Quiz And Survey Master (Formerly Quiz Master Next)

Version Description

(December 13, 2016) = * Closed Security: CSRF vulnerability on Questions tab

Release Info

Developer	fpcorso
Plugin	Quiz And Survey Master (Formerly Quiz Master Next)
Version	4.7.9
Comparing to
See all releases

Code changes from version 4.7.8 to 4.7.9

Files changed (5) hide show

CHANGELOG.md +8 -1
mlw_quizmaster2.php +5 -5
php/about-page.php +4 -4
php/options-page-questions-tab.php +63 -68
readme.txt +9 -13

CHANGELOG.md CHANGED Viewed

	@@ -1,3 +1,10 @@







1	= 4.7.4 (June 3, 2016) =
2	* Closed Bug: Results page will not load on some sites - Issue #445
3
	@@ -33,7 +40,7 @@
33	* Closed User Request: Randomize Answers But Not Questions - Issue #330
34	* Closed User Request: Add Date Taken Variable - Issue #310
35	* Closed User Request: Copy Questions Between Quizzes - Issue #166
36	-
37	= 4.6.7 (January 22, 2016) =
38	* Fixes bug causing multiple response to be on a single line for some users
39	* Fixes bug causing the incorrect/correct CSS class from being not added on results page correctly


1	+ = 4.7.6 (July 11, 2016) =
2	+ * Closed: Add language and error logs to usage tracking - Issue #457
3	+
4	+ = 4.7.5 (June 15, 2016) =
5	+ * Closed Enhancement: Change Text Block To Text/HTML - Issue #451
6	+ * Closed Enhancement: Create alert warning about removal of certificate - Issue #382
7	+
8	= 4.7.4 (June 3, 2016) =
9	* Closed Bug: Results page will not load on some sites - Issue #445
10

40	* Closed User Request: Randomize Answers But Not Questions - Issue #330
41	* Closed User Request: Add Date Taken Variable - Issue #310
42	* Closed User Request: Copy Questions Between Quizzes - Issue #166
43	+
44	= 4.6.7 (January 22, 2016) =
45	* Fixes bug causing multiple response to be on a single line for some users
46	* Fixes bug causing the incorrect/correct CSS class from being not added on results page correctly

mlw_quizmaster2.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/**
3	* Plugin Name: Quiz And Survey Master
4	* Description: Easily and quickly add quizzes and surveys to your website.
5	- * Version: 4.7.8
6	* Author: Frank Corso
7	* Author URI: http://www.quizandsurveymaster.com/
8	* Plugin URI: http://www.quizandsurveymaster.com/
	@@ -10,7 +10,7 @@
10	* Domain Path: /languages
11	*
12	* @author Frank Corso
13	- * @version 4.7.8
14	*/
15	if ( ! defined( 'ABSPATH' ) ) exit;
16
	@@ -22,15 +22,15 @@ define( 'QSM_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
22	*
23	* @since 3.6.1
24	*/
25	- class MLWQuizMasterNext
26	- {
27	/**
28	* QMN Version Number
29	*
30	* @var string
31	* @since 4.0.0
32	*/
33	- public $version = '4.7.8';
34
35	/**
36	* QMN Alert Manager Object


2	/**
3	* Plugin Name: Quiz And Survey Master
4	* Description: Easily and quickly add quizzes and surveys to your website.
5	+ * Version: 4.7.9
6	* Author: Frank Corso
7	* Author URI: http://www.quizandsurveymaster.com/
8	* Plugin URI: http://www.quizandsurveymaster.com/

10	* Domain Path: /languages
11	*
12	* @author Frank Corso
13	+ * @version 4.7.9
14	*/
15	if ( ! defined( 'ABSPATH' ) ) exit;
16

22	*
23	* @since 3.6.1
24	*/
25	+ class MLWQuizMasterNext {
26	+
27	/**
28	* QMN Version Number
29	*
30	* @var string
31	* @since 4.0.0
32	*/
33	+ public $version = '4.7.9';
34
35	/**
36	* QMN Alert Manager Object

php/about-page.php CHANGED Viewed

	@@ -1,14 +1,14 @@
1	<?php
2	if ( ! defined( 'ABSPATH' ) ) exit;

