Quiz And Survey Master (Formerly Quiz Master Next) - Version 4.4.4

Version Description

Security Fix: Fixed possible sql injection from authenticated users on certificate, email, and leaderboard tabs. Also fixed data validation bug on help page, leaderboard shortcode, and quiz shortcode. Please update immediately.

Download this release

Release Info

Developer fpcorso
Plugin Icon 128x128 Quiz And Survey Master (Formerly Quiz Master Next)
Version 4.4.4
Comparing to
See all releases

Code changes from version 4.4.3 to 4.4.4

Files changed (23) hide show
  1. css/qmn_admin.css +14 -0
  2. mlw_quizmaster2.php +3 -9
  3. php/qmn-stats-page.php +1 -1
  4. php/qmn_credits.php +3 -2
  5. php/qmn_help.php +69 -73
  6. php/qmn_leaderboard.php +5 -6
  7. php/qmn_options_certificate_tab.php +39 -16
  8. php/qmn_options_email_tab.php +43 -19
  9. php/qmn_options_leaderboard_tab.php +32 -16
  10. php/qmn_options_option_tab.php +18 -7
  11. php/qmn_options_questions_tab.php +100 -70
  12. php/qmn_options_results_page_tab.php +26 -10
  13. php/qmn_options_style_tab.php +17 -9
  14. php/qmn_options_text_tab.php +78 -23
  15. php/qmn_options_tools_tab.php +33 -16
  16. php/qmn_question_types.php +29 -50
  17. php/qmn_quiz.php +13 -17
  18. php/qmn_quiz_admin.php +2 -2
  19. php/qmn_quiz_creator.php +53 -21
  20. php/qmn_results.php +53 -28
  21. php/qmn_results_details.php +1 -1
  22. php/qmn_widgets.php +4 -5
  23. readme.txt +8 -2
css/qmn_admin.css CHANGED
@@ -36,3 +36,17 @@ div.mlw_qmn_icon_wrap
36
  -khtml-border-radius: 20px;
37
  border-radius: 20px;
38
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
36
  -khtml-border-radius: 20px;
37
  border-radius: 20px;
38
  }
39
+
40
+ .quiz_email_support p#mlw_support_message {
41
+ color: red;
42
+ font-size: 20px;
43
+ }
44
+ .quiz_email_support input, .quiz_email_support textarea {
45
+ width: 100% !important;
46
+ }
47
+ .quiz_email_support textarea {
48
+ min-height: 200px;
49
+ }
50
+ .quiz_email_support label {
51
+ font-weight: bold;
52
+ }
mlw_quizmaster2.php CHANGED
@@ -2,21 +2,15 @@
2
  /**
3
  * Plugin Name: Quiz Master Next
4
  * Description: Use this plugin to add multiple quizzes, tests, or surveys to your website.
5
- * Version: 4.4.3
6
  * Author: Frank Corso
7
  * Author URI: http://www.mylocalwebstop.com/
8
  * Plugin URI: http://www.quizmasternext.com/
9
  * Text Domain: quiz-master-next
10
  * Domain Path: /languages
11
  *
12
- * Disclaimer of Warranties
13
- * The plugin is provided "as is". My Local Webstop and its suppliers and licensors hereby disclaim all warranties of any kind,
14
- * express or implied, including, without limitation, the warranties of merchantability, fitness for a particular purpose and non-infringement.
15
- * Neither My Local Webstop nor its suppliers and licensors, makes any warranty that the plugin will be error free or that access thereto will be continuous or uninterrupted.
16
- * You understand that you install, operate, and unistall the plugin at your own discretion and risk.
17
- *
18
  * @author Frank Corso
19
- * @version 4.4.3
20
  */
21
  if ( ! defined( 'ABSPATH' ) ) exit;
22
  /**
@@ -34,7 +28,7 @@ class MLWQuizMasterNext
34
  * @var string
35
  * @since 4.0.0
36
  */
37
- public $version = '4.4.3';
38
 
39
  /**
40
  * QMN Alert Manager Object
2
  /**
3
  * Plugin Name: Quiz Master Next
4
  * Description: Use this plugin to add multiple quizzes, tests, or surveys to your website.
5
+ * Version: 4.4.4
6
  * Author: Frank Corso
7
  * Author URI: http://www.mylocalwebstop.com/
8
  * Plugin URI: http://www.quizmasternext.com/
9
  * Text Domain: quiz-master-next
10
  * Domain Path: /languages
11
  *
 
 
 
 
 
 
12
  * @author Frank Corso
13
+ * @version 4.4.4
14
  */
15
  if ( ! defined( 'ABSPATH' ) ) exit;
16
  /**
28
  * @var string
29
  * @since 4.0.0
30
  */
31
+ public $version = '4.4.4';
32
 
33
  /**
34
  * QMN Alert Manager Object
php/qmn-stats-page.php CHANGED
@@ -80,7 +80,7 @@ function qmn_stats_overview_content()
80
  wp_enqueue_script('ChartJS', plugins_url( '../js/Chart.min.js' , __FILE__ ));
81
  $range = "daily";
82
  if (isset($_POST["range"])) {
83
- $range = $_POST["range"];
84
  }
85
  $data = qmn_load_stats($range, 7);
86
  $labels = "";
80
  wp_enqueue_script('ChartJS', plugins_url( '../js/Chart.min.js' , __FILE__ ));
81
  $range = "daily";
82
  if (isset($_POST["range"])) {
83
+ $range = sanitize_text_field( $_POST["range"] );
84
  }
85
  $data = qmn_load_stats($range, 7);
86
  $labels = "";
php/qmn_credits.php CHANGED
@@ -56,9 +56,10 @@ function mlw_generate_about_page()
56
  <br />
57
  </div>
58
  <div id="mlw_quiz_changelog" style="display: none;">
59
- <h3><?php echo $mlw_quiz_version; ?> (July 17, 2015)</h3>
60
  <ul>
61
- <li>* Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs</li>
 
62
  </ul>
63
  </div>
64
  </div>
56
  <br />
57
  </div>
58
  <div id="mlw_quiz_changelog" style="display: none;">
59
+ <h3><?php echo $mlw_quiz_version; ?> (July 19, 2015)</h3>
60
  <ul>
61
+ <li>* Security Fix: Fixed possible sql injection from authenticated users on certificate, email, and leaderboard tabs</li>
62
+ <li>* Security Fix: Fixed data validation bug on help page, leaderboard shortcode, and quiz shortcode</li>
63
  </ul>
64
  </div>
65
  </div>
php/qmn_help.php CHANGED
@@ -3,12 +3,19 @@ if ( ! defined( 'ABSPATH' ) ) exit;
3
 
4
  /**
5
  * This function generates the help page.
6
- *
7
  * @return void
8
  * @since 4.4.0
9
  */
10
  function mlw_generate_help_page()
11
  {
 
 
 
 
 
 
 
12
  ///Creates the widgets
13
  add_meta_box("wpss_mrts", __('Need Help?', 'quiz-master-next'), "qmn_documentation_meta_box_content", "meta_box_help");
14
  add_meta_box("wpss_mrts", __('Support', 'quiz-master-next'), "qmn_support_meta_box_content", "meta_box_support");
@@ -36,8 +43,8 @@ function mlw_generate_help_page()
36
  }
37
 
38
  /**
39
- * This function creates the text that is displayed on the help page.
40
- *
41
  * @param type description
42
  * @return void
43
  * @since 4.4.0
@@ -58,7 +65,7 @@ function qmn_documentation_meta_box_content()
58
 
59
  /**
60
  * This function creates the content that is displayed on the help page.
61
- *
62
  * @return void
63
  * @since 4.4.0
64
  */
@@ -66,31 +73,47 @@ function qmn_support_meta_box_content()
66
  {
67
  $quiz_master_email_message = "";
68
  $mlw_quiz_version = get_option('mlw_quiz_master_version');
69
- if(isset($_POST["support_email"]) && $_POST["support_email"] == 'confirmation')
70
  {
71
- $user_name = $_POST["username"];
72
- $user_email = $_POST["email"];
73
- $user_message = $_POST["message"];
74
- $user_quiz_url = $_POST["quiz_url"];
75
- $current_user = wp_get_current_user();
76
- $mlw_site_info = qmn_get_system_info();
77
- $mlw_message = $user_message."<br> Version: ".$mlw_quiz_version."<br> Quiz URL Provided: ".$user_quiz_url."<br> User ".$current_user->display_name." from ".$current_user->user_email."<br> Wordpress Info: ".$mlw_site_info;
78
- $response = wp_remote_post( "http://mylocalwebstop.com/contact-us/", array(
79
- 'method' => 'POST',
80
- 'timeout' => 45,
81
- 'redirection' => 5,
82
- 'httpversion' => '1.0',
83
- 'blocking' => true,
84
- 'headers' => array(),
85
- 'body' => array( 'mlwUserName' => $user_name, 'mlwUserComp' => '', 'mlwUserEmail' => $user_email, 'question1' => 'Email', 'question63' => 'Quiz Master Next', 'question2' => $mlw_message, 'qmn_question_list' => '1Q63Q2Q', 'complete_quiz' => 'confirmation', 'qmn_quiz_id' => '1' ),
86
- 'cookies' => array()
87
- )
88
- );
89
- if ( is_wp_error( $response ) ) {
90
- $error_message = $response->get_error_message();
91
- $quiz_master_email_message = "Something went wrong: $error_message";
92
  } else {
93
- $quiz_master_email_message = "**Message Sent**";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
94
  }
95
  }
96
  ?>
@@ -126,56 +149,29 @@ function qmn_support_meta_box_content()
126
  }
127
  </script>
128
  <div class='quiz_email_support'>
129
- <form action="<?php echo $_SERVER['PHP_SELF']; ?>?page=mlw_quiz_help" method='post' name='emailForm' onsubmit='return mlw_validateForm()'>
130
- <input type='hidden' name='support_email' value='confirmation' />
131
- <table>
132
- <tr>
133
- <td>If there is something you would like to suggest to add or even if you just want
134
- to let me know if you like the plugin or not, feel free to use the support ticket form below.</td>
135
- </tr>
136
- <tr>
137
- <td><span name='mlw_support_message' id='mlw_support_message' style="color: red;"><?php echo $quiz_master_email_message; ?></span></td>
138
- </tr>
139
- <tr>
140
- <td align='left'><span style='font-weight:bold;';>Name (Required): </span></td>
141
- </tr>
142
- <tr>
143
- <td><input type='text' name='username' value='' /></td>
144
- </tr>
145
- <tr>
146
- <td align='left'><span style='font-weight:bold;';>Email (Required): </span></td>
147
- </tr>
148
- <tr>
149
- <td><input type='text' name='email' value='' /></td>
150
- </tr>
151
- <tr>
152
- <td align='left'><span style='font-weight:bold;';>URL To Quiz (Not Required): </span></td>
153
- </tr>
154
- <tr>
155
- <td><input type='text' name='quiz_url' value='' /></td>
156
- </tr>
157
- <tr>
158
- <td align='left'><span style='font-weight:bold;';>Message (Required): </span></td>
159
- </tr>
160
- <tr>
161
- <td align='left'><TEXTAREA NAME="message" COLS=40 ROWS=6></TEXTAREA></td>
162
- </tr>
163
- <tr>
164
- <td align='left'><input type='submit' class="button-primary" value='Submit Support Ticket' /></td>
165
- </tr>
166
- <tr>
167
- <td align='left'></td>
168
- </tr>
169
- </table>
170
- </form>
171
- <p>Disclaimer: In order to better assist you, this form will also send the system info from below with your message.</p>
172
  </div>
173
  <?php
174
  }
175
 
176
  /**
177
  * This function echoes out the system info for the user.
178
- *
179
  * @return void
180
  * @since 4.4.0
181
  */
@@ -186,8 +182,8 @@ function qmn_system_meta_box_content()
186
 
187
  /**
188
  * This function gets the content that is in the system info
189
- *
190
- * @return return $qmn_sys_info This variable contains all of the system info from the admins server.
191
  * @since 4.4.0
192
  */
193
  function qmn_get_system_info()
3
 
4
  /**
5
  * This function generates the help page.
6
+ *
7
  * @return void
8
  * @since 4.4.0
9
  */
10
  function mlw_generate_help_page()
11
  {
12
+ if ( !current_user_can('moderate_comments') )
13
+ {
14
+ return;
15
+ }
16
+
17
+ wp_enqueue_style( 'qmn_admin_style', plugins_url( '../css/qmn_admin.css' , __FILE__ ) );
18
+
19
  ///Creates the widgets
20
  add_meta_box("wpss_mrts", __('Need Help?', 'quiz-master-next'), "qmn_documentation_meta_box_content", "meta_box_help");
21
  add_meta_box("wpss_mrts", __('Support', 'quiz-master-next'), "qmn_support_meta_box_content", "meta_box_support");
43
  }
44
 
45
  /**
46
+ * This function creates the text that is displayed on the help page.
47
+ *
48
  * @param type description
49
  * @return void
50
  * @since 4.4.0
65
 
