Quiz And Survey Master (Formerly Quiz Master Next)

Version Description

(March 9, 2021) = * Bug: Fixed several security issues. * Bug: Fixed the issue of audio and video player not showing in question content * Bug: Fixed the issue of [latex] shortcode not showing Red cross mark for incorrect option. * Bug: Fixed the issue required field getting surpassed by spaces in contact form.

Download this release

Release Info

Developer	expresstech
Plugin	Quiz And Survey Master (Formerly Quiz Master Next)
Version	7.1.13
Comparing to
See all releases

Code changes from version 7.1.12 to 7.1.13

Files changed (15) hide show

js/qsm-quiz.js +1 -1
mlw_quizmaster2.php +3 -3
php/admin/dashboard-widgets.php +12 -12
php/admin/options-page-style-tab.php +1 -1
php/admin/quizzes-page.php +7 -7
php/admin/stats-page.php +3 -3
php/classes/class-qmn-plugin-helper.php +1 -1
php/classes/class-qmn-quiz-manager.php +3 -3
php/classes/class-qsm-install.php +19 -19
php/gdpr.php +2 -2
php/question-types.php +2 -1
php/rest-api.php +10 -10
php/shortcodes.php +1 -1
php/template-variables.php +7 -7
readme.txt +10 -4

js/qsm-quiz.js CHANGED Viewed

	@@ -716,7 +716,7 @@ function qmnValidation( element, quiz_form_id ) {
716	qmnDisplayError( empty_error, jQuery( this ), quiz_form_id );
717	result = false;
718	}
719	- if( jQuery( this ).attr( 'class' ).indexOf( 'mlwRequiredText' ) > -1 && this.value === "" ) {
720	qmnDisplayError( empty_error, jQuery( this ), quiz_form_id );
721	result = false;
722	}


716	qmnDisplayError( empty_error, jQuery( this ), quiz_form_id );
717	result = false;
718	}
719	+ if( jQuery( this ).attr( 'class' ).indexOf( 'mlwRequiredText' ) > -1 && jQuery.trim(this.value) === "" ) {
720	qmnDisplayError( empty_error, jQuery( this ), quiz_form_id );
721	result = false;
722	}

mlw_quizmaster2.php CHANGED Viewed

	@@ -2,14 +2,14 @@
2	/**
3	* Plugin Name: Quiz And Survey Master
4	* Description: Easily and quickly add quizzes and surveys to your website.
5	- * Version: 7.1.12
6	* Author: ExpressTech
7	* Author URI: https://quizandsurveymaster.com/
8	* Plugin URI: https://expresstech.io/
9	* Text Domain: quiz-master-next
10	*
11	* @author QSM Team
12	- * @version 7.1.12
13	* @package QSM
14	*/
15
	@@ -37,7 +37,7 @@ class MLWQuizMasterNext {
37	* @var string
38	* @since 4.0.0
39	*/
40	- public $version = '7.1.12';
41
42	/**
43	* QSM Alert Manager Object


2	/**
3	* Plugin Name: Quiz And Survey Master
4	* Description: Easily and quickly add quizzes and surveys to your website.
5	+ * Version: 7.1.13
6	* Author: ExpressTech
7	* Author URI: https://quizandsurveymaster.com/
8	* Plugin URI: https://expresstech.io/
9	* Text Domain: quiz-master-next
10	*
11	* @author QSM Team
12	+ * @version 7.1.13
13	* @package QSM
14	*/
15

37	* @var string
38	* @since 4.0.0
39	*/
40	+ public $version = '7.1.13';
41
42	/**
43	* QSM Alert Manager Object