3	/**
4	* This function shows the about page. It also shows the changelog information.
5	*
6	* @return void
7	* @since 4.4.0
8	*/
9	-
10	- ~~function mlw_generate_about_page()~~
11	- {
12	global $mlwQuizMasterNext;
13	$mlw_quiz_version = $mlwQuizMasterNext->version;
14	wp_enqueue_script( 'jquery' );
	@@ -48,7 +48,7 @@ function mlw_generate_about_page()
48	</div>
49	<div id="mlw_quiz_changelog" class="qmn_tab" style="display: none;">
50	<h2>Changelog</h2>
51	- <?php QSM_Changelog_Generator::get_changelog_list( 'fpcorso/quiz_master_next', 29 ); ?>
52	</div>
53	<div id="qmn_contributors" class="qmn_tab" style="display:none;">
54	<h2>GitHub Contributors</h2>


1	<?php
2	if ( ! defined( 'ABSPATH' ) ) exit;
3	+
4	/**
5	* This function shows the about page. It also shows the changelog information.
6	*
7	* @return void
8	* @since 4.4.0
9	*/
10	+ function mlw_generate_about_page() {
11	+

12	global $mlwQuizMasterNext;
13	$mlw_quiz_version = $mlwQuizMasterNext->version;
14	wp_enqueue_script( 'jquery' );

48	</div>
49	<div id="mlw_quiz_changelog" class="qmn_tab" style="display: none;">
50	<h2>Changelog</h2>
51	+ <?php QSM_Changelog_Generator::get_changelog_list( 'fpcorso/quiz_master_next', 30 ); ?>
52	</div>
53	<div id="qmn_contributors" class="qmn_tab" style="display:none;">
54	<h2>GitHub Contributors</h2>

php/options-page-questions-tab.php CHANGED Viewed

	@@ -7,12 +7,11 @@ if ( ! defined( 'ABSPATH' ) ) exit;
7	* @return void
8	* @since 4.4.0
9	*/
10	- function qmn_settings_questions_tab()
11	- {
12	global $mlwQuizMasterNext;
13	- $mlwQuizMasterNext->pluginHelper->register_quiz_settings_tabs(__("Questions", 'quiz-master-next'), 'mlw_options_questions_tab_content');
14	}
15	- add_action("plugins_loaded", 'qmn_settings_questions_tab', 5);
16
17
18	/**
	@@ -21,9 +20,9 @@ add_action("plugins_loaded", 'qmn_settings_questions_tab', 5);
21	* @return void
22	* @since 4.4.0
23	*/
24	- function mlw_options_questions_tab_content()
25	- {
26	?>

27	<script>
28	var answer_text = '<?php _e('Answer', 'quiz-master-next'); ?>';
29	</script>
	@@ -39,7 +38,7 @@ function mlw_options_questions_tab_content()
39	$quiz_id = $_GET["quiz_id"];
40
41	//Re-ordering questions
42	- if (isset($_POST['qmn_question_order_nonce']) && wp_verify_nonce( $_POST['qmn_question_order_nonce'], 'qmn_question_order')) {
43	$list_of_questions = explode( ',', $_POST["save_question_order_input"] );
44	$question_order = 0;
45	$success = true;
	@@ -67,11 +66,11 @@ function mlw_options_questions_tab_content()
67	}
68	}
69
70	- //Edit question
71	- if ( isset( $_POST[~~"question_submission"~~] ) && $_POST["question_submission"] == "edit_question" ) {
72
73	- //Variables from edit question form
74	- $edit_question_name = trim( preg_replace( '/\s+/',' ', nl2br( ~~htmlspecialchars~~( stripslashes( $_POST["question_name"] ), ENT_QUOTES ) ) ) );
75	$edit_question_answer_info = htmlspecialchars( stripslashes( $_POST["correct_answer_info"] ), ENT_QUOTES );
76	$mlw_edit_question_id = intval( $_POST["question_id"] );
77	$mlw_edit_question_type = sanitize_text_field( $_POST["question_type"] );
	@@ -94,7 +93,7 @@ function mlw_options_questions_tab_content()
94	}
95
96	// Retrieves question settings and sets required field
97	- $mlw_row_settings = $wpdb->get_row( $wpdb->prepare( "SELECT question_settings FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_questions" ~~. "~~ WHERE question_id=%d", $mlw_edit_question_id ) );
98	if ( is_serialized( $mlw_row_settings->question_settings ) && is_array( @unserialize( $mlw_row_settings->question_settings ) ) ) {
99	$mlw_settings = @unserialize( $mlw_row_settings->question_settings );
100	} else {
	@@ -162,7 +161,7 @@ function mlw_options_questions_tab_content()
162	),
163	array( '%d' )
164	);
165	- if ( false != $results ) {
166	$mlwQuizMasterNext->alertManager->newAlert(__('The question has been updated successfully.', 'quiz-master-next'), 'success');
167	$mlwQuizMasterNext->audit_manager->new_audit( "Question Has Been Edited: $edit_question_name" );
168	} else {
	@@ -170,10 +169,11 @@ function mlw_options_questions_tab_content()
170	$mlwQuizMasterNext->log_manager->add("Error 0004", $wpdb->last_error.' from '.$wpdb->last_query, 0, 'error');
171	}
172	}
173	- ~~//Delete question from quiz~~
174	- if ( ~~isset(~~ ~~$_POST["delete_question"]~~ ~~) && $_POST["delete_question"] == "confirmation")~~
175	- {
176	- ~~//Variables from delete question form~~