66
  /**
67
  * This function creates the content that is displayed on the help page.
68
+ *
69
  * @return void
70
  * @since 4.4.0
71
  */
73
  {
74
  $quiz_master_email_message = "";
75
  $mlw_quiz_version = get_option('mlw_quiz_master_version');
76
+ if ( isset( $_POST["support_email"] ) && wp_verify_nonce( $_POST['send_support_ticket_nonce'], 'send_support_ticket') )
77
  {
78
+ //These variables are not being be used in this site, they are being sent back to my open a support ticket form.
79
+ $user_name = sanitize_text_field( $_POST["username"] );
80
+ $user_email = sanitize_email( $_POST["email"] );
81
+ $user_message = esc_textarea( $_POST["message"] );
82
+ $user_quiz_url = esc_url_raw( $_POST["quiz_url"] );
83
+ if ( !is_email( $user_email ) ) {
84
+ $quiz_master_email_message = "Invalid email address";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
85
  } else {
86
+ $current_user = wp_get_current_user();
87
+ $mlw_site_info = qmn_get_system_info();
88
+ $mlw_message = "$user_message<br> Version: $mlw_quiz_version<br> Quiz URL Provided: $user_quiz_url<br> User ".$current_user->display_name." from ".$current_user->user_email."<br> Wordpress Info: $mlw_site_info";
89
+ $response = wp_remote_post( "http://quizmasternext.com/contact-us/", array(
90
+ 'method' => 'POST',
91
+ 'timeout' => 45,
92
+ 'redirection' => 5,
93
+ 'httpversion' => '1.0',
94
+ 'blocking' => true,
95
+ 'headers' => array(),
96
+ 'body' => array(
97
+ 'mlwUserName' => $user_name,
98
+ 'mlwUserComp' => '',
99
+ 'mlwUserEmail' => $user_email,
100
+ 'question3' => 'Other',
101
+ 'question72' => 'No',
102
+ 'question2' => $mlw_message,
103
+ 'qmn_question_list' => '3Q72Q2Q',
104
+ 'total_questions' => 3,
105
+ 'complete_quiz' => 'confirmation',
106
+ 'qmn_quiz_id' => '1'
107
+ ),
108
+ 'cookies' => array()
109
+ )
110
+ );
111
+ if ( is_wp_error( $response ) ) {
112
+ $error_message = $response->get_error_message();
113
+ $quiz_master_email_message = "Something went wrong: $error_message";
114
+ } else {
115
+ $quiz_master_email_message = "**Message Sent**";
116
+ }
117
  }
118
  }
119
  ?>
149
  }
150
  </script>
151
  <div class='quiz_email_support'>
152
+ <form action="" method='post' name='emailForm' onsubmit='return mlw_validateForm()'>
153
+ <input type='hidden' name='support_email' value='confirmation' />
154
+ <p>We would love to hear from you. Fill out the form below and we will contact you shortly.</p>
155
+ <p name='mlw_support_message' id='mlw_support_message'><?php echo $quiz_master_email_message; ?></p>
156
+ <label>Name (Required):</label><br />
157
+ <input type='text' name='username' value='' /><br />
158
+ <label>Email (Required):</label><br />
159
+ <input type='text' name='email' value='' /><br />
160
+ <label>URL To Quiz (Not Required):</label><br />
161
+ <input type='text' name='quiz_url' value='' /><br />
162
+ <label>Message (Required):</label><br />
163
+ <textarea name="message"></textarea><br />
164
+ <?php wp_nonce_field('send_support_ticket','send_support_ticket_nonce'); ?>
165
+ <input type='submit' class="button-primary" value='Submit Support Ticket' />
166
+ </form>
167
+ <p>Disclaimer: In order to better assist you, this form will also send the system info from below with your message.</p>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
168
  </div>
169
  <?php
170
  }
171
 
172
  /**
173
  * This function echoes out the system info for the user.
174
+ *
175
  * @return void
176
  * @since 4.4.0
177
  */
182
 
183
  /**
184
  * This function gets the content that is in the system info
185
+ *
186
+ * @return return $qmn_sys_info This variable contains all of the system info from the admins server.
187
  * @since 4.4.0
188
  */
189
  function qmn_get_system_info()
php/qmn_leaderboard.php CHANGED
@@ -7,7 +7,7 @@ if ( ! defined( 'ABSPATH' ) ) exit;
7
  * Sorts the scores a quizzes by type.
8
  *
9
  * @param $atts This is wordpress return for shortcodes
10
- * @return type $mlw_quiz_leaderboard_display This variable contains all the contents of the leaderboard.
11
  * @since 4.4.0
12
  */
13
  function mlw_quiz_leaderboard_shortcode($atts)
@@ -15,18 +15,17 @@ function mlw_quiz_leaderboard_shortcode($atts)
15
  extract(shortcode_atts(array(
16
  'mlw_quiz' => 0
17
  ), $atts));
18
- $mlw_quiz_id = $mlw_quiz;
19
  $mlw_quiz_leaderboard_display = "";
20
 
21
 
22
  global $wpdb;
23
- $sql = "SELECT * FROM " . $wpdb->prefix . "mlw_quizzes" . " WHERE quiz_id=".$mlw_quiz_id." AND deleted='0'";
24
- $mlw_quiz_options = $wpdb->get_results($sql);
25
  foreach($mlw_quiz_options as $mlw_eaches) {
26
  $mlw_quiz_options = $mlw_eaches;
27
  break;
28
  }
29
- $sql = "SELECT * FROM " . $wpdb->prefix . "mlw_results WHERE quiz_id=".$mlw_quiz_id." AND deleted='0'";
30
  if ($mlw_quiz_options->system == 0)
31
  {
32
  $sql .= " ORDER BY correct_score DESC";
@@ -36,7 +35,7 @@ function mlw_quiz_leaderboard_shortcode($atts)
36
  $sql .= " ORDER BY point_score DESC";
37
  }
38
  $sql .= " LIMIT 10";
39
- $mlw_result_data = $wpdb->get_results($sql);
40
 
41
  $mlw_quiz_leaderboard_display = $mlw_quiz_options->leaderboard_template;
42
  $mlw_quiz_leaderboard_display = str_replace( "%QUIZ_NAME%" , $mlw_quiz_options->quiz_name, $mlw_quiz_leaderboard_display);
7
  * Sorts the scores a quizzes by type.
8
  *
9
  * @param $atts This is wordpress return for shortcodes
10
+ * @return type $mlw_quiz_leaderboard_display This variable contains all the contents of the leaderboard.
11
  * @since 4.4.0
12
  */
13
  function mlw_quiz_leaderboard_shortcode($atts)
15
  extract(shortcode_atts(array(
16
  'mlw_quiz' => 0
17
  ), $atts));
18
+ $mlw_quiz_id = intval( $mlw_quiz );
19
  $mlw_quiz_leaderboard_display = "";
20
 
21
 
22
  global $wpdb;
23
+ $mlw_quiz_options = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "mlw_quizzes" . " WHERE quiz_id=%d AND deleted='0'", $mlw_quiz_id ) );
 
24
  foreach($mlw_quiz_options as $mlw_eaches) {
25
  $mlw_quiz_options = $mlw_eaches;
26
  break;
27
  }
28
+ $sql = "SELECT * FROM " . $wpdb->prefix . "mlw_results WHERE quiz_id=%d AND deleted='0'";
29
  if ($mlw_quiz_options->system == 0)
30
  {
31
  $sql .= " ORDER BY correct_score DESC";
35
  $sql .= " ORDER BY point_score DESC";
36
  }
37
  $sql .= " LIMIT 10";
38
+ $mlw_result_data = $wpdb->get_results( $wpdb->prepare( $sql, $mlw_quiz_id ) );
39
 
40
  $mlw_quiz_leaderboard_display = $mlw_quiz_options->leaderboard_template;
41
  $mlw_quiz_leaderboard_display = str_replace( "%QUIZ_NAME%" , $mlw_quiz_options->quiz_name, $mlw_quiz_leaderboard_display);
php/qmn_options_certificate_tab.php CHANGED
@@ -31,32 +31,55 @@ function mlw_options_certificate_tab_content()
31
  if (isset($_POST["save_certificate_options"]) && $_POST["save_certificate_options"] == "confirmation")
32
  {
33
  $mlw_certificate_id = intval($_POST["certificate_quiz_id"]);
34
- $mlw_certificate_title = $_POST["certificate_title"];
35
- $mlw_certificate_text = $_POST["certificate_template"];
36
- $mlw_certificate_logo = $_POST["certificate_logo"];
37
- $mlw_certificate_background = $_POST["certificate_background"];
38
  $mlw_enable_certificates = intval($_POST["enableCertificates"]);
39
- $mlw_certificate = array($mlw_certificate_title, $mlw_certificate_text, $mlw_certificate_logo, $mlw_certificate_background, $mlw_enable_certificates);
 
 
 
 
 
 
40
  $mlw_certificate_serialized = serialize($mlw_certificate);
41
 
42
- $mlw_certificate_sql_results = $wpdb->query( $wpdb->prepare( "UPDATE " . $wpdb->prefix . "mlw_quizzes SET certificate_template=%s, last_activity='".date("Y-m-d H:i:s")."' WHERE quiz_id=%d", $mlw_certificate_serialized, $mlw_certificate_id ) );
 
 
 
 
 
 
 
 
 
 
 
 
43
 
 
44
 
45
- if ($mlw_certificate_sql_results != false)
46
- {
47
  $mlwQuizMasterNext->alertManager->newAlert(__('The certificate has been updated successfully.', 'quiz-master-next'), 'success');
48
 
49
  //Insert Action Into Audit Trail
50
  global $current_user;
51
  get_currentuserinfo();
52
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
53
- $insert = "INSERT INTO " . $table_name .
54
- "(trail_id, action_user, action, time) " .
55
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Certificate Options Have Been Edited For Quiz Number ".$mlw_certificate_id."' , '" . date("h:i:s A m/d/Y") . "')";
56
- $results = $wpdb->query( $insert );
57
- }
58
- else
59
- {
 
 
 
 
 
 
60
  $mlwQuizMasterNext->alertManager->newAlert(sprintf(__('There has been an error in this action. Please share this with the developer. Error Code: %s', 'quiz-master-next'), '0012'), 'error');
61
  }
62
  }
31
  if (isset($_POST["save_certificate_options"]) && $_POST["save_certificate_options"] == "confirmation")
32
  {
33
  $mlw_certificate_id = intval($_POST["certificate_quiz_id"]);
34
+ $mlw_certificate_title = sanitize_text_field( stripslashes( $_POST["certificate_title"] ) );
35
+ $mlw_certificate_text = wp_kses_post( stripslashes( $_POST["certificate_template"] ) );
36
+ $mlw_certificate_logo = esc_url_raw( $_POST["certificate_logo"] );
37
+ $mlw_certificate_background = esc_url_raw( $_POST["certificate_background"] );
38
  $mlw_enable_certificates = intval($_POST["enableCertificates"]);
39
+ $mlw_certificate = array(
40
+ $mlw_certificate_title,
41
+ $mlw_certificate_text,
42
+ $mlw_certificate_logo,
43
+ $mlw_certificate_background,
44
+ $mlw_enable_certificates
45
+ );
46
  $mlw_certificate_serialized = serialize($mlw_certificate);
47
 
48
+ $update_results = $wpdb->update(
49
+ $wpdb->prefix . "mlw_quizzes",
50
+ array(
51
+ 'certificate_template' => $mlw_certificate_serialized,
52
+ 'last_activity' => date("Y-m-d H:i:s")
53
+ ),
54
+ array( 'quiz_id' => $mlw_certificate_id ),
55
+ array(
56
+ '%s',
57
+ '%s'
58
+ ),
59
+ array( '%d' )
60
+ );
61
 
62
+ if ( $update_results ) {
63
 
 
 
64
  $mlwQuizMasterNext->alertManager->newAlert(__('The certificate has been updated successfully.', 'quiz-master-next'), 'success');
65
 
66
  //Insert Action Into Audit Trail
67
  global $current_user;
68
  get_currentuserinfo();
69
+ $wpdb->insert(
70
+ $wpdb->prefix . "mlw_qm_audit_trail",
71
+ array(
72
+ 'action_user' => $current_user->display_name,
73
+ 'action' => "Certificate Options Have Been Edited For Quiz Number $mlw_certificate_id",
74
+ 'time' => date("h:i:s A m/d/Y")
75
+ ),
76
+ array(
77
+ '%s',
78
+ '%s',
79
+ '%s'
80
+ )
81
+ );
82
+ } else {
83
  $mlwQuizMasterNext->alertManager->newAlert(sprintf(__('There has been an error in this action. Please share this with the developer. Error Code: %s', 'quiz-master-next'), '0012'), 'error');
84
  }
85
  }
php/qmn_options_email_tab.php CHANGED
@@ -57,11 +57,19 @@ function mlw_options_emails_tab_content()
57
  //Insert Action Into Audit Trail
58
  global $current_user;
59
  get_currentuserinfo();
60
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
61
- $insert = "INSERT INTO " . $table_name .
62
- "(trail_id, action_user, action, time) " .
63
- "VALUES (NULL , '" . $current_user->display_name . "' , 'New User Email Has Been Created For Quiz Number ".$mlw_qmn_add_email_id."' , '" . date("h:i:s A m/d/Y") . "')";
64
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
65
  }
66
  else
67
  {
@@ -116,11 +124,19 @@ function mlw_options_emails_tab_content()
116
  //Insert Action Into Audit Trail
117
  global $current_user;
118
  get_currentuserinfo();
119
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
120
- $insert = "INSERT INTO " . $table_name .
121
- "(trail_id, action_user, action, time) " .
122
- "VALUES (NULL , '" . $current_user->display_name . "' , 'New Admin Email Has Been Created For Quiz Number ".$mlw_qmn_add_email_id."' , '" . date("h:i:s A m/d/Y") . "')";
123
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
124
  }
125
  else
126
  {
@@ -135,10 +151,10 @@ function mlw_options_emails_tab_content()
135
  $mlw_qmn_email_id = intval($_POST["mlw_email_quiz_id"]);
136
  $mlw_qmn_email_template_total = intval($_POST["mlw_email_template_total"]);
137
  $mlw_qmn_email_admin_total = intval($_POST["mlw_email_admin_total"]);
138
- $mlw_send_user_email = $_POST["sendUserEmail"];
139
- $mlw_send_admin_email = $_POST["sendAdminEmail"];
140
- $mlw_admin_email = $_POST["adminEmail"];
141
- $mlw_email_from_text = $_POST["emailFromText"];
142
 