php/admin/dashboard-widgets.php CHANGED Viewed

	@@ -32,10 +32,10 @@ add_action( 'wp_dashboard_setup', 'qmn_add_dashboard_widget' );
32	function qmn_snapshot_dashboard_widget()
33	{
34	global $wpdb;
35	- $mlw_qmn_today_taken = $wpdb->get_var( "SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '" . date( "Y-m-d", current_time( 'timestamp' ) )." ~~00:00:00' AND '" .~~ date( "Y-m-d", current_time( 'timestamp' ) )." ~~23:59:59'~~) ~~AND deleted=0"~~);
36	$mlw_last_week = mktime(0, 0, 0, date("m") , date("d")-7, date("Y"));
37	$mlw_last_week = date("Y-m-d", $mlw_last_week);
38	- $mlw_qmn_last_weekday_taken = $wpdb->get_var( "SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$mlw_last_week."~~ 00:00:00' AND '~~".$mlw_last_week."~~ 23:59:59') AND deleted=0");
39	if ($mlw_qmn_last_weekday_taken != 0)
40	{
41	$mlw_qmn_analyze_today = round((($mlw_qmn_today_taken - $mlw_qmn_last_weekday_taken) / $mlw_qmn_last_weekday_taken) * 100, 2);
	@@ -47,13 +47,13 @@ function qmn_snapshot_dashboard_widget()
47
48	$mlw_this_week = mktime(0, 0, 0, date("m") , date("d")-6, date("Y"));
49	$mlw_this_week = date("Y-m-d", $mlw_this_week);
50	- $mlw_qmn_this_week_taken = $wpdb->get_var( "SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$mlw_this_week."~~ 00:00:00' AND '~~".date("Y-m-d")."~~ 23:59:59') AND deleted=0");
51
52	$mlw_last_week_start = mktime(0, 0, 0, date("m") , date("d")-13, date("Y"));
53	$mlw_last_week_start = date("Y-m-d", $mlw_last_week_start);
54	$mlw_last_week_end = mktime(0, 0, 0, date("m") , date("d")-7, date("Y"));
55	$mlw_last_week_end = date("Y-m-d", $mlw_last_week_end);
56	- $mlw_qmn_last_week_taken = $wpdb->get_var( "SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$mlw_last_week_start."~~ 00:00:00' AND '~~".$mlw_last_week_end."~~ 23:59:59') AND deleted=0");
57
58	if ($mlw_qmn_last_week_taken != 0)
59	{
	@@ -66,13 +66,13 @@ function qmn_snapshot_dashboard_widget()
66
67	$mlw_this_month = mktime(0, 0, 0, date("m") , date("d")-29, date("Y"));
68	$mlw_this_month = date("Y-m-d", $mlw_this_month);
69	- $mlw_qmn_this_month_taken = $wpdb->get_var( "SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$mlw_this_month."~~ 00:00:00' AND '~~".date("Y-m-d")."~~ 23:59:59') AND deleted=0");
70
71	$mlw_last_month_start = mktime(0, 0, 0, date("m") , date("d")-59, date("Y"));
72	$mlw_last_month_start = date("Y-m-d", $mlw_last_month_start);
73	$mlw_last_month_end = mktime(0, 0, 0, date("m") , date("d")-30, date("Y"));
74	$mlw_last_month_end = date("Y-m-d", $mlw_last_month_end);
75	- $mlw_qmn_last_month_taken = $wpdb->get_var( "SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$mlw_last_month_start."~~ 00:00:00' AND '~~".$mlw_last_month_end."~~ 23:59:59') AND deleted=0");
76
77	if ($mlw_qmn_last_month_taken != 0)
78	{
	@@ -85,13 +85,13 @@ function qmn_snapshot_dashboard_widget()
85
86	$mlw_this_quater = mktime(0, 0, 0, date("m") , date("d")-89, date("Y"));
87	$mlw_this_quater = date("Y-m-d", $mlw_this_quater);
88	- $mlw_qmn_this_quater_taken = $wpdb->get_var( "SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$mlw_this_quater."~~ 00:00:00' AND '~~".date("Y-m-d")."~~ 23:59:59') AND deleted=0");
89
90	$mlw_last_quater_start = mktime(0, 0, 0, date("m") , date("d")-179, date("Y"));
91	$mlw_last_quater_start = date("Y-m-d", $mlw_last_quater_start);
92	$mlw_last_quater_end = mktime(0, 0, 0, date("m") , date("d")-90, date("Y"));
93	$mlw_last_quater_end = date("Y-m-d", $mlw_last_quater_end);
94	- $mlw_qmn_last_quater_taken = $wpdb->get_var( "SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$mlw_last_quater_start."~~ 00:00:00' AND '~~".$mlw_last_quater_end."~~ 23:59:59') AND deleted=0");
95
96	if ($mlw_qmn_last_quater_taken != 0)
97	{
	@@ -102,11 +102,11 @@ function qmn_snapshot_dashboard_widget()
102	$mlw_qmn_analyze_quater = $mlw_qmn_this_quater_taken * 100;
103	}
104
105	- $mlw_stat_total_active_quiz = $wpdb->get_var( "SELECT COUNT(*) FROM ~~".$~~wpdb->prefix."mlw_quizzes WHERE deleted=0 LIMIT 1" );
106	- $mlw_stat_total_questions = $wpdb->get_var( "SELECT COUNT(*) FROM ~~".$~~wpdb->prefix."mlw_questions WHERE deleted=0 LIMIT 1" );
107
108	- $mlw_stat_most_popular_quiz = $wpdb->get_row( "SELECT quiz_name FROM ~~".$~~wpdb->prefix."mlw_quizzes WHERE deleted=0 ORDER BY quiz_taken Desc LIMIT 1" );
109	- $mlw_stat_least_popular_quiz = $wpdb->get_row( "SELECT quiz_name FROM ~~".$~~wpdb->prefix."mlw_quizzes WHERE deleted=0 ORDER BY quiz_taken ASC LIMIT 1" );
110	?>
111	<style>
112	.qmn_dashboard_list