177	$mlw_question_id = intval( $_POST["delete_question_id"] );
178	$quiz_id = intval( $_POST["quiz_id"] );
179
	@@ -188,7 +188,7 @@ function mlw_options_questions_tab_content()
188	),
189	array( '%d' )
190	);
191	- if ( false != $results ) {
192	$mlwQuizMasterNext->alertManager->newAlert(__('The question has been deleted successfully.', 'quiz-master-next'), 'success');
193	$mlwQuizMasterNext->audit_manager->new_audit( "Question Has Been Deleted: $mlw_question_id" );
194	} else {
	@@ -197,13 +197,14 @@ function mlw_options_questions_tab_content()
197	}
198	}
199
200	- //Duplicate Questions
201	- if ( isset( $_POST[~~"duplicate_question"~~] ) && $_POST[~~"duplicate_question"~~] == ~~"confirmation"~~) {
202	- ~~//Variables from delete question form~~

203	$mlw_question_id = intval( $_POST["duplicate_question_id"] );
204	$quiz_id = intval( $_POST["quiz_id"] );
205
206	- $mlw_original = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM ~~".$~~wpdb->prefix."mlw_questions WHERE question_id=%d", $mlw_question_id ), ARRAY_A );
207
208	$results = $wpdb->insert(
209	$wpdb->prefix."mlw_questions",
	@@ -261,7 +262,7 @@ function mlw_options_questions_tab_content()
261	)
262	);
263
264	- if ( false != $results ) {
265	$mlwQuizMasterNext->alertManager->newAlert(__('The question has been duplicated successfully.', 'quiz-master-next'), 'success');
266	$mlwQuizMasterNext->audit_manager->new_audit( "Question Has Been Duplicated: $mlw_question_id" );
267	} else {
	@@ -270,11 +271,11 @@ function mlw_options_questions_tab_content()
270	}
271	}
272
273	- //Submit new question into database
274	- if ( isset( $_POST[~~"question_submission"~~] ) && $_POST["question_submission"] == "new_question") {
275
276	- //Variables from new question form
277	- $question_name = trim( preg_replace( '/\s+/',' ', nl2br( ~~htmlspecialchars~~( stripslashes( $_POST["question_name"] ), ENT_QUOTES ) ) ) );
278	$question_answer_info = htmlspecialchars( stripslashes( $_POST["correct_answer_info"] ), ENT_QUOTES );
279	$question_type = sanitize_text_field( $_POST["question_type"] );
280	$comments = htmlspecialchars( $_POST["comments"], ENT_QUOTES );
	@@ -359,7 +360,7 @@ function mlw_options_questions_tab_content()
359	);
360
361	// Checks if insert was successful or not
362	- if ( false != $results ) {
363	$mlwQuizMasterNext->alertManager->newAlert(__('The question has been created successfully.', 'quiz-master-next'), 'success');
364	$mlwQuizMasterNext->audit_manager->new_audit( "Question Has Been Added: $question_name" );
365	} else {
	@@ -416,26 +417,23 @@ function mlw_options_questions_tab_content()
416	}
417
418	//Load questions
419	- $questions = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_questions WHERE quiz_id=%d AND deleted='0'
420	- ORDER BY question_order ASC", $quiz_id ) );
421	$answers = array();
422	- foreach($questions as $mlw_question_info) {
423	- if (is_serialized($mlw_question_info->answer_array) && is_array(@unserialize($mlw_question_info->answer_array)))
424	- {
425	- $~~mlw_qmn_answer_array_each~~ = ~~@unserialize(~~$~~mlw_question_info->answer_array)~~;
426	- ~~$answers[$mlw_question_info->question_id]~~ = ~~$mlw_qmn_answer_array_each;~~
427	- }
428	- else
429	- {
430	$mlw_answer_array_correct = array(0, 0, 0, 0, 0, 0);
431	- $mlw_answer_array_correct[$mlw_question_info->correct_answer-1] = 1;
432	- $answers[$mlw_question_info->question_id] = array(
433	- array($mlw_question_info->answer_one, $mlw_question_info->answer_one_points, $mlw_answer_array_correct[0]),
434	- array($mlw_question_info->answer_two, $mlw_question_info->answer_two_points, $mlw_answer_array_correct[1]),
435	- array($mlw_question_info->answer_three, $mlw_question_info->answer_three_points, $mlw_answer_array_correct[2]),
436	- array($mlw_question_info->answer_four, $mlw_question_info->answer_four_points, $mlw_answer_array_correct[3]),
437	- array($mlw_question_info->answer_five, $mlw_question_info->answer_five_points, $mlw_answer_array_correct[4]),
438	- array($mlw_question_info->answer_six, $mlw_question_info->answer_six_points, $mlw_answer_array_correct[5]));