143
  //Create new array
144
  $i = 1;
@@ -180,11 +196,19 @@ function mlw_options_emails_tab_content()
180
  //Insert Action Into Audit Trail
181
  global $current_user;
182
  get_currentuserinfo();
183
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
184
- $insert = "INSERT INTO " . $table_name .
185
- "(trail_id, action_user, action, time) " .
186
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Email Templates Have Been Saved For Quiz Number ".$mlw_qmn_email_id."' , '" . date("h:i:s A m/d/Y") . "')";
187
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
188
  }
189
  else
190
  {
57
  //Insert Action Into Audit Trail
58
  global $current_user;
59
  get_currentuserinfo();
60
+ $wpdb->insert(
61
+ $wpdb->prefix . "mlw_qm_audit_trail",
62
+ array(
63
+ 'action_user' => $current_user->display_name,
64
+ 'action' => "New User Email Has Been Created For Quiz Number $mlw_qmn_add_email_id",
65
+ 'time' => date("h:i:s A m/d/Y")
66
+ ),
67
+ array(
68
+ '%s',
69
+ '%s',
70
+ '%s'
71
+ )
72
+ );
73
  }
74
  else
75
  {
124
  //Insert Action Into Audit Trail
125
  global $current_user;
126
  get_currentuserinfo();
127
+ $wpdb->insert(
128
+ $wpdb->prefix . "mlw_qm_audit_trail",
129
+ array(
130
+ 'action_user' => $current_user->display_name,
131
+ 'action' => "New Admin Email Has Been Created For Quiz Number $mlw_qmn_add_email_id",
132
+ 'time' => date("h:i:s A m/d/Y")
133
+ ),
134
+ array(
135
+ '%s',
136
+ '%s',
137
+ '%s'
138
+ )
139
+ );
140
  }
141
  else
142
  {
151
  $mlw_qmn_email_id = intval($_POST["mlw_email_quiz_id"]);
152
  $mlw_qmn_email_template_total = intval($_POST["mlw_email_template_total"]);
153
  $mlw_qmn_email_admin_total = intval($_POST["mlw_email_admin_total"]);
154
+ $mlw_send_user_email = intval( $_POST["sendUserEmail"] );
155
+ $mlw_send_admin_email = intval( $_POST["sendAdminEmail"] );
156
+ $mlw_admin_email = sanitize_text_field( $_POST["adminEmail"] );
157
+ $mlw_email_from_text = sanitize_text_field( $_POST["emailFromText"] );
158
 
159
  //Create new array
160
  $i = 1;
196
  //Insert Action Into Audit Trail
197
  global $current_user;
198
  get_currentuserinfo();
199
+ $wpdb->insert(
200
+ $wpdb->prefix . "mlw_qm_audit_trail",
201
+ array(
202
+ 'action_user' => $current_user->display_name,
203
+ 'action' => "Email Templates Have Been Saved For Quiz Number $mlw_qmn_email_id",
204
+ 'time' => date("h:i:s A m/d/Y")
205
+ ),
206
+ array(
207
+ '%s',
208
+ '%s',
209
+ '%s'
210
+ )
211
+ );
212
  }
213
  else
214
  {
php/qmn_options_leaderboard_tab.php CHANGED
@@ -14,7 +14,7 @@ function qmn_settings_leaderboard_tab()
14
  }
15
  add_action("plugins_loaded", 'qmn_settings_leaderboard_tab', 5);
16
 
17
-
18
  /**
19
  * Adds the leaderboard content to the leaderboard tab.
20
  *
@@ -25,30 +25,46 @@ function mlw_options_leaderboard_tab_content()
25
  {
26
  global $wpdb;
27
  global $mlwQuizMasterNext;
28
- $quiz_id = $_GET["quiz_id"];
29
  ///Submit saved leaderboard template into database
30
  if ( isset($_POST["save_leaderboard_options"]) && $_POST["save_leaderboard_options"] == "confirmation")
31
  {
32
  ///Variables for save leaderboard options form
33
- $mlw_leaderboard_template = $_POST["mlw_quiz_leaderboard_template"];
34
- $mlw_leaderboard_quiz_id = $_POST["leaderboard_quiz_id"];
35
- $update = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET leaderboard_template='".$mlw_leaderboard_template."', last_activity='".date("Y-m-d H:i:s")."' WHERE quiz_id=".$mlw_leaderboard_quiz_id;
36
- $results = $wpdb->query( $update );
37
- if ($results != false)
38
- {
 
 
 
 
 
 
 
 
 
 
39
  $mlwQuizMasterNext->alertManager->newAlert(__('The leaderboards has been updated successfully.', 'quiz-master-next'), 'success');
40
 
41
  //Insert Action Into Audit Trail
42
  global $current_user;
43
  get_currentuserinfo();
44
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
45
- $insert = "INSERT INTO " . $table_name .
46
- "(trail_id, action_user, action, time) " .
47
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Leaderboard Options Have Been Edited For Quiz Number ".$mlw_leaderboard_quiz_id."' , '" . date("h:i:s A m/d/Y") . "')";
48
- $results = $wpdb->query( $insert );
49
- }
50
- else
51
- {
 
 
 
 
 
 
52
  $mlwQuizMasterNext->alertManager->newAlert(sprintf(__('There has been an error in this action. Please share this with the developer. Error Code: %s', 'quiz-master-next'), '0009'), 'error');
53
  }
54
  }
14
  }
15
  add_action("plugins_loaded", 'qmn_settings_leaderboard_tab', 5);
16
 
17
+
18
  /**
19
  * Adds the leaderboard content to the leaderboard tab.
20
  *
25
  {
26
  global $wpdb;
27
  global $mlwQuizMasterNext;
28
+ $quiz_id = intval( $_GET["quiz_id"] );
29
  ///Submit saved leaderboard template into database
30
  if ( isset($_POST["save_leaderboard_options"]) && $_POST["save_leaderboard_options"] == "confirmation")
31
  {
32
  ///Variables for save leaderboard options form
33
+ $mlw_leaderboard_template = wp_kses_post( $_POST["mlw_quiz_leaderboard_template"] );
34
+ $mlw_leaderboard_quiz_id = intval( $_POST["leaderboard_quiz_id"] );
35
+ $results = $wpdb->update(
36
+ $wpdb->prefix . "mlw_quizzes",
37
+ array(
38
+ 'leaderboard_template' => $mlw_leaderboard_template,
39
+ 'last_activity' => date("Y-m-d H:i:s")
40
+ ),
41
+ array( 'quiz_id' => $mlw_leaderboard_quiz_id ),
42
+ array(
43
+ '%s',
44
+ '%s'
45
+ ),
46
+ array( '%d' )
47
+ );
48
+ if ( $results ) {
49
  $mlwQuizMasterNext->alertManager->newAlert(__('The leaderboards has been updated successfully.', 'quiz-master-next'), 'success');
50
 
51
  //Insert Action Into Audit Trail
52
  global $current_user;
53
  get_currentuserinfo();
54
+ $wpdb->insert(
55
+ $wpdb->prefix . "mlw_qm_audit_trail",
56
+ array(
57
+ 'action_user' => $current_user->display_name,
58
+ 'action' => "Leaderboard Options Have Been Edited For Quiz Number $mlw_leaderboard_quiz_id",
59
+ 'time' => date("h:i:s A m/d/Y")
60
+ ),
61
+ array(
62
+ '%s',
63
+ '%s',
64
+ '%s'
65
+ )
66
+ );
67
+ } else {
68
  $mlwQuizMasterNext->alertManager->newAlert(sprintf(__('There has been an error in this action. Please share this with the developer. Error Code: %s', 'quiz-master-next'), '0009'), 'error');
69
  }
70
  }
php/qmn_options_option_tab.php CHANGED
@@ -48,8 +48,11 @@ function mlw_options_option_tab_content()
48
  $ajax_show_correct = intval($_POST["ajax_show_correct"]);
49
  $mlw_comment_section = intval($_POST["commentSection"]);
50
  $mlw_qmn_loggedin_contact = intval($_POST["loggedin_user_contact"]);
51
- $qmn_scheduled_timeframe = serialize(array("start" => $_POST["scheduled_time_start"], "end" => $_POST["scheduled_time_end"]));
52
- $quiz_id = $_POST["quiz_id"];
 
 
 
53
 
54
  $results = $wpdb->update(
55
  $wpdb->prefix . "mlw_quizzes",
@@ -109,11 +112,19 @@ function mlw_options_option_tab_content()
109
  //Insert Action Into Audit Trail
110
  global $current_user;
111
  get_currentuserinfo();
112
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
113
- $insert = "INSERT INTO " . $table_name .
114
- "(trail_id, action_user, action, time) " .
115
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Options Have Been Edited For Quiz Number ".$quiz_id."' , '" . date("h:i:s A m/d/Y") . "')";
116
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
117
  }
118
  else
119
  {
48
  $ajax_show_correct = intval($_POST["ajax_show_correct"]);
49
  $mlw_comment_section = intval($_POST["commentSection"]);
50
  $mlw_qmn_loggedin_contact = intval($_POST["loggedin_user_contact"]);
51
+ $qmn_scheduled_timeframe = serialize( array(
52
+ 'start' => sanitize_text_field( $_POST["scheduled_time_start"] ),
53
+ 'end' => sanitize_text_field( $_POST["scheduled_time_end"] )
54
+ ));
55
+ $quiz_id = intval( $_POST["quiz_id"] );
56
 
57
  $results = $wpdb->update(
58
  $wpdb->prefix . "mlw_quizzes",
112
  //Insert Action Into Audit Trail
113
  global $current_user;
114
  get_currentuserinfo();
115
+ $wpdb->insert(
116
+ $wpdb->prefix . "mlw_qm_audit_trail",
117
+ array(
118
+ 'action_user' => $current_user->display_name,
119
+ 'action' => "Options Have Been Edited For Quiz Number $quiz_id",
120
+ 'time' => date("h:i:s A m/d/Y")
121
+ ),
122
+ array(
123
+ '%s',
124
+ '%s',
125
+ '%s'
126
+ )
127
+ );
128
  }
129
  else
130
  {
php/qmn_options_questions_tab.php CHANGED
@@ -35,28 +35,23 @@ function mlw_options_questions_tab_content()
35
  $quiz_id = $_GET["quiz_id"];
36
 
37
  //Edit question
38
- if ( isset($_POST["question_submission"]) && $_POST["question_submission"] == "edit_question")
39
- {
40
  //Variables from edit question form
41
  $edit_question_name = trim(preg_replace('/\s+/',' ', nl2br(htmlspecialchars(stripslashes($_POST["question_name"]), ENT_QUOTES))));
42
- $edit_question_answer_info = htmlspecialchars(stripslashes($_POST["correct_answer_info"]), ENT_QUOTES);
43
- $mlw_edit_question_id = intval($_POST["question_id"]);
44
- $mlw_edit_question_type = $_POST["question_type"];
45
- $edit_comments = htmlspecialchars($_POST["comments"], ENT_QUOTES);
46
- $edit_hint = htmlspecialchars($_POST["hint"], ENT_QUOTES);
47
- $edit_question_order = intval($_POST["new_question_order"]);
48
- $mlw_edit_answer_total = intval($_POST["new_question_answer_total"]);
49
-
50
- if (isset($_POST["new_category"]))
51
- {
52
- $qmn_edit_category = $_POST["new_category"];
53
- if ($qmn_edit_category == 'new_category')
54
- {
55
- $qmn_edit_category = $_POST["new_new_category"];
56
  }
57
- }
58
- else
59
- {
60
  $qmn_edit_category = '';
61
  }
62
  $mlw_row_settings = $wpdb->get_row( $wpdb->prepare( "SELECT question_settings FROM " . $wpdb->prefix . "mlw_questions" . " WHERE question_id=%d", $mlw_edit_question_id ) );
@@ -91,8 +86,8 @@ function mlw_options_questions_tab_content()
91
  }
92
  $i++;
93
  }
94
- $mlw_qmn_new_answer_array = serialize($mlw_qmn_new_answer_array);
95
- $quiz_id = $_POST["quiz_id"];
96
 
97
  $results = $wpdb->update(
98
  $wpdb->prefix . "mlw_questions",
@@ -121,18 +116,26 @@ function mlw_options_questions_tab_content()
121
  ),
122
  array( '%d' )
123
  );
124
- if ($results != false)
125
  {
126
  $mlwQuizMasterNext->alertManager->newAlert(__('The question has been updated successfully.', 'quiz-master-next'), 'success');
127
 
128
  //Insert Action Into Audit Trail
129
  global $current_user;
130
  get_currentuserinfo();
131
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
132
- $insert = "INSERT INTO " . $table_name .
133
- "(trail_id, action_user, action, time) " .
134
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Question Has Been Edited: ".$edit_question_name."' , '" . date("h:i:s A m/d/Y") . "')";
135
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
136
  }
137
  else
138
  {
@@ -140,14 +143,23 @@ function mlw_options_questions_tab_content()
140
  }
141
  }
142
  //Delete question from quiz
143
- if ( isset($_POST["delete_question"]) && $_POST["delete_question"] == "confirmation")
144
  {
145
  //Variables from delete question form
146
- $mlw_question_id = intval($_POST["delete_question_id"]);
147
- $quiz_id = $_POST["quiz_id"];
148
 
