8. Example Quiz With Styling
122
 
123
  == Changelog ==
 
 
 
 
124
  = 4.4.2 (June 26, 2015) =
125
  * Bug Fix: Fixed bug that caused issues with validation ([Github Issue #254](https://github.com/fpcorso/quiz_master_next/issues/254))
126
  * Bug Fix: Fixed a rare permalink issue ([Github Issue #253](https://github.com/fpcorso/quiz_master_next/issues/253))
127
-
128
 
129
  = 4.4.1 (June 21, 2015) =
130
  * Bug Fix: Fixes validation bug from missing first page
@@ -689,10 +693,12 @@ Feel free to use the widget on the help page within the plugin or from our [cont
689
 
690
  == Upgrade Notice ==
691
 
 
 
 
692
  = 4.4.2 =
693
  Upgrade for a variety of bug fixes
694
 
695
-
696
  = 4.4.1 =
697
  Upgrade for a variety of bug fixes
698
 
4
  Tags: quiz, test, score, exam, survey, contact, form, email, answer, question, certificate, points, results, math
5
  Requires at least: 3.8.1
6
  Tested up to: 4.2
7
+ Stable tag: 4.4.3
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
121
  8. Example Quiz With Styling
122
 
123
  == Changelog ==
124
+
125
+ = 4.4.3 (July 17, 2015) =
126
+ * Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs
127
+
128
  = 4.4.2 (June 26, 2015) =
129
  * Bug Fix: Fixed bug that caused issues with validation ([Github Issue #254](https://github.com/fpcorso/quiz_master_next/issues/254))
130
  * Bug Fix: Fixed a rare permalink issue ([Github Issue #253](https://github.com/fpcorso/quiz_master_next/issues/253))
131
+
132
 
133
  = 4.4.1 (June 21, 2015) =
134
  * Bug Fix: Fixes validation bug from missing first page
693
 
694
  == Upgrade Notice ==
695
 
696
+ = 4.4.3 =
697
+ Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs. Please update immediately.
698
+
699
  = 4.4.2 =
700
  Upgrade for a variety of bug fixes
701
 
 
702
  = 4.4.1 =
703
  Upgrade for a variety of bug fixes
704