439	}
440	}
441
	@@ -446,42 +444,37 @@ function mlw_options_questions_tab_content()
446	//Load question type edit fields and convert to JavaScript
447	$qmn_question_type_fields = $mlwQuizMasterNext->pluginHelper->get_question_type_edit_fields();
448	echo "<script>
449	- var qmn_question_type_fields = ".json_encode($qmn_question_type_fields).";
450	</script>";
451
452	echo "<script>
453	var questions_list = [";
454	- foreach($questions as $question) {
455
456	- //Load Required
457	- if (is_serialized($question->question_settings) && is_array(@unserialize($question->question_settings)))
458	- {
459	- ~~$mlw_question_settings~~ = ~~@unserialize($question->question_settings);~~
460	- }
461	- else
462	- {
463	$mlw_question_settings = array();
464	$mlw_question_settings['required'] = 1;
465	}
466
467	- //Load Answers
468	$answer_string = "";
469	- foreach($answers[$question->question_id] as $answer_single) {
470	- $answer_string .= "{answer: '".esc_js( str_replace('\\', '\\\\', $answer_single[0] ) )."',points: ".$answer_single[1].",correct: ".$answer_single[2]."},";
471	}
472
473	- //Load Type
474	$type_slug = $question->question_type_new;
475	$type_name = $question->question_type_new;
476	- foreach($qmn_question_types as $type)
477	- {
478	- if ($type["slug"] == $question->question_type_new)
479	- {
480	$type_name = $type["name"];
481	}
482	}
483
484	- //Parse Javascript Object
485	echo "{
486	id: ".$question->question_id.",
487	question: '".esc_js( str_replace('\\', '\\\\', $question->question_name ) )."',
	@@ -500,8 +493,8 @@ function mlw_options_questions_tab_content()
500	echo "];
501	</script>";
502
503	- //Load Categories
504	- $qmn_quiz_categories = $wpdb->get_results( $wpdb->prepare( "SELECT category FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_questions WHERE quiz_id=%d AND deleted='0'
505	GROUP BY category", $quiz_id ) );
506
507	$is_new_quiz = $wpdb->num_rows;
	@@ -635,16 +628,18 @@ function mlw_options_questions_tab_content()
635	</fieldset>
636	<input type="hidden" name="new_question_answer_total" id="new_question_answer_total" value="0" />
637	<input type="hidden" id="question_submission" name="question_submission" value="new_question" />