149
- $update = "UPDATE " . $wpdb->prefix . "mlw_questions" . " SET deleted=1 WHERE question_id=".$mlw_question_id;
150
- $results = $wpdb->query( $update );
 
 
 
 
 
 
 
 
 
151
  if ($results != false)
152
  {
153
  $mlwQuizMasterNext->alertManager->newAlert(__('The question has been deleted successfully.', 'quiz-master-next'), 'success');
@@ -155,11 +167,19 @@ function mlw_options_questions_tab_content()
155
  //Insert Action Into Audit Trail
156
  global $current_user;
157
  get_currentuserinfo();
158
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
159
- $insert = "INSERT INTO " . $table_name .
160
- "(trail_id, action_user, action, time) " .
161
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Question Has Been Deleted: ".$mlw_question_id."' , '" . date("h:i:s A m/d/Y") . "')";
162
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
163
  }
164
  else
165
  {
@@ -168,11 +188,10 @@ function mlw_options_questions_tab_content()
168
  }
169
 
170
  //Duplicate Questions
171
- if ( isset($_POST["duplicate_question"]) && $_POST["duplicate_question"] == "confirmation")
172
- {
173
  //Variables from delete question form
174
- $mlw_question_id = intval($_POST["duplicate_question_id"]);
175
- $quiz_id = $_POST["quiz_id"];
176
 
177
  $mlw_original = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM ".$wpdb->prefix."mlw_questions WHERE question_id=%d", $mlw_question_id ), ARRAY_A );
178
 
@@ -239,11 +258,19 @@ function mlw_options_questions_tab_content()
239
  //Insert Action Into Audit Trail
240
  global $current_user;
241
  get_currentuserinfo();
242
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
243
- $insert = "INSERT INTO " . $table_name .
244
- "(trail_id, action_user, action, time) " .
245
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Question Has Been Duplicated: ".$mlw_question_id."' , '" . date("h:i:s A m/d/Y") . "')";
246
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
247
  }
248
  else
249
  {
@@ -252,27 +279,22 @@ function mlw_options_questions_tab_content()
252
  }
253
 
254
  //Submit new question into database
255
- if ( isset($_POST["question_submission"]) && $_POST["question_submission"] == "new_question")
256
- {
257
  //Variables from new question form
258
  $question_name = trim(preg_replace('/\s+/',' ', nl2br(htmlspecialchars(stripslashes($_POST["question_name"]), ENT_QUOTES))));
259
- $question_answer_info = htmlspecialchars(stripslashes($_POST["correct_answer_info"]), ENT_QUOTES);
260
- $question_type = $_POST["question_type"];
261
- $comments = htmlspecialchars($_POST["comments"], ENT_QUOTES);
262
- $hint = htmlspecialchars($_POST["hint"], ENT_QUOTES);
263
- $new_question_order = intval($_POST["new_question_order"]);
264
- $mlw_answer_total = intval($_POST["new_question_answer_total"]);
265
-
266
- if (isset($_POST['new_category']))
267
- {
268
- $qmn_category = $_POST["new_category"];
269
- if ($qmn_category == 'new_category')
270
- {
271
- $qmn_category = $_POST["new_new_category"];
272
  }
273
- }
274
- else
275
- {
276
  $qmn_category = '';
277
  }
278
  $mlw_settings = array();
@@ -295,7 +317,7 @@ function mlw_options_questions_tab_content()
295
  $i++;
296
  }
297
  $mlw_qmn_new_answer_array = serialize($mlw_qmn_new_answer_array);
298
- $quiz_id = $_POST["quiz_id"];
299
  $results = $wpdb->insert(
300
  $wpdb->prefix."mlw_questions",
301
  array(
@@ -332,11 +354,19 @@ function mlw_options_questions_tab_content()
332
  //Insert Action Into Audit Trail
333
  global $current_user;
334
  get_currentuserinfo();
335
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
336
- $insert = "INSERT INTO " . $table_name .
337
- "(trail_id, action_user, action, time) " .
338
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Question Has Been Added: ".$question_name."' , '" . date("h:i:s A m/d/Y") . "')";
339
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
340
  }
341
  else
342
  {
35
  $quiz_id = $_GET["quiz_id"];
36
 
37
  //Edit question
38
+ if ( isset( $_POST["question_submission"] ) && $_POST["question_submission"] == "edit_question" ) {
 
39
  //Variables from edit question form
40
  $edit_question_name = trim(preg_replace('/\s+/',' ', nl2br(htmlspecialchars(stripslashes($_POST["question_name"]), ENT_QUOTES))));
41
+ $edit_question_answer_info = htmlspecialchars(stripslashes( $_POST["correct_answer_info"]), ENT_QUOTES );
42
+ $mlw_edit_question_id = intval( $_POST["question_id"] ) ;
43
+ $mlw_edit_question_type = sanitize_text_field( $_POST["question_type"] );
44
+ $edit_comments = htmlspecialchars( $_POST["comments"], ENT_QUOTES );
45
+ $edit_hint = htmlspecialchars( $_POST["hint"], ENT_QUOTES );
46
+ $edit_question_order = intval( $_POST["new_question_order"] );
47
+ $mlw_edit_answer_total = intval( $_POST["new_question_answer_total"] );
48
+
49
+ if ( isset( $_POST["new_category"] ) ) {
50
+ $qmn_edit_category = sanitize_text_field( $_POST["new_category"] );
51
+ if ( $qmn_edit_category == 'new_category' ) {
52
+ $qmn_edit_category = sanitize_text_field( $_POST["new_new_category"] );
 
 
53
  }
54
+ } else {
 
 
55
  $qmn_edit_category = '';
56
  }
57
  $mlw_row_settings = $wpdb->get_row( $wpdb->prepare( "SELECT question_settings FROM " . $wpdb->prefix . "mlw_questions" . " WHERE question_id=%d", $mlw_edit_question_id ) );
86
  }
87
  $i++;
88
  }
89
+ $mlw_qmn_new_answer_array = serialize( $mlw_qmn_new_answer_array );
90
+ $quiz_id = intval( $_POST["quiz_id"] );
91
 
92
  $results = $wpdb->update(
93
  $wpdb->prefix . "mlw_questions",
116
  ),
117
  array( '%d' )
118
  );
119
+ if ($results !== false)
120
  {
121
  $mlwQuizMasterNext->alertManager->newAlert(__('The question has been updated successfully.', 'quiz-master-next'), 'success');
122
 
123
  //Insert Action Into Audit Trail
124
  global $current_user;
125
  get_currentuserinfo();
126
+ $wpdb->insert(
127
+ $wpdb->prefix . "mlw_qm_audit_trail",
128
+ array(
129
+ 'action_user' => $current_user->display_name,
130
+ 'action' => "Question Has Been Edited: $edit_question_name",
131
+ 'time' => date("h:i:s A m/d/Y")
132
+ ),
133
+ array(
134
+ '%s',
135
+ '%s',
136
+ '%s'
137
+ )
138
+ );
139
  }
140
  else
141
  {
143
  }
144
  }
145
  //Delete question from quiz
146
+ if ( isset( $_POST["delete_question"] ) && $_POST["delete_question"] == "confirmation")
147
  {
148
  //Variables from delete question form
149
+ $mlw_question_id = intval( $_POST["delete_question_id"] );
150
+ $quiz_id = intval( $_POST["quiz_id"] );
151
 
152
+ $results = $wpdb->update(
153
+ $wpdb->prefix . "mlw_questions",
154
+ array(
155
+ 'deleted' => 1
156
+ ),
157
+ array( 'question_id' => $mlw_question_id ),
158
+ array(
159
+ '%d'
160
+ ),
161
+ array( '%d' )
162
+ );
163
  if ($results != false)
164
  {
165
  $mlwQuizMasterNext->alertManager->newAlert(__('The question has been deleted successfully.', 'quiz-master-next'), 'success');
167
  //Insert Action Into Audit Trail
168
  global $current_user;
169
  get_currentuserinfo();
170
+ $wpdb->insert(
171
+ $wpdb->prefix . "mlw_qm_audit_trail",
172
+ array(
173
+ 'action_user' => $current_user->display_name,
174
+ 'action' => "Question Has Been Deleted: $mlw_question_id",
175
+ 'time' => date("h:i:s A m/d/Y")
176
+ ),
177
+ array(
178
+ '%s',
179
+ '%s',
180
+ '%s'
181
+ )
182
+ );
183
  }
184
  else
185
  {
188
  }
189
 
190
  //Duplicate Questions
191
+ if ( isset( $_POST["duplicate_question"] ) && $_POST["duplicate_question"] == "confirmation") {
 
192
  //Variables from delete question form
193
+ $mlw_question_id = intval( $_POST["duplicate_question_id"] );
194
+ $quiz_id = intval( $_POST["quiz_id"] );
195
 
196
  $mlw_original = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM ".$wpdb->prefix."mlw_questions WHERE question_id=%d", $mlw_question_id ), ARRAY_A );
197
 
258
  //Insert Action Into Audit Trail
259
  global $current_user;
260
  get_currentuserinfo();
261
+ $wpdb->insert(
262
+ $wpdb->prefix . "mlw_qm_audit_trail",
263
+ array(
264
+ 'action_user' => $current_user->display_name,
265
+ 'action' => "Question Has Been Duplicated: $mlw_question_id",
266
+ 'time' => date("h:i:s A m/d/Y")
267
+ ),
268
+ array(
269
+ '%s',
270
+ '%s',
271
+ '%s'
272
+ )
273
+ );
274
  }
275
  else
276
  {
279
  }
280
 
281
  //Submit new question into database
282
+ if ( isset( $_POST["question_submission"] ) && $_POST["question_submission"] == "new_question") {
 
283
  //Variables from new question form
284
  $question_name = trim(preg_replace('/\s+/',' ', nl2br(htmlspecialchars(stripslashes($_POST["question_name"]), ENT_QUOTES))));
285
+ $question_answer_info = htmlspecialchars( stripslashes( $_POST["correct_answer_info"] ), ENT_QUOTES );
286
+ $question_type = sanitize_text_field( $_POST["question_type"] );
287
+ $comments = htmlspecialchars( $_POST["comments"], ENT_QUOTES );
288
+ $hint = htmlspecialchars( $_POST["hint"], ENT_QUOTES );
289
+ $new_question_order = intval( $_POST["new_question_order"] );
290
+ $mlw_answer_total = intval( $_POST["new_question_answer_total"] );
291
+
292
+ if ( isset( $_POST['new_category'] ) ) {
293
+ $qmn_category = sanitize_text_field( $_POST["new_category"] );
294
+ if ($qmn_category == 'new_category') {
295
+ $qmn_category = sanitize_text_field( $_POST["new_new_category"] );
 
 
296
  }
297
+ } else {
 
 
298
  $qmn_category = '';
299
  }
300
  $mlw_settings = array();
317
  $i++;
318
  }
319
  $mlw_qmn_new_answer_array = serialize($mlw_qmn_new_answer_array);
320
+ $quiz_id = intval( $_POST["quiz_id"] );
321
  $results = $wpdb->insert(
322
  $wpdb->prefix."mlw_questions",
323
  array(
354
  //Insert Action Into Audit Trail
355
  global $current_user;
356
  get_currentuserinfo();
357
+ $wpdb->insert(
358
+ $wpdb->prefix . "mlw_qm_audit_trail",
359
+ array(
360
+ 'action_user' => $current_user->display_name,
361
+ 'action' => "Question Has Been Added: $question_name",
362
+ 'time' => date("h:i:s A m/d/Y")
363
+ ),
364
+ array(
365
+ '%s',
366
+ '%s',
367
+ '%s'
368
+ )
369
+ );
370
  }
371
  else
372
  {
php/qmn_options_results_page_tab.php CHANGED
@@ -57,11 +57,19 @@ function mlw_options_results_tab_content()
57
  //Insert Action Into Audit Trail
58
  global $current_user;
59
  get_currentuserinfo();
60
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
61
- $insert = "INSERT INTO " . $table_name .
62
- "(trail_id, action_user, action, time) " .
63
- "VALUES (NULL , '" . $current_user->display_name . "' , 'New Landing Page Has Been Created For Quiz Number ".$mlw_qmn_landing_id."' , '" . date("h:i:s A m/d/Y") . "')";
64
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
65
  }
66
  else
67
  {
@@ -97,11 +105,19 @@ function mlw_options_results_tab_content()
97
  //Insert Action Into Audit Trail
98
  global $current_user;
99
  get_currentuserinfo();
100
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
101
- $insert = "INSERT INTO " . $table_name .
102
- "(trail_id, action_user, action, time) " .
103
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Landing Pages Have Been Saved For Quiz Number ".$mlw_qmn_landing_id."' , '" . date("h:i:s A m/d/Y") . "')";
104
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
105
  }
106
  else
107
  {
57
  //Insert Action Into Audit Trail
58
  global $current_user;
59
  get_currentuserinfo();
60
+ $wpdb->insert(
61
+ $wpdb->prefix . "mlw_qm_audit_trail",
62
+ array(
63
+ 'action_user' => $current_user->display_name,
64
+ 'action' => "New Results Page Has Been Created For Quiz Number $mlw_qmn_landing_id",
65
+ 'time' => date("h:i:s A m/d/Y")
66
+ ),
67
+ array(
68
+ '%s',
69
+ '%s',
70
+ '%s'
71
+ )
72
+ );
73
  }
74
  else
75
  {
105
  //Insert Action Into Audit Trail
106
  global $current_user;
107
  get_currentuserinfo();
108
+ $wpdb->insert(
109
+ $wpdb->prefix . "mlw_qm_audit_trail",
110
+ array(
111
+ 'action_user' => $current_user->display_name,
112
+ 'action' => "Results Pages Have Been Saved For Quiz Number $mlw_qmn_landing_id",
113
+ 'time' => date("h:i:s A m/d/Y")
114
+ ),
115
+ array(
116
+ '%s',
117
+ '%s',
118
+ '%s'
119
+ )
120
+ );
121
  }
122
  else
123
  {
php/qmn_options_style_tab.php CHANGED
@@ -15,7 +15,7 @@ function qmn_settings_style_tab()
15
  add_action("plugins_loaded", 'qmn_settings_style_tab', 5);
16
 