32	function qmn_snapshot_dashboard_widget()
33	{
34	global $wpdb;
35	+ $mlw_qmn_today_taken = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", date( "Y-m-d", current_time( 'timestamp' ) ), date( "Y-m-d", current_time( 'timestamp' ) ) ) );
36	$mlw_last_week = mktime(0, 0, 0, date("m") , date("d")-7, date("Y"));
37	$mlw_last_week = date("Y-m-d", $mlw_last_week);
38	+ $mlw_qmn_last_weekday_taken = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $mlw_last_week, $mlw_last_week ) );
39	if ($mlw_qmn_last_weekday_taken != 0)
40	{
41	$mlw_qmn_analyze_today = round((($mlw_qmn_today_taken - $mlw_qmn_last_weekday_taken) / $mlw_qmn_last_weekday_taken) * 100, 2);

47
48	$mlw_this_week = mktime(0, 0, 0, date("m") , date("d")-6, date("Y"));
49	$mlw_this_week = date("Y-m-d", $mlw_this_week);
50	+ $mlw_qmn_this_week_taken = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $mlw_this_week, date("Y-m-d") ) );
51
52	$mlw_last_week_start = mktime(0, 0, 0, date("m") , date("d")-13, date("Y"));
53	$mlw_last_week_start = date("Y-m-d", $mlw_last_week_start);
54	$mlw_last_week_end = mktime(0, 0, 0, date("m") , date("d")-7, date("Y"));
55	$mlw_last_week_end = date("Y-m-d", $mlw_last_week_end);
56	+ $mlw_qmn_last_week_taken = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $mlw_last_week_start, $mlw_last_week_end ) );
57
58	if ($mlw_qmn_last_week_taken != 0)
59	{

66
67	$mlw_this_month = mktime(0, 0, 0, date("m") , date("d")-29, date("Y"));
68	$mlw_this_month = date("Y-m-d", $mlw_this_month);
69	+ $mlw_qmn_this_month_taken = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $mlw_this_month, date("Y-m-d") ) );
70
71	$mlw_last_month_start = mktime(0, 0, 0, date("m") , date("d")-59, date("Y"));
72	$mlw_last_month_start = date("Y-m-d", $mlw_last_month_start);
73	$mlw_last_month_end = mktime(0, 0, 0, date("m") , date("d")-30, date("Y"));
74	$mlw_last_month_end = date("Y-m-d", $mlw_last_month_end);
75	+ $mlw_qmn_last_month_taken = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $mlw_last_month_start, $mlw_last_month_end ) );
76
77	if ($mlw_qmn_last_month_taken != 0)
78	{

85
86	$mlw_this_quater = mktime(0, 0, 0, date("m") , date("d")-89, date("Y"));
87	$mlw_this_quater = date("Y-m-d", $mlw_this_quater);
88	+ $mlw_qmn_this_quater_taken = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $mlw_this_quater, date("Y-m-d") ));
89
90	$mlw_last_quater_start = mktime(0, 0, 0, date("m") , date("d")-179, date("Y"));
91	$mlw_last_quater_start = date("Y-m-d", $mlw_last_quater_start);
92	$mlw_last_quater_end = mktime(0, 0, 0, date("m") , date("d")-90, date("Y"));
93	$mlw_last_quater_end = date("Y-m-d", $mlw_last_quater_end);
94	+ $mlw_qmn_last_quater_taken = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $mlw_last_quater_start, $mlw_last_quater_end ) );
95
96	if ($mlw_qmn_last_quater_taken != 0)
97	{