638	<input type="hidden" name="quiz_id" value="<?php echo $quiz_id; ?>" />
639	<input type="hidden" name="question_id" id="question_id" value="0" />
640	<input type='submit' class='button-primary' value='<?php _e('Create Question', 'quiz-master-next'); ?>' />
641	</form>
642	</div>

643	<!--Dialogs-->
644	<div id="delete_dialog" title="Delete Question?" style="display:none;">
645	<h3><b><?php _e('Are you sure you want to delete this question?', 'quiz-master-next'); ?></b></h3>
646	<form action='' method='post'>
647	- ~~<input~~ ~~type='hidden'~~ ~~name=~~'~~delete_question~~' ~~value=~~'~~confirmation~~' />
648	<input type='hidden' id='delete_question_id' name='delete_question_id' value='' />
649	<input type='hidden' name='quiz_id' value='<?php echo $quiz_id; ?>' />
650	<p class='submit'><input type='submit' class='button-primary' value='<?php _e('Delete Question', 'quiz-master-next'); ?>' /></p>
	@@ -654,7 +649,7 @@ function mlw_options_questions_tab_content()
654	<div id="duplicate_dialog" title="Duplicate Question?" style="display:none;">
655	<h3><b><?php _e('Are you sure you want to duplicate this question?', 'quiz-master-next'); ?></b></h3>
656	<form action='' method='post'>
657	- ~~<input~~ ~~type='hidden'~~ ~~name=~~'~~duplicate_question~~' ~~value=~~'~~confirmation~~' />
658	<input type='hidden' id='duplicate_question_id' name='duplicate_question_id' value='' />
659	<input type='hidden' name='quiz_id' value='<?php echo $quiz_id; ?>' />
660	<p class='submit'><input type='submit' class='button-primary' value='<?php _e ('Duplicate Question', 'quiz-master-next'); ?>' /></p>


7	* @return void
8	* @since 4.4.0
9	*/
10	+ function qmn_settings_questions_tab() {

11	global $mlwQuizMasterNext;
12	+ $mlwQuizMasterNext->pluginHelper->register_quiz_settings_tabs( __( "Questions", 'quiz-master-next' ), 'mlw_options_questions_tab_content' );
13	}
14	+ add_action( "plugins_loaded", 'qmn_settings_questions_tab', 5 );
15
16
17	/**

20	* @return void
21	* @since 4.4.0
22	*/
23	+ function mlw_options_questions_tab_content() {

24	?>
25	+
26	<script>
27	var answer_text = '<?php _e('Answer', 'quiz-master-next'); ?>';
28	</script>

38	$quiz_id = $_GET["quiz_id"];
39
40	//Re-ordering questions
41	+ if ( isset( $_POST['qmn_question_order_nonce'] ) && wp_verify_nonce( $_POST['qmn_question_order_nonce'], 'qmn_question_order' ) ) {
42	$list_of_questions = explode( ',', $_POST["save_question_order_input"] );
43	$question_order = 0;
44	$success = true;

66	}
67	}
68
69	+ // Edit question
70	+ if ( isset( $_POST['qsm_question_save_nonce'] ) && wp_verify_nonce( $_POST['qsm_question_save_nonce'], 'qsm_question_save' ) && isset( $_POST["question_submission"] ) && "edit_question" == $_POST["question_submission"] ) {
71
72	+ // Variables from edit question form
73	+ $edit_question_name = trim( preg_replace( '/\s+/',' ', htmlspecialchars( nl2br( wp_kses_post( stripslashes( $_POST["question_name"] ) ) ), ENT_QUOTES ) ) );
74	$edit_question_answer_info = htmlspecialchars( stripslashes( $_POST["correct_answer_info"] ), ENT_QUOTES );
75	$mlw_edit_question_id = intval( $_POST["question_id"] );
76	$mlw_edit_question_type = sanitize_text_field( $_POST["question_type"] );

93	}
94
95	// Retrieves question settings and sets required field
96	+ $mlw_row_settings = $wpdb->get_row( $wpdb->prepare( "SELECT question_settings FROM {$wpdb->prefix}mlw_questions WHERE question_id=%d", $mlw_edit_question_id ) );
97	if ( is_serialized( $mlw_row_settings->question_settings ) && is_array( @unserialize( $mlw_row_settings->question_settings ) ) ) {
98	$mlw_settings = @unserialize( $mlw_row_settings->question_settings );
99	} else {