17
  /**
18
- * Adds the Style tab content to the tab.
19
  *
20
  * @return void
21
  * @since 4.4.0
@@ -28,9 +28,9 @@ function mlw_options_styling_tab_content()
28
  if (isset($_POST["save_style_options"]) && $_POST["save_style_options"] == "confirmation")
29
  {
30
  //Function Variables
31
- $mlw_qmn_style_id = intval($_POST["style_quiz_id"]);
32
- $mlw_qmn_theme = $_POST["save_quiz_theme"];
33
- $mlw_qmn_style = htmlspecialchars(stripslashes($_POST["quiz_css"]), ENT_QUOTES);
34
 
35
  //Save the new css
36
  $mlw_save_stle_results = $wpdb->query( $wpdb->prepare( "UPDATE ".$wpdb->prefix."mlw_quizzes SET quiz_stye='%s', theme_selected='%s', last_activity='".date("Y-m-d H:i:s")."' WHERE quiz_id=%d", $mlw_qmn_style, $mlw_qmn_theme, $mlw_qmn_style_id ) );
@@ -41,11 +41,19 @@ function mlw_options_styling_tab_content()
41
  //Insert Action Into Audit Trail
42
  global $current_user;
43
  get_currentuserinfo();
44
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
45
- $insert = "INSERT INTO " . $table_name .
46
- "(trail_id, action_user, action, time) " .
47
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Styles Have Been Saved For Quiz Number ".$mlw_qmn_style_id."' , '" . date("h:i:s A m/d/Y") . "')";
48
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
49
  }
50
  else
51
  {
15
  add_action("plugins_loaded", 'qmn_settings_style_tab', 5);
16
 
17
  /**
18
+ * Adds the Style tab content to the tab.
19
  *
20
  * @return void
21
  * @since 4.4.0
28
  if (isset($_POST["save_style_options"]) && $_POST["save_style_options"] == "confirmation")
29
  {
30
  //Function Variables
31
+ $mlw_qmn_style_id = intval( $_POST["style_quiz_id"] );
32
+ $mlw_qmn_theme = sanitize_text_field( $_POST["save_quiz_theme"] );
33
+ $mlw_qmn_style = htmlspecialchars( stripslashes( $_POST["quiz_css"] ), ENT_QUOTES );
34
 
35
  //Save the new css
36
  $mlw_save_stle_results = $wpdb->query( $wpdb->prepare( "UPDATE ".$wpdb->prefix."mlw_quizzes SET quiz_stye='%s', theme_selected='%s', last_activity='".date("Y-m-d H:i:s")."' WHERE quiz_id=%d", $mlw_qmn_style, $mlw_qmn_theme, $mlw_qmn_style_id ) );
41
  //Insert Action Into Audit Trail
42
  global $current_user;
43
  get_currentuserinfo();
44
+ $wpdb->insert(
45
+ $wpdb->prefix . "mlw_qm_audit_trail",
46
+ array(
47
+ 'action_user' => $current_user->display_name,
48
+ 'action' => "Styles Have Been Saved For Quiz Number $mlw_qmn_style_id",
49
+ 'time' => date("h:i:s A m/d/Y")
50
+ ),
51
+ array(
52
+ '%s',
53
+ '%s',
54
+ '%s'
55
+ )
56
+ );
57
  }
58
  else
59
  {
php/qmn_options_text_tab.php CHANGED
@@ -29,27 +29,74 @@ function mlw_options_text_tab_content()
29
  if ( isset($_POST["save_templates"]) && $_POST["save_templates"] == "confirmation")
30
  {
31
  //Variables for save templates form
32
- $mlw_before_message = htmlspecialchars($_POST["mlw_quiz_before_message"], ENT_QUOTES);
33
- $mlw_qmn_message_end = htmlspecialchars($_POST["message_end_template"], ENT_QUOTES);
34
- $mlw_user_tries_text = htmlspecialchars($_POST["mlw_quiz_total_user_tries_text"], ENT_QUOTES);
35
- $mlw_submit_button_text = htmlspecialchars($_POST["mlw_submitText"], ENT_QUOTES);
36
- $mlw_name_field_text = htmlspecialchars($_POST["mlw_nameText"], ENT_QUOTES);
37
- $mlw_business_field_text = htmlspecialchars($_POST["mlw_businessText"], ENT_QUOTES);
38
- $mlw_email_field_text = htmlspecialchars($_POST["mlw_emailText"], ENT_QUOTES);
39
- $mlw_phone_field_text = htmlspecialchars($_POST["mlw_phoneText"], ENT_QUOTES);
40
- $mlw_before_comments = htmlspecialchars($_POST["mlw_quiz_before_comments"], ENT_QUOTES);
41
- $mlw_comment_field_text = htmlspecialchars($_POST["mlw_commentText"], ENT_QUOTES);
42
- $mlw_require_log_in_text = htmlspecialchars($_POST["mlw_require_log_in_text"], ENT_QUOTES);
43
- $mlw_scheduled_timeframe_text = htmlspecialchars($_POST["mlw_scheduled_timeframe_text"], ENT_QUOTES);
44
- $mlw_limit_total_entries_text = htmlspecialchars($_POST["mlw_limit_total_entries_text"], ENT_QUOTES);
45
- $mlw_qmn_pagination_field = serialize(array( $_POST["pagination_prev_text"], $_POST["pagination_next_text"] ));
46
- $qmn_social_media_text = serialize(array('twitter' => $_POST["mlw_quiz_twitter_text_template"], 'facebook' => $_POST["mlw_quiz_facebook_text_template"]));
 
 
 
 
 
 
47
 
48
- $mlw_question_answer_template = htmlspecialchars($_POST["mlw_quiz_question_answer_template"], ENT_QUOTES);
49
  $quiz_id = intval($_POST["quiz_id"]);
50
 
51
- $update = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET message_before='".$mlw_before_message."', message_comment='".$mlw_before_comments."', message_end_template='".$mlw_qmn_message_end."', comment_field_text='".$mlw_comment_field_text."', question_answer_template='".$mlw_question_answer_template."', submit_button_text='".$mlw_submit_button_text."', name_field_text='".$mlw_name_field_text."', business_field_text='".$mlw_business_field_text."', email_field_text='".$mlw_email_field_text."', phone_field_text='".$mlw_phone_field_text."', total_user_tries_text='".$mlw_user_tries_text."', social_media_text='".$qmn_social_media_text."', pagination_text='".$mlw_qmn_pagination_field."', require_log_in_text='".$mlw_require_log_in_text."', limit_total_entries_text='".$mlw_limit_total_entries_text."', last_activity='".date("Y-m-d H:i:s")."', scheduled_timeframe_text='".$mlw_scheduled_timeframe_text."' WHERE quiz_id=".$quiz_id;
52
- $results = $wpdb->query( $update );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
53
  if ($results != false)
54
  {
55
  $mlwQuizMasterNext->alertManager->newAlert(__('The templates has been updated successfully.', 'quiz-master-next'), 'success');
@@ -57,11 +104,19 @@ function mlw_options_text_tab_content()
57
  //Insert Action Into Audit Trail
58
  global $current_user;
59
  get_currentuserinfo();
60
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
61
- $insert = "INSERT INTO " . $table_name .
62
- "(trail_id, action_user, action, time) " .
63
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Templates Have Been Edited For Quiz Number ".$quiz_id."' , '" . date("h:i:s A m/d/Y") . "')";
64
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
65
  }
66
  else
67
  {
29
  if ( isset($_POST["save_templates"]) && $_POST["save_templates"] == "confirmation")
30
  {
31
  //Variables for save templates form
32
+ $mlw_before_message = htmlspecialchars( stripslashes( $_POST["mlw_quiz_before_message"] ), ENT_QUOTES);
33
+ $mlw_qmn_message_end = htmlspecialchars( stripslashes( $_POST["message_end_template"] ), ENT_QUOTES);
34
+ $mlw_user_tries_text = htmlspecialchars( stripslashes( $_POST["mlw_quiz_total_user_tries_text"] ), ENT_QUOTES);
35
+ $mlw_submit_button_text = sanitize_text_field( stripslashes( $_POST["mlw_submitText"] ) );
36
+ $mlw_name_field_text = sanitize_text_field( stripslashes( $_POST["mlw_nameText"] ) );
37
+ $mlw_business_field_text = sanitize_text_field( stripslashes( $_POST["mlw_businessText"] ) );
38
+ $mlw_email_field_text = sanitize_text_field( stripslashes( $_POST["mlw_emailText"] ) );
39
+ $mlw_phone_field_text = sanitize_text_field( stripslashes( $_POST["mlw_phoneText"] ) );
40
+ $mlw_before_comments = htmlspecialchars(stripslashes( $_POST["mlw_quiz_before_comments"] ), ENT_QUOTES);
41
+ $mlw_comment_field_text = htmlspecialchars(stripslashes( $_POST["mlw_commentText"] ), ENT_QUOTES);
42
+ $mlw_require_log_in_text = htmlspecialchars(stripslashes( $_POST["mlw_require_log_in_text"] ), ENT_QUOTES);
43
+ $mlw_scheduled_timeframe_text = htmlspecialchars(stripslashes( $_POST["mlw_scheduled_timeframe_text"] ), ENT_QUOTES);
44
+ $mlw_limit_total_entries_text = htmlspecialchars(stripslashes( $_POST["mlw_limit_total_entries_text"] ), ENT_QUOTES);
45
+ $mlw_qmn_pagination_field = serialize( array(
46
+ sanitize_text_field( stripslashes( $_POST["pagination_prev_text"] ) ),
47
+ sanitize_text_field( stripslashes( $_POST["pagination_next_text"] ) )
48
+ ));
49
+ $qmn_social_media_text = serialize( array(
50
+ 'twitter' => wp_kses_post( stripslashes( $_POST["mlw_quiz_twitter_text_template"] ) ),
51
+ 'facebook' => wp_kses_post( stripslashes( $_POST["mlw_quiz_facebook_text_template"] ) )
52
+ ));
53
 
54
+ $mlw_question_answer_template = htmlspecialchars(stripslashes( $_POST["mlw_quiz_question_answer_template"] ), ENT_QUOTES);
55
  $quiz_id = intval($_POST["quiz_id"]);
56
 
57
+ $results = $wpdb->update(
58
+ $wpdb->prefix . "mlw_quizzes",
59
+ array(
60
+ 'message_before' => $mlw_before_message,
61
+ 'message_comment' => $mlw_before_comments,
62
+ 'message_end_template' => $mlw_qmn_message_end,
63
+ 'comment_field_text' => $mlw_comment_field_text,
64
+ 'question_answer_template' => $mlw_question_answer_template,
65
+ 'submit_button_text' => $mlw_submit_button_text,
66
+ 'name_field_text' => $mlw_name_field_text,
67
+ 'business_field_text' => $mlw_business_field_text,
68
+ 'email_field_text' => $mlw_email_field_text,
69
+ 'phone_field_text' => $mlw_phone_field_text,
70
+ 'total_user_tries_text' => $mlw_user_tries_text,
71
+ 'social_media_text' => $qmn_social_media_text,
72
+ 'pagination_text' => $mlw_qmn_pagination_field,
73
+ 'require_log_in_text' => $mlw_require_log_in_text,
74
+ 'limit_total_entries_text' => $mlw_limit_total_entries_text,
75
+ 'last_activity' => date("Y-m-d H:i:s"),
76
+ 'scheduled_timeframe_text' => $mlw_scheduled_timeframe_text
77
+ ),
78
+ array( 'quiz_id' => $quiz_id ),
79
+ array(
80
+ '%s',
81
+ '%s',
82
+ '%s',
83
+ '%s',
84
+ '%s',
85
+ '%s',
86
+ '%s',
87
+ '%s',
88
+ '%s',
89
+ '%s',
90
+ '%s',
91
+ '%s',
92
+ '%s',
93
+ '%s',
94
+ '%s',
95
+ '%s',
96
+ '%s'
97
+ ),
98
+ array( '%d' )
99
+ );
100
  if ($results != false)
101
  {
102
  $mlwQuizMasterNext->alertManager->newAlert(__('The templates has been updated successfully.', 'quiz-master-next'), 'success');
104
  //Insert Action Into Audit Trail
105
  global $current_user;
106
  get_currentuserinfo();
107
+ $wpdb->insert(
108
+ $wpdb->prefix . "mlw_qm_audit_trail",
109
+ array(
110
+ 'action_user' => $current_user->display_name,
111
+ 'action' => "Templates Have Been Edited For Quiz Number $quiz_id",
112
+ 'time' => date("h:i:s A m/d/Y")
113
+ ),
114
+ array(
115
+ '%s',
116
+ '%s',
117
+ '%s'
118
+ )
119
+ );
120
  }
121
  else
122
  {
php/qmn_options_tools_tab.php CHANGED
@@ -29,32 +29,49 @@ function mlw_options_tools_tab_content()
29
  if (isset($_POST["mlw_reset_quiz_stats"]) && $_POST["mlw_reset_quiz_stats"] == "confirmation")
30
  {
31
  //Variables from reset stats form
32
- $mlw_reset_stats_quiz_id = intval($_POST["mlw_reset_quiz_id"]);
33
- $mlw_reset_update_sql = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET quiz_views=0, quiz_taken=0, last_activity='".date("Y-m-d H:i:s")."' WHERE quiz_id=".$mlw_reset_stats_quiz_id;
34
- $mlw_reset_sql_results = $wpdb->query( $mlw_reset_update_sql );
35
- if ($mlw_reset_sql_results != false)
36
- {
 
 
 
 
 
 
 
 
 
 
 
 
37
  $mlwQuizMasterNext->alertManager->newAlert(__('The stats has been reset successfully.', 'quiz-master-next'), 'success');
38
 
39
  //Insert Action Into Audit Trail
40
  global $current_user;
41
  get_currentuserinfo();
42
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
43
- $insert = "INSERT INTO " . $table_name .
44
- "(trail_id, action_user, action, time) " .
45
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Quiz Stats Have Been Reset For Quiz Number $mlw_reset_stats_quiz_id' , '" . date("h:i:s A m/d/Y") . "')";
46
- $results = $wpdb->query( $insert );
47
- }
48
- else
49
- {
 
 
 
 
 
 
50
  $mlwQuizMasterNext->alertManager->newAlert(sprintf(__('There has been an error in this action. Please share this with the developer. Error Code: %s', 'quiz-master-next'), '0010'), 'error');
51
  }
52
  }
53
 
54
- if (isset($_GET["quiz_id"]))
55
- {
56
  $table_name = $wpdb->prefix . "mlw_quizzes";
57
- $mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $quiz_id));
58
  }
59
  ?>
60
  <div id="tabs-8" class="mlw_tab_content">
29
  if (isset($_POST["mlw_reset_quiz_stats"]) && $_POST["mlw_reset_quiz_stats"] == "confirmation")
30
  {
31
  //Variables from reset stats form
32
+ $mlw_reset_stats_quiz_id = intval( $_POST["mlw_reset_quiz_id"] );
33
+ $results = $wpdb->update(
34
+ $wpdb->prefix . "mlw_quizzes",
35
+ array(
36
+ 'quiz_views' => 1,
37
+ 'quiz_taken' => 1,
38
+ 'last_activity' => date("Y-m-d H:i:s")
39
+ ),
40
+ array( 'quiz_id' => $mlw_reset_stats_quiz_id ),
41
+ array(
42
+ '%d',
43
+ '%d',
44
+ '%s'
45
+ ),
46
+ array( '%d' )
47
+ );
48
+ if ( $results ) {
49
  $mlwQuizMasterNext->alertManager->newAlert(__('The stats has been reset successfully.', 'quiz-master-next'), 'success');
50
 
51
  //Insert Action Into Audit Trail
52
  global $current_user;
53
  get_currentuserinfo();
54
+ $wpdb->insert(
55
+ $wpdb->prefix . "mlw_qm_audit_trail",
56
+ array(
57
+ 'action_user' => $current_user->display_name,
58
+ 'action' => "Quiz Stats Have Been Reset For Quiz Number $mlw_reset_stats_quiz_id",
59
+ 'time' => date("h:i:s A m/d/Y")
60
+ ),
61
+ array(
62
+ '%s',
63
+ '%s',
64
+ '%s'
65
+ )
66
+ );
67
+ } else {
68
  $mlwQuizMasterNext->alertManager->newAlert(sprintf(__('There has been an error in this action. Please share this with the developer. Error Code: %s', 'quiz-master-next'), '0010'), 'error');
69
  }
70
  }
71
 
72
+ if ( isset( $_GET["quiz_id"] ) ) {
 
73
  $table_name = $wpdb->prefix . "mlw_quizzes";
74
+ $mlw_quiz_options = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $quiz_id ) );
75
  }
76
  ?>
77
  <div id="tabs-8" class="mlw_tab_content">
php/qmn_question_types.php CHANGED
@@ -67,17 +67,14 @@ function qmn_multiple_choice_review($id, $question, $answers)
67
  'user_text' => '',
68
  'correct_text' => ''
69
  );
70
- if (isset($_POST["question".$id]))
71
- {
72
- $mlw_user_answer = $_POST["question".$id];
73
- }
74
- else
75
- {
76
  $mlw_user_answer = " ";
77
  }
78
  foreach($answers as $answer)
79
  {
80
- if (htmlspecialchars(stripslashes($mlw_user_answer), ENT_QUOTES) == esc_attr($answer[0]))
81
  {
82
  $return_array["points"] = $answer[1];
83
  $return_array["user_text"] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
@@ -160,17 +157,14 @@ function qmn_horizontal_multiple_choice_review($id, $question, $answers)
160
  'user_text' => '',
161
  'correct_text' => ''
162
  );
163
- if (isset($_POST["question".$id]))
164
- {
165
- $mlw_user_answer = $_POST["question".$id];
166
- }
167
- else
168
- {
169
  $mlw_user_answer = " ";
170
  }
171
  foreach($answers as $answer)
172
  {
173
- if (htmlspecialchars(stripslashes($mlw_user_answer), ENT_QUOTES) == esc_attr($answer[0]))
174
  {
175
  $return_array["points"] = $answer[1];
176
  $return_array["user_text"] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
@@ -250,17 +244,14 @@ function qmn_drop_down_review($id, $question, $answers)
250
  'user_text' => '',
251
  'correct_text' => ''
252
  );
253
- if (isset($_POST["question".$id]))
254
- {
255
- $mlw_user_answer = $_POST["question".$id];
256
- }
257
- else
258
- {
259
  $mlw_user_answer = " ";
260
  }
261
  foreach($answers as $answer)
262
  {
263
- if (htmlspecialchars(stripslashes($mlw_user_answer), ENT_QUOTES) == esc_attr($answer[0]))
264
  {
265
  $return_array["points"] = $answer[1];
266
  $return_array["user_text"] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
@@ -329,15 +320,12 @@ function qmn_small_open_review($id, $question, $answers)
329
  'user_text' => '',
330
  'correct_text' => ''
331
  );
332
- if (isset($_POST["question".$id]))
333
- {
334
- $mlw_user_answer = $_POST["question".$id];
335
- }
336
- else
337
- {
338
  $mlw_user_answer = " ";
339
  }
340
- $return_array['user_text'] = strval(stripslashes(htmlspecialchars_decode($mlw_user_answer, ENT_QUOTES)));
341
  foreach($answers as $answer)
342
  {
343
  $return_array['correct_text'] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
@@ -354,7 +342,7 @@ function qmn_small_open_review($id, $question, $answers)
354
  add_action("plugins_loaded", 'qmn_question_type_multiple_response');
355
 
356
  /**
357
- * This function registers the multiple response question type
358
  *
359
  * @return void
360
  * @since 4.4.0
@@ -502,15 +490,12 @@ function qmn_large_open_review($id, $question, $answers)
502
  'user_text' => '',
503
  'correct_text' => ''
504
  );
505
- if (isset($_POST["question".$id]))
506
- {
507
- $mlw_user_answer = $_POST["question".$id];
508
- }
509
- else
510
- {
511
  $mlw_user_answer = " ";
512
  }
513
- $return_array['user_text'] = strval(stripslashes(htmlspecialchars_decode($mlw_user_answer, ENT_QUOTES)));
514
  foreach($answers as $answer)
515
  {
516
  $return_array['correct_text'] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
@@ -613,15 +598,12 @@ function qmn_number_review($id, $question, $answers)
613
  'user_text' => '',
614
  'correct_text' => ''
615
  );
616
- if (isset($_POST["question".$id]))
617
- {
618
- $mlw_user_answer = $_POST["question".$id];
619
- }
620
- else
621
- {
622
  $mlw_user_answer = " ";
623
  }
624
- $return_array['user_text'] = strval(stripslashes(htmlspecialchars_decode($mlw_user_answer, ENT_QUOTES)));
625
  foreach($answers as $answer)
626
  {
627
  $return_array['correct_text'] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
@@ -892,15 +874,12 @@ function qmn_fill_blank_review($id, $question, $answers)
892
  {
893
  $return_array['question_text'] = str_replace( "%BLANK%", "__________", do_shortcode(htmlspecialchars_decode($question, ENT_QUOTES)));
894
  }
895
- if (isset($_POST["question".$id]))
896
- {
897
- $mlw_user_answer = $_POST["question".$id];
898
- }
899
- else
900
- {
901
  $mlw_user_answer = " ";
902
  }
903
- $return_array['user_text'] = strval(stripslashes(htmlspecialchars_decode($mlw_user_answer, ENT_QUOTES)));
904
  foreach($answers as $answer)
905
  {
906
  $return_array['correct_text'] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
67
  'user_text' => '',
68
  'correct_text' => ''
69
  );
70
+ if ( isset( $_POST["question".$id] ) ) {
71
+ $mlw_user_answer = htmlspecialchars( stripslashes( $_POST["question".$id] ), ENT_QUOTES );
72
+ } else {
 
 
 
73
  $mlw_user_answer = " ";
74
  }
75
  foreach($answers as $answer)
76
  {
77
+ if ( $mlw_user_answer == esc_attr( $answer[0] ) )
78
  {
79
  $return_array["points"] = $answer[1];
80
  $return_array["user_text"] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
157
  'user_text' => '',
158
  'correct_text' => ''
159
  );
160
+ if ( isset( $_POST["question".$id] ) ) {
161
+ $mlw_user_answer = htmlspecialchars( stripslashes( $_POST["question".$id] ), ENT_QUOTES );
162
+ } else {
 
 
 
163
  $mlw_user_answer = " ";
164
  }
165
  foreach($answers as $answer)
166
  {
167
+ if ( $mlw_user_answer == esc_attr( $answer[0] ) )
168
  {
169
  $return_array["points"] = $answer[1];
170
  $return_array["user_text"] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
244
  'user_text' => '',
245
  'correct_text' => ''
246
  );
247
+ if (isset($_POST["question".$id])) {
248
+ $mlw_user_answer = htmlspecialchars( stripslashes( $_POST["question".$id] ), ENT_QUOTES );
249
+ } else {
 
 
 
250
  $mlw_user_answer = " ";
251
  }
252
  foreach($answers as $answer)
253
  {
254
+ if ( $mlw_user_answer == esc_attr( $answer[0] ) )
255
  {
256
  $return_array["points"] = $answer[1];
257
  $return_array["user_text"] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
320
  'user_text' => '',
321
  'correct_text' => ''
322
  );
323
+ if ( isset( $_POST["question".$id] ) ) {
324
+ $mlw_user_answer = strval( stripslashes( htmlspecialchars_decode( $_POST["question".$id], ENT_QUOTES ) ) );
325
+ } else {
 
 
 
326
  $mlw_user_answer = " ";
327
  }
328
+ $return_array['user_text'] = $mlw_user_answer;
329
  foreach($answers as $answer)
330
  {
331
  $return_array['correct_text'] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
342
  add_action("plugins_loaded", 'qmn_question_type_multiple_response');
343
 
344
  /**
345
+ * This function registers the multiple response question type
346
  *
347
  * @return void
348
  * @since 4.4.0
490
  'user_text' => '',
491
  'correct_text' => ''
492
  );
493
+ if ( isset( $_POST["question".$id] ) ) {
494
+ $mlw_user_answer = strval( stripslashes( htmlspecialchars_decode( $_POST["question".$id], ENT_QUOTES ) ) );
495
+ } else {
 
 
 
496
  $mlw_user_answer = " ";
497
  }
498
+ $return_array['user_text'] = $mlw_user_answer;
499
  foreach($answers as $answer)
500
  {
501
  $return_array['correct_text'] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
598
  'user_text' => '',
599
  'correct_text' => ''
600
  );
601
+ if ( isset( $_POST["question".$id] ) ) {
602
+ $mlw_user_answer = strval( stripslashes( htmlspecialchars_decode( $_POST["question".$id], ENT_QUOTES ) ) );
603
+ } else {
 
 
 
604
  $mlw_user_answer = " ";
605
  }
606
+ $return_array['user_text'] = $mlw_user_answer;
607
  foreach($answers as $answer)
608
  {
609
  $return_array['correct_text'] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
874
  {
875
  $return_array['question_text'] = str_replace( "%BLANK%", "__________", do_shortcode(htmlspecialchars_decode($question, ENT_QUOTES)));
876
  }
877
+ if ( isset( $_POST["question".$id] ) ) {
878
+ $mlw_user_answer = strval( stripslashes( htmlspecialchars_decode( $_POST["question".$id], ENT_QUOTES ) ) );
879
+ } else {
 
 
 
880
  $mlw_user_answer = " ";
881
  }
882
+ $return_array['user_text'] = $mlw_user_answer;
883
  foreach($answers as $answer)
884
  {
885
  $return_array['correct_text'] = strval(htmlspecialchars_decode($answer[0], ENT_QUOTES));
php/qmn_quiz.php CHANGED
@@ -430,7 +430,7 @@ class QMNQuizManager
430
  else
431
  {
432
  $section_display .= "<script> var firstPage = false; </script>";
433
-
434
  }
435
  return $section_display;
436
  }
@@ -593,11 +593,11 @@ class QMNQuizManager
593
  echo "<link type='text/css' href='".get_option('mlw_qmn_theme_'.$qmn_quiz_options->theme_selected)."' rel='stylesheet' />";
594
  }
595
 