161	),
162	array( '%d' )
163	);
164	+ if ( false !== $results ) {
165	$mlwQuizMasterNext->alertManager->newAlert(__('The question has been updated successfully.', 'quiz-master-next'), 'success');
166	$mlwQuizMasterNext->audit_manager->new_audit( "Question Has Been Edited: $edit_question_name" );
167	} else {

169	$mlwQuizMasterNext->log_manager->add("Error 0004", $wpdb->last_error.' from '.$wpdb->last_query, 0, 'error');
170	}
171	}
172	+
173	+ // Delete question from quiz
174	+ if ( isset( $_POST['qsm_delete_question_nonce'] ) && wp_verify_nonce( $_POST['qsm_delete_question_nonce'], 'qsm_delete_question' ) ) {
175	+
176	+ // Variables from delete question form
177	$mlw_question_id = intval( $_POST["delete_question_id"] );
178	$quiz_id = intval( $_POST["quiz_id"] );
179

188	),
189	array( '%d' )
190	);
191	+ if ( false !== $results ) {
192	$mlwQuizMasterNext->alertManager->newAlert(__('The question has been deleted successfully.', 'quiz-master-next'), 'success');
193	$mlwQuizMasterNext->audit_manager->new_audit( "Question Has Been Deleted: $mlw_question_id" );
194	} else {

197	}
198	}
199
200	+ // Duplicate Questions
201	+ if ( isset( $_POST['qsm_duplicate_question_nonce'] ) && wp_verify_nonce( $_POST['qsm_duplicate_question_nonce'], 'qsm_duplicate_question' ) ) {
202	+
203	+ // Variables from delete question form
204	$mlw_question_id = intval( $_POST["duplicate_question_id"] );
205	$quiz_id = intval( $_POST["quiz_id"] );
206
207	+ $mlw_original = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id=%d", $mlw_question_id ), ARRAY_A );
208
209	$results = $wpdb->insert(
210	$wpdb->prefix."mlw_questions",

262	)
263	);
264
265	+ if ( false !== $results ) {
266	$mlwQuizMasterNext->alertManager->newAlert(__('The question has been duplicated successfully.', 'quiz-master-next'), 'success');
267	$mlwQuizMasterNext->audit_manager->new_audit( "Question Has Been Duplicated: $mlw_question_id" );
268	} else {

271	}
272	}
273
274	+ // Submit new question into database
275	+ if ( isset( $_POST['qsm_question_save_nonce'] ) && wp_verify_nonce( $_POST['qsm_question_save_nonce'], 'qsm_question_save' ) && isset( $_POST["question_submission"] ) && "new_question" == $_POST["question_submission"] ) {
276
277	+ // Variables from new question form
278	+ $question_name = trim( preg_replace( '/\s+/',' ', htmlspecialchars( nl2br( wp_kses_post( stripslashes( $_POST["question_name"] ) ) ), ENT_QUOTES ) ) );
279	$question_answer_info = htmlspecialchars( stripslashes( $_POST["correct_answer_info"] ), ENT_QUOTES );
280	$question_type = sanitize_text_field( $_POST["question_type"] );
281	$comments = htmlspecialchars( $_POST["comments"], ENT_QUOTES );

360	);
361
362	// Checks if insert was successful or not
363	+ if ( false !== $results ) {
364	$mlwQuizMasterNext->alertManager->newAlert(__('The question has been created successfully.', 'quiz-master-next'), 'success');
365	$mlwQuizMasterNext->audit_manager->new_audit( "Question Has Been Added: $question_name" );
366	} else {

417	}
418
419	//Load questions
420	+ $questions = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_questions WHERE quiz_id=%d AND deleted='0' ORDER BY question_order ASC", $quiz_id ) );

421	$answers = array();
422	+ foreach( $questions as $mlw_question_info ) {
423	+ if ( is_serialized( $mlw_question_info->answer_array ) && is_array( @unserialize( $mlw_question_info->answer_array ) ) ) {
424	+ $mlw_qmn_answer_array_each = @unserialize( $mlw_question_info->answer_array );
425	+ $answers[ $mlw_question_info->question_id ] = $mlw_qmn_answer_array_each;
426	+ } else {