596
- $mlw_user_name = isset($_POST["mlwUserName"]) ? $_POST["mlwUserName"] : 'None';
597
- $mlw_user_comp = isset($_POST["mlwUserComp"]) ? $_POST["mlwUserComp"] : 'None';
598
- $mlw_user_email = isset($_POST["mlwUserEmail"]) ? $_POST["mlwUserEmail"] : 'None';
599
- $mlw_user_phone = isset($_POST["mlwUserPhone"]) ? $_POST["mlwUserPhone"] : 'None';
600
- $mlw_qmn_timer = isset($_POST["timer"]) ? $_POST["timer"] : 0;
601
  $qmn_array_for_variables['user_name'] = $mlw_user_name;
602
  $qmn_array_for_variables['user_business'] = $mlw_user_comp;
603
  $qmn_array_for_variables['user_email'] = $mlw_user_email;
@@ -740,12 +740,9 @@ class QMNQuizManager
740
  $mlw_user_text = $results_array["user_text"];
741
  $mlw_correct_text = $results_array["correct_text"];
742
 
743
- if (isset($_POST["mlwComment".$mlw_question->question_id]))
744
- {
745
- $mlw_qm_question_comment = $_POST["mlwComment".$mlw_question->question_id];
746
- }
747
- else
748
- {
749
  $mlw_qm_question_comment = "";
750
  }
751
  $question_text = $mlw_question->question_name;
@@ -753,7 +750,7 @@ class QMNQuizManager
753
  {
754
  $question_text = $results_array["question_text"];
755
  }
756
- $mlw_qmn_answer_array[] = apply_filters('qmn_answer_array', array($question_text, htmlspecialchars($mlw_user_text, ENT_QUOTES), htmlspecialchars($mlw_correct_text, ENT_QUOTES), htmlspecialchars(stripslashes($mlw_qm_question_comment), ENT_QUOTES), "correct" => $qmn_correct, "id" => $mlw_question->question_id, "points" => $qmn_answer_points, "category" => $mlw_question->category), $qmn_quiz_options, $qmn_array_for_variables);
757
  }
758
  break;
759
  }
@@ -795,11 +792,10 @@ class QMNQuizManager
795
  public function check_comment_section($qmn_quiz_options, $qmn_array_for_variables)
796
  {
797
  $qmn_quiz_comments = "";
798
- if (isset($_POST["mlwQuizComments"]))
799
- {
800
- $qmn_quiz_comments = $_POST["mlwQuizComments"];
801
  }
802
- return apply_filters('qmn_returned_comments', $qmn_quiz_comments, $qmn_quiz_options, $qmn_array_for_variables);
803
  }
804
 
805
  /**
430
  else
431
  {
432
  $section_display .= "<script> var firstPage = false; </script>";
433
+
434
  }
435
  return $section_display;
436
  }
593
  echo "<link type='text/css' href='".get_option('mlw_qmn_theme_'.$qmn_quiz_options->theme_selected)."' rel='stylesheet' />";
594
  }
595
 
596
+ $mlw_user_name = isset($_POST["mlwUserName"]) ? sanitize_text_field( $_POST["mlwUserName"] ) : 'None';
597
+ $mlw_user_comp = isset($_POST["mlwUserComp"]) ? sanitize_text_field( $_POST["mlwUserComp"] ) : 'None';
598
+ $mlw_user_email = isset($_POST["mlwUserEmail"]) ? sanitize_text_field( $_POST["mlwUserEmail"] ) : 'None';
599
+ $mlw_user_phone = isset($_POST["mlwUserPhone"]) ? sanitize_text_field( $_POST["mlwUserPhone"] ) : 'None';
600
+ $mlw_qmn_timer = isset($_POST["timer"]) ? intval( $_POST["timer"] ) : 0;
601
  $qmn_array_for_variables['user_name'] = $mlw_user_name;
602
  $qmn_array_for_variables['user_business'] = $mlw_user_comp;
603
  $qmn_array_for_variables['user_email'] = $mlw_user_email;
740
  $mlw_user_text = $results_array["user_text"];
741
  $mlw_correct_text = $results_array["correct_text"];
742
 
743
+ if ( isset( $_POST["mlwComment".$mlw_question->question_id] ) ) {
744
+ $mlw_qm_question_comment = htmlspecialchars( stripslashes( $_POST["mlwComment".$mlw_question->question_id] ), ENT_QUOTES );
745
+ } else {
 
 
 
746
  $mlw_qm_question_comment = "";
747
  }
748
  $question_text = $mlw_question->question_name;
750
  {
751
  $question_text = $results_array["question_text"];
752
  }
753
+ $mlw_qmn_answer_array[] = apply_filters('qmn_answer_array', array($question_text, htmlspecialchars($mlw_user_text, ENT_QUOTES), htmlspecialchars($mlw_correct_text, ENT_QUOTES), $mlw_qm_question_comment, "correct" => $qmn_correct, "id" => $mlw_question->question_id, "points" => $qmn_answer_points, "category" => $mlw_question->category), $qmn_quiz_options, $qmn_array_for_variables);
754
  }
755
  break;
756
  }
792
  public function check_comment_section($qmn_quiz_options, $qmn_array_for_variables)
793
  {
794
  $qmn_quiz_comments = "";
795
+ if ( isset( $_POST["mlwQuizComments"] ) ) {
796
+ $qmn_quiz_comments = esc_textarea( stripslashes( $_POST["mlwQuizComments"] ) );
 
797
  }
798
+ return apply_filters( 'qmn_returned_comments', $qmn_quiz_comments, $qmn_quiz_options, $qmn_array_for_variables );
799
  }
800
 
801
  /**
php/qmn_quiz_admin.php CHANGED
@@ -20,7 +20,7 @@ function mlw_generate_quiz_admin()
20
  //Create new quiz
21
  if ( isset( $_POST["create_quiz"] ) && $_POST["create_quiz"] == "confirmation" )
22
  {
23
- $quiz_name = htmlspecialchars($_POST["quiz_name"], ENT_QUOTES);
24
  $mlwQuizMasterNext->quizCreator->create_quiz($quiz_name);
25
  }
26
 
@@ -28,7 +28,7 @@ function mlw_generate_quiz_admin()
28
  if (isset( $_POST["delete_quiz"] ) && $_POST["delete_quiz"] == "confirmation")
29
  {
30
  $mlw_quiz_id = intval($_POST["quiz_id"]);
31
- $quiz_name = $_POST["delete_quiz_name"];
32
  $mlwQuizMasterNext->quizCreator->delete_quiz($mlw_quiz_id, $quiz_name);
33
  }
34
 
20
  //Create new quiz
21
  if ( isset( $_POST["create_quiz"] ) && $_POST["create_quiz"] == "confirmation" )
22
  {
23
+ $quiz_name = htmlspecialchars(stripslashes( $_POST["quiz_name"] ), ENT_QUOTES);
24
  $mlwQuizMasterNext->quizCreator->create_quiz($quiz_name);
25
  }
26
 
28
  if (isset( $_POST["delete_quiz"] ) && $_POST["delete_quiz"] == "confirmation")
29
  {
30
  $mlw_quiz_id = intval($_POST["quiz_id"]);
31
+ $quiz_name = sanitize_text_field( $_POST["delete_quiz_name"] );
32
  $mlwQuizMasterNext->quizCreator->delete_quiz($mlw_quiz_id, $quiz_name);
33
  }
34
 
php/qmn_quiz_creator.php CHANGED
@@ -373,11 +373,19 @@ class QMNQuizCreator
373
  //Insert Action Into Audit Trail
374
  global $current_user;
375
  get_currentuserinfo();
376
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
377
- $insert = "INSERT INTO " . $table_name .
378
- "(trail_id, action_user, action, time) " .
379
- "VALUES (NULL , '" . $current_user->display_name . "' , 'New Quiz Has Been Created: ".$quiz_name."' , '" . date("h:i:s A m/d/Y") . "')";
380
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
381
  do_action('qmn_quiz_created', $new_quiz);
382
  }
383
  else
@@ -440,11 +448,19 @@ class QMNQuizCreator
440
  //Insert Action Into Audit Trail
441
  global $current_user;
442
  get_currentuserinfo();
443
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
444
- $insert = "INSERT INTO " . $table_name .
445
- "(trail_id, action_user, action, time) " .
446
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Quiz Has Been Deleted: ".$quiz_name."' , '" . date("h:i:s A m/d/Y") . "')";
447
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
448
  }
449
  else
450
  {
@@ -482,11 +498,19 @@ class QMNQuizCreator
482
  //Insert Action Into Audit Trail
483
  global $current_user;
484
  get_currentuserinfo();
485
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
486
- $insert = "INSERT INTO " . $table_name .
487
- "(trail_id, action_user, action, time) " .
488
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Quiz Name Has Been Edited: ".$quiz_name."' , '" . date("h:i:s A m/d/Y") . "')";
489
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
490
  }
491
  else
492
  {
@@ -639,11 +663,19 @@ class QMNQuizCreator
639
  //Insert Action Into Audit Trail
640
  global $current_user;
641
  get_currentuserinfo();
642
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
643
- $insert = "INSERT INTO " . $table_name .
644
- "(trail_id, action_user, action, time) " .
645
- "VALUES (NULL , '" . $current_user->display_name . "' , 'New Quiz Has Been Created: ".$quiz_name."' , '" . date("h:i:s A m/d/Y") . "')";
646
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
647
  do_action('qmn_quiz_duplicated', $quiz_id, $mlw_new_id);
648
  }
649
  else
@@ -653,7 +685,7 @@ class QMNQuizCreator
653
  if ($is_duplicating_questions)
654
  {
655
  $table_name = $wpdb->prefix."mlw_questions";
656
- $mlw_current_questions = $wpdb->get_results("SELECT * FROM $table_name WHERE deleted=0 AND quiz_id=".$quiz_id);
657
  foreach ($mlw_current_questions as $mlw_question)
658
  {
659
  $question_results = $wpdb->insert(
373
  //Insert Action Into Audit Trail
374
  global $current_user;
375
  get_currentuserinfo();
376
+ $wpdb->insert(
377
+ $wpdb->prefix . "mlw_qm_audit_trail",
378
+ array(
379
+ 'action_user' => $current_user->display_name,
380
+ 'action' => "New Quiz Has Been Created: $quiz_name",
381
+ 'time' => date("h:i:s A m/d/Y")
382
+ ),
383
+ array(
384
+ '%s',
385
+ '%s',
386
+ '%s'
387
+ )
388
+ );
389
  do_action('qmn_quiz_created', $new_quiz);
390
  }
391
  else
448
  //Insert Action Into Audit Trail
449
  global $current_user;
450
  get_currentuserinfo();
451
+ $wpdb->insert(
452
+ $wpdb->prefix . "mlw_qm_audit_trail",
453
+ array(
454
+ 'action_user' => $current_user->display_name,
455
+ 'action' => "Quiz Has Been Deleted: $quiz_name",
456
+ 'time' => date("h:i:s A m/d/Y")
457
+ ),
458
+ array(
459
+ '%s',
460
+ '%s',
461
+ '%s'
462
+ )
463
+ );
464
  }
465
  else
466
  {
498
  //Insert Action Into Audit Trail
499
  global $current_user;
500
  get_currentuserinfo();
501
+ $wpdb->insert(
502
+ $wpdb->prefix . "mlw_qm_audit_trail",
503
+ array(
504
+ 'action_user' => $current_user->display_name,
505
+ 'action' => "Quiz Name Has Been Edited: $quiz_name",
506
+ 'time' => date("h:i:s A m/d/Y")
507
+ ),
508
+ array(
509
+ '%s',
510
+ '%s',
511
+ '%s'
512
+ )
513
+ );
514
  }
515
  else
516
  {
663
  //Insert Action Into Audit Trail
664
  global $current_user;
665
  get_currentuserinfo();
666
+ $wpdb->insert(
667
+ $wpdb->prefix . "mlw_qm_audit_trail",
668
+ array(
669
+ 'action_user' => $current_user->display_name,
670
+ 'action' => "New Quiz Has Been Created: $quiz_name",
671
+ 'time' => date("h:i:s A m/d/Y")
672
+ ),
673
+ array(
674
+ '%s',
675
+ '%s',
676
+ '%s'
677
+ )
678
+ );
679
  do_action('qmn_quiz_duplicated', $quiz_id, $mlw_new_id);
680
  }
681
  else
685
  if ($is_duplicating_questions)
686
  {
687
  $table_name = $wpdb->prefix."mlw_questions";
688
+ $mlw_current_questions = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $table_name WHERE deleted=0 AND quiz_id=%d", $quiz_id ) );
689
  foreach ($mlw_current_questions as $mlw_question)
690
  {
691
  $question_results = $wpdb->insert(
php/qmn_results.php CHANGED
@@ -2,7 +2,7 @@
2
  if ( ! defined( 'ABSPATH' ) ) exit;
3
 
4
  /**
5
- * This function generates the admin side quiz results page
6
  *
7
  * @return void
8
  * @since 4.4.0
@@ -17,26 +17,41 @@ function mlw_generate_quiz_results()
17
  global $mlwQuizMasterNext;
18
 
19
  ///Delete Results Function
20
- if (isset($_POST["delete_results"]) && $_POST["delete_results"] == "confirmation")
21
- {
22
  ///Variables from delete result form
23
- $mlw_delete_results_confirmation = $_POST["delete_results"];
24
- $mlw_delete_results_id = $_POST["result_id"];
25
- $mlw_delete_results_name = $_POST["delete_quiz_name"];
26
- $mlw_delete_results_update_sql = "UPDATE " . $wpdb->prefix . "mlw_results" . " SET deleted=1 WHERE result_id=".$mlw_delete_results_id;
27
- $mlw_delete_results_results = $wpdb->query( $mlw_delete_results_update_sql );
28
- if ($mlw_delete_results_results != false)
 