427	$mlw_answer_array_correct = array(0, 0, 0, 0, 0, 0);
428	+ $mlw_answer_array_correct[ $mlw_question_info->correct_answer - 1 ] = 1;
429	+ $answers[ $mlw_question_info->question_id ] = array(
430	+ array( $mlw_question_info->answer_one, $mlw_question_info->answer_one_points, $mlw_answer_array_correct[0] ),
431	+ array( $mlw_question_info->answer_two, $mlw_question_info->answer_two_points, $mlw_answer_array_correct[1] ),
432	+ array( $mlw_question_info->answer_three, $mlw_question_info->answer_three_points, $mlw_answer_array_correct[2] ),
433	+ array( $mlw_question_info->answer_four, $mlw_question_info->answer_four_points, $mlw_answer_array_correct[3] ),
434	+ array( $mlw_question_info->answer_five, $mlw_question_info->answer_five_points, $mlw_answer_array_correct[4] ),
435	+ array( $mlw_question_info->answer_six, $mlw_question_info->answer_six_points, $mlw_answer_array_correct[5] )
436	+ );
437	}
438	}
439

444	//Load question type edit fields and convert to JavaScript
445	$qmn_question_type_fields = $mlwQuizMasterNext->pluginHelper->get_question_type_edit_fields();
446	echo "<script>
447	+ var qmn_question_type_fields = " . json_encode( $qmn_question_type_fields ) . ";
448	</script>";
449
450	echo "<script>
451	var questions_list = [";
452	+ foreach( $questions as $question ) {
453
454	+ // Load Required
455	+ if ( is_serialized( $question->question_settings ) && is_array( @unserialize( $question->question_settings ) ) ) {
456	+ $mlw_question_settings = @unserialize( $question->question_settings );
457	+ } else {



458	$mlw_question_settings = array();
459	$mlw_question_settings['required'] = 1;
460	}
461
462	+ // Load Answers
463	$answer_string = "";
464	+ foreach( $answers[ $question->question_id ] as $answer_single ) {
465	+ $answer_string .= "{answer: '" . esc_js( str_replace('\\', '\\\\', $answer_single[0] ) ) . "',points: " . $answer_single[1] . ",correct: " . $answer_single[2] . "},";
466	}
467
468	+ // Load Type
469	$type_slug = $question->question_type_new;
470	$type_name = $question->question_type_new;
471	+ foreach( $qmn_question_types as $type ) {
472	+ if ( $type["slug"] == $question->question_type_new ) {


473	$type_name = $type["name"];
474	}
475	}
476
477	+ // Parse Javascript Object
478	echo "{
479	id: ".$question->question_id.",
480	question: '".esc_js( str_replace('\\', '\\\\', $question->question_name ) )."',

493	echo "];
494	</script>";
495
496	+ // Load Categories
497	+ $qmn_quiz_categories = $wpdb->get_results( $wpdb->prepare( "SELECT category FROM {$wpdb->prefix}mlw_questions WHERE quiz_id=%d AND deleted='0'
498	GROUP BY category", $quiz_id ) );
499
500	$is_new_quiz = $wpdb->num_rows;

628	</fieldset>
629	<input type="hidden" name="new_question_answer_total" id="new_question_answer_total" value="0" />
630	<input type="hidden" id="question_submission" name="question_submission" value="new_question" />
631	+ <?php wp_nonce_field( 'qsm_question_save','qsm_question_save_nonce' ); ?>
632	<input type="hidden" name="quiz_id" value="<?php echo $quiz_id; ?>" />
633	<input type="hidden" name="question_id" id="question_id" value="0" />
634	<input type='submit' class='button-primary' value='<?php _e('Create Question', 'quiz-master-next'); ?>' />
635	</form>
636	</div>
637	+
638	<!--Dialogs-->
639	<div id="delete_dialog" title="Delete Question?" style="display:none;">
640	<h3><b><?php _e('Are you sure you want to delete this question?', 'quiz-master-next'); ?></b></h3>
641	<form action='' method='post'>
642	+ <?php wp_nonce_field( 'qsm_delete_question','qsm_delete_question_nonce' ); ?>
643	<input type='hidden' id='delete_question_id' name='delete_question_id' value='' />
644	<input type='hidden' name='quiz_id' value='<?php echo $quiz_id; ?>' />
645	<p class='submit'><input type='submit' class='button-primary' value='<?php _e('Delete Question', 'quiz-master-next'); ?>' /></p>

649	<div id="duplicate_dialog" title="Duplicate Question?" style="display:none;">
650	<h3><b><?php _e('Are you sure you want to duplicate this question?', 'quiz-master-next'); ?></b></h3>
651	<form action='' method='post'>
652	+ <?php wp_nonce_field( 'qsm_duplicate_question','qsm_duplicate_question_nonce' ); ?>
653	<input type='hidden' id='duplicate_question_id' name='duplicate_question_id' value='' />
654	<input type='hidden' name='quiz_id' value='<?php echo $quiz_id; ?>' />
655	<p class='submit'><input type='submit' class='button-primary' value='<?php _e ('Duplicate Question', 'quiz-master-next'); ?>' /></p>

readme.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Contributors: mylocalwebstop, fpcorso, elrath, dukeran
3	Donate link: http://mylocalwebstop.com/downloads/donation-service-payment/
4	Tags: quiz, survey, test, score, exam, questionnaire, email, answer, question, certificate, points, results
5	- Requires at least: 4.1
6	- Tested up to: 4.~~6.1~~
7	- Stable tag: 4.7.8
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -109,7 +109,10 @@ This is usually a theme conflict. You can [checkout out our common conflict solu
109
110	== Changelog ==
111
112	- = 4.7.8 (~~November,~~ 2, 2016) =



113	* Closed Bug: Apostrophe in translation for tab name text causing errors - Issue #490
114	* Closed Bug: Timer resets if user copies link, opens new tab, and pastes link - Issue #489
115	* Closed Enhancement: Add Business, Email, And Phone To Quiz Results Search - Issue #485
	@@ -121,16 +124,9 @@ This is usually a theme conflict. You can [checkout out our common conflict solu
121	* Closed Enhancement: Table Styles Don't Match Default WordPress Styles. - Issue #471
122	* Closed Bug: Tracking manager causes admin server error when request error occurs. - Issue #470
123
124	- = 4.7.6 (July 11, 2016) =
125	- * Closed: Add language and error logs to usage tracking - Issue #457
126	-
127	- = 4.7.5 (June 15, 2016) =
128	- * Closed Enhancement: Change Text Block To Text/HTML - Issue #451
129	- * Closed Enhancement: Create alert warning about removal of certificate - Issue #382
130	-
131	([Read Full Changelog](https://github.com/fpcorso/quiz_master_next/blob/master/CHANGELOG.md))
132
133	== Upgrade Notice ==
134
135	- = 4.7.8 =
136	- ~~Upgrade~~ to fix ~~bug~~ ~~affecting some users where the results page will not load~~


2	Contributors: mylocalwebstop, fpcorso, elrath, dukeran
3	Donate link: http://mylocalwebstop.com/downloads/donation-service-payment/
4	Tags: quiz, survey, test, score, exam, questionnaire, email, answer, question, certificate, points, results
5	+ Requires at least: 4.3
6	+ Tested up to: 4.7
7	+ Stable tag: 4.7.9
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

109
110	== Changelog ==
111
112	+ = 4.7.9 (December 13, 2016) =
113	+ * Closed Security: CSRF vulnerability on Questions tab
114	+
115	+ = 4.7.8 (November 2, 2016) =
116	* Closed Bug: Apostrophe in translation for tab name text causing errors - Issue #490
117	* Closed Bug: Timer resets if user copies link, opens new tab, and pastes link - Issue #489
118	* Closed Enhancement: Add Business, Email, And Phone To Quiz Results Search - Issue #485

124	* Closed Enhancement: Table Styles Don't Match Default WordPress Styles. - Issue #471
125	* Closed Bug: Tracking manager causes admin server error when request error occurs. - Issue #470
126







127	([Read Full Changelog](https://github.com/fpcorso/quiz_master_next/blob/master/CHANGELOG.md))
128
129	== Upgrade Notice ==
130
131	+ = 4.7.9 =
132	+ Important security update to fix CSRF vulnerability

Quiz And Survey Master (Formerly Quiz Master Next) - Version 4.7.9

Version Description

Release Info

Code changes from version 4.7.8 to 4.7.9