 
 
 
 
 
 
 
29
  {
30
  $mlwQuizMasterNext->alertManager->newAlert(__('Your results has been deleted successfully.','quiz-master-next'), 'success');
31
 
32
  //Insert Action Into Audit Trail
33
  global $current_user;
34
  get_currentuserinfo();
35
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
36
- $insert = "INSERT INTO " . $table_name .
37
- "(trail_id, action_user, action, time) " .
38
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Results Has Been Deleted From: ".$mlw_delete_results_name."' , '" . date("h:i:s A m/d/Y") . "')";
39
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
40
  }
41
  else
42
  {
@@ -44,19 +59,20 @@ function mlw_generate_quiz_results()
44
  }
45
  }
46
 
47
- if (isset($_POST["bulk_delete"]) && $_POST["bulk_delete"] == "confirmation")
48
- {
49
- $results = $_POST["delete_results"];
50
- if (is_array($results))
51
- {
52
- foreach($results as $result)
53
- {
 
54
  $wpdb->update(
55
  $wpdb->prefix."mlw_results",
56
  array(
57
  'deleted' => 1,
58
  ),
59
- array( 'result_id' => $result ),
60
  array(
61
  '%d'
62
  ),
@@ -66,16 +82,24 @@ function mlw_generate_quiz_results()
66
  //Insert Action Into Audit Trail
67
  global $current_user;
68
  get_currentuserinfo();
69
- $table_name = $wpdb->prefix . "mlw_qm_audit_trail";
70
- $insert = "INSERT INTO " . $table_name .
71
- "(trail_id, action_user, action, time) " .
72
- "VALUES (NULL , '" . $current_user->display_name . "' , 'Results Has Been Bulk Deleted' , '" . date("h:i:s A m/d/Y") . "')";
73
- $results = $wpdb->query( $insert );
 
 
 
 
 
 
 
 
74
  }
75
  }
76
 
77
  global $wpdb;
78
- $mlw_qmn_table_limit = 30;
79
  $mlw_qmn_results_count = $wpdb->get_var( "SELECT COUNT(result_id) FROM " . $wpdb->prefix . "mlw_results WHERE deleted='0'" );
80
 
81
  if( isset($_GET['mlw_result_page'] ) )
@@ -207,6 +231,7 @@ function mlw_generate_quiz_results()
207
  </div>
208
  </div>
209
  <form action="" method="post" name="bulk_delete_form">
 
210
  <input type="hidden" name="bulk_delete" value="confirmation" />
211
  <table class=widefat>
212
  <thead>
2
  if ( ! defined( 'ABSPATH' ) ) exit;
3
 
4
  /**
5
+ * This function generates the admin side quiz results page
6
  *
7
  * @return void
8
  * @since 4.4.0
17
  global $mlwQuizMasterNext;
18
 
19
  ///Delete Results Function
20
+ if ( isset( $_POST["delete_results"] ) && $_POST["delete_results"] == "confirmation" ) {
 
21
  ///Variables from delete result form
22
+ $mlw_delete_results_id = intval( $_POST["result_id"] );
23
+ $mlw_delete_results_name = sanitize_text_field( $_POST["delete_quiz_name"] );
24
+ $results = $wpdb->update(
25
+ $wpdb->prefix . "mlw_results",
26
+ array(
27
+ 'deleted' => 1
28
+ ),
29
+ array( 'result_id' => $mlw_delete_results_id ),
30
+ array(
31
+ '%d'
32
+ ),
33
+ array( '%d' )
34
+ );
35
+ if ( $results )
36
  {
37
  $mlwQuizMasterNext->alertManager->newAlert(__('Your results has been deleted successfully.','quiz-master-next'), 'success');
38
 
39
  //Insert Action Into Audit Trail
40
  global $current_user;
41
  get_currentuserinfo();
42
+ $wpdb->insert(
43
+ $wpdb->prefix . "mlw_qm_audit_trail",
44
+ array(
45
+ 'action_user' => $current_user->display_name,
46
+ 'action' => "Results Has Been Deleted From: $mlw_delete_results_name",
47
+ 'time' => date("h:i:s A m/d/Y")
48
+ ),
49
+ array(
50
+ '%s',
51
+ '%s',
52
+ '%s'
53
+ )
54
+ );
55
  }
56
  else
57
  {
59
  }
60
  }
61
 
62
+ //Check if bulk delete has been selected. If so, verify nonce.
63
+ if ( isset( $_POST["bulk_delete"] ) && wp_verify_nonce( $_POST['bulk_delete_nonce'], 'bulk_delete') ) {
64
+ //Ensure the POST variable is an array
65
+ if ( is_array( $_POST["delete_results"] ) ) {
66
+ //Cycle through the POST array which should be an array of the result ids of the results the user wishes to delete
67
+ foreach($_POST["delete_results"] as $result) {
68
+ //Santize by ensuring the value is an int
69
+ $result_id = intval( $result );
70
  $wpdb->update(
71
  $wpdb->prefix."mlw_results",
72
  array(
73
  'deleted' => 1,
74
  ),
75
+ array( 'result_id' => $result_id ),
76
  array(
77
  '%d'
78
  ),
82
  //Insert Action Into Audit Trail
83
  global $current_user;
84
  get_currentuserinfo();
85
+ $wpdb->insert(
86
+ $wpdb->prefix . "mlw_qm_audit_trail",
87
+ array(
88
+ 'action_user' => $current_user->display_name,
89
+ 'action' => "Results Have Been Bulk Deleted",
90
+ 'time' => date("h:i:s A m/d/Y")
91
+ ),
92
+ array(
93
+ '%s',
94
+ '%s',
95
+ '%s'
96
+ )
97
+ );
98
  }
99
  }
100
 
101
  global $wpdb;
102
+ $mlw_qmn_table_limit = 40;
103
  $mlw_qmn_results_count = $wpdb->get_var( "SELECT COUNT(result_id) FROM " . $wpdb->prefix . "mlw_results WHERE deleted='0'" );
104
 
105
  if( isset($_GET['mlw_result_page'] ) )
231
  </div>
232
  </div>
233
  <form action="" method="post" name="bulk_delete_form">
234
+ <?php wp_nonce_field('bulk_delete','bulk_delete_nonce'); ?>
235
  <input type="hidden" name="bulk_delete" value="confirmation" />
236
  <table class=widefat>
237
  <thead>
php/qmn_results_details.php CHANGED
@@ -59,7 +59,7 @@ function qmn_generate_results_details_tab()
59
  echo "<br><br>";
60
  $mlw_result_id = intval($_GET["result_id"]);
61
  global $wpdb;
62
- $mlw_results_data = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "mlw_results WHERE result_id=".intval($mlw_result_id));
63
 
64
  $previous_results = $wpdb->get_var("SELECT result_id FROM " . $wpdb->prefix . "mlw_results WHERE result_id = (SELECT MAX(result_id) FROM " . $wpdb->prefix . "mlw_results WHERE deleted=0 AND result_id < ".$mlw_result_id.")");
65
  $next_results = $wpdb->get_var("SELECT result_id FROM " . $wpdb->prefix . "mlw_results WHERE result_id = (SELECT MIN(result_id) FROM " . $wpdb->prefix . "mlw_results WHERE deleted=0 AND result_id > ".$mlw_result_id.")");
59
  echo "<br><br>";
60
  $mlw_result_id = intval($_GET["result_id"]);
61
  global $wpdb;
62
+ $mlw_results_data = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "mlw_results WHERE result_id=%d", $mlw_result_id ) );
63
 
64
  $previous_results = $wpdb->get_var("SELECT result_id FROM " . $wpdb->prefix . "mlw_results WHERE result_id = (SELECT MAX(result_id) FROM " . $wpdb->prefix . "mlw_results WHERE deleted=0 AND result_id < ".$mlw_result_id.")");
65
  $next_results = $wpdb->get_var("SELECT result_id FROM " . $wpdb->prefix . "mlw_results WHERE result_id = (SELECT MIN(result_id) FROM " . $wpdb->prefix . "mlw_results WHERE deleted=0 AND result_id > ".$mlw_result_id.")");
php/qmn_widgets.php CHANGED
@@ -58,18 +58,17 @@ class Mlw_Qmn_Leaderboard_Widget extends WP_Widget {
58
  if ( $title ) {
59
  echo $before_title . $title . $after_title;
60
  }
61
- $mlw_quiz_id = $quiz_id;
62
  $mlw_quiz_leaderboard_display = "";
63
 
64
 
65
  global $wpdb;
66
- $sql = "SELECT * FROM " . $wpdb->prefix . "mlw_quizzes" . " WHERE quiz_id=".$mlw_quiz_id." AND deleted='0'";
67
- $mlw_quiz_options = $wpdb->get_results($sql);
68
  foreach($mlw_quiz_options as $mlw_eaches) {
69
  $mlw_quiz_options = $mlw_eaches;
70
  break;
71
  }
72
- $sql = "SELECT * FROM " . $wpdb->prefix . "mlw_results WHERE quiz_id=".$mlw_quiz_id." AND deleted='0'";
73
  if ($mlw_quiz_options->system == 0)
74
  {
75
  $sql .= " ORDER BY correct_score DESC";
@@ -79,7 +78,7 @@ class Mlw_Qmn_Leaderboard_Widget extends WP_Widget {
79
  $sql .= " ORDER BY point_score DESC";
80
  }
81
  $sql .= " LIMIT 10";
82
- $mlw_result_data = $wpdb->get_results($sql);
83
 
84
  $mlw_quiz_leaderboard_display = $mlw_quiz_options->leaderboard_template;
85
  $mlw_quiz_leaderboard_display = str_replace( "%QUIZ_NAME%" , $mlw_quiz_options->quiz_name, $mlw_quiz_leaderboard_display);
58
  if ( $title ) {
59
  echo $before_title . $title . $after_title;
60
  }
61
+ $mlw_quiz_id = intval( $quiz_id );
62
  $mlw_quiz_leaderboard_display = "";
63
 
64
 
65
  global $wpdb;
66
+ $mlw_quiz_options = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "mlw_quizzes WHERE quiz_id=%d AND deleted='0'", $mlw_quiz_id ) );
 
67
  foreach($mlw_quiz_options as $mlw_eaches) {
68
  $mlw_quiz_options = $mlw_eaches;
69
  break;
70
  }
71
+ $sql = "SELECT * FROM " . $wpdb->prefix . "mlw_results WHERE quiz_id=%d AND deleted='0'";
72
  if ($mlw_quiz_options->system == 0)
73
  {
74
  $sql .= " ORDER BY correct_score DESC";
78
  $sql .= " ORDER BY point_score DESC";
79
  }
80
  $sql .= " LIMIT 10";
81
+ $mlw_result_data = $wpdb->get_results($sql, $mlw_quiz_id);
82
 
83
  $mlw_quiz_leaderboard_display = $mlw_quiz_options->leaderboard_template;
84
  $mlw_quiz_leaderboard_display = str_replace( "%QUIZ_NAME%" , $mlw_quiz_options->quiz_name, $mlw_quiz_leaderboard_display);
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://mylocalwebstop.com/downloads/donation-service-payment/
4
  Tags: quiz, test, score, exam, survey, contact, form, email, answer, question, certificate, points, results, math
5
  Requires at least: 3.8.1
6
  Tested up to: 4.2
7
- Stable tag: 4.4.3
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -122,6 +122,10 @@ Feel free to use the widget on the help page within the plugin or from our [cont
122
 
123
  == Changelog ==
124
 
 
 
 
 
125
  = 4.4.3 (July 17, 2015) =
126
  * Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs
127
 
@@ -454,7 +458,6 @@ Feel free to use the widget on the help page within the plugin or from our [cont
454
  * Fixed Dashboard Rounding Bug
455
  * Fixed Notice Unknown Company Field Bug
456
 
457
-
458
  = 1.7.1 (March 6, 2014) =
459
  * Added Several New Widgets To Quiz Dashboard
460
  * Added A Timer Mechanism To Track How Long User Takes On Quiz
@@ -693,6 +696,9 @@ Feel free to use the widget on the help page within the plugin or from our [cont
693
 
694
  == Upgrade Notice ==
695
 
 
 
 
696
  = 4.4.3 =
697
  Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs. Please update immediately.
698
 
4
  Tags: quiz, test, score, exam, survey, contact, form, email, answer, question, certificate, points, results, math
5
  Requires at least: 3.8.1
6
  Tested up to: 4.2
7
+ Stable tag: 4.4.4
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
122
 
123
  == Changelog ==
124
 
125
+ = 4.4.4 (July 19, 2015) =
126
+ * Security Fix: Fixed possible sql injection from authenticated users on certificate, email, and leaderboard tabs
127
+ * Security Fix: Fixed data validation bug on help page, leaderboard shortcode, and quiz shortcode
128
+
129
  = 4.4.3 (July 17, 2015) =
130
  * Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs
131
 
458
  * Fixed Dashboard Rounding Bug
459
  * Fixed Notice Unknown Company Field Bug
460
 
 
461
  = 1.7.1 (March 6, 2014) =
462
  * Added Several New Widgets To Quiz Dashboard
463
  * Added A Timer Mechanism To Track How Long User Takes On Quiz
696
 
697
  == Upgrade Notice ==
698
 
699
+ = 4.4.4 =
700
+ Security Fix: Fixed possible sql injection from authenticated users on certificate, email, and leaderboard tabs. Also fixed data validation bug on help page, leaderboard shortcode, and quiz shortcode. Please update immediately.
701
+
702
  = 4.4.3 =
703
  Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs. Please update immediately.
704