102	$mlw_qmn_analyze_quater = $mlw_qmn_this_quater_taken * 100;
103	}
104
105	+ $mlw_stat_total_active_quiz = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_quizzes WHERE deleted=0 LIMIT 1" );
106	+ $mlw_stat_total_questions = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_questions WHERE deleted=0 LIMIT 1" );
107
108	+ $mlw_stat_most_popular_quiz = $wpdb->get_row( "SELECT quiz_name FROM {$wpdb->prefix}mlw_quizzes WHERE deleted=0 ORDER BY quiz_taken Desc LIMIT 1" );
109	+ $mlw_stat_least_popular_quiz = $wpdb->get_row( "SELECT quiz_name FROM {$wpdb->prefix}mlw_quizzes WHERE deleted=0 ORDER BY quiz_taken ASC LIMIT 1" );
110	?>
111	<style>
112	.qmn_dashboard_list

php/admin/options-page-style-tab.php CHANGED Viewed

	@@ -39,7 +39,7 @@ function qsm_options_styling_tab_content() {
39	$quiz_style = sanitize_textarea_field( htmlspecialchars( stripslashes( $_POST['quiz_css'] ), ENT_QUOTES ) );
40
41	// Saves the new css.
42	- $results = $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}mlw_quizzes SET quiz_stye='%s', theme_selected='%s', last_activity='" . date( 'Y-m-d H:i:s' ) ~~. "' WHERE quiz_id=%d"~~, $~~quiz_style, $quiz_theme, $~~style_quiz_id ) );
43	if ( false !== $results ) {
44	$mlwQuizMasterNext->alertManager->newAlert( __( 'The style has been saved successfully.', 'quiz-master-next' ), 'success' );
45	$mlwQuizMasterNext->audit_manager->new_audit( "Styles Have Been Saved For Quiz Number $style_quiz_id" );


39	$quiz_style = sanitize_textarea_field( htmlspecialchars( stripslashes( $_POST['quiz_css'] ), ENT_QUOTES ) );
40
41	// Saves the new css.
42	+ $results = $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}mlw_quizzes SET quiz_stye='%s', theme_selected='%s', last_activity='%s' WHERE quiz_id=%d", $quiz_style, $quiz_theme, date( 'Y-m-d H:i:s' ), $style_quiz_id ) );
43	if ( false !== $results ) {
44	$mlwQuizMasterNext->alertManager->newAlert( __( 'The style has been saved successfully.', 'quiz-master-next' ), 'success' );
45	$mlwQuizMasterNext->audit_manager->new_audit( "Styles Have Been Saved For Quiz Number $style_quiz_id" );

php/admin/quizzes-page.php CHANGED Viewed

	@@ -122,13 +122,13 @@ function qsm_generate_quizzes_surveys_page() {
122	/Set Request To Post as form method is Post.(AA)/
123	if (isset($_POST['btnSearchQuiz']) && $_POST['s'] != '') {
124	$search = $_POST['s'];
125	- $condition = " WHERE deleted='0' AND quiz_name LIKE '%$search%'";
126	- $qry = "SELECT COUNT('quiz_id') FROM {$wpdb->prefix}mlw_quizzes" . $condition;
127	$total = $wpdb->get_var($qry);
128	$num_of_pages = ceil($total / $limit);
129	} else {
130	- $condition = " WHERE deleted='0'";
131	- $total = $wpdb->get_var("SELECT COUNT(`quiz_id`) FROM {$wpdb->prefix}mlw_quizzes " . $condition);
132	$num_of_pages = ceil($total / $limit);
133	}
134
	@@ -168,8 +168,8 @@ function qsm_generate_quizzes_surveys_page() {
168	/Written to get results form search.(AA)/
169	if (isset($_POST['btnSearchQuiz']) && $_POST['s'] != '') {
170	$search_quiz = $_POST['s'];
171	- $condition = " WHERE quiz_name LIKE '%$search_quiz%'";
172	- $qry = "SELECT * FROM {$wpdb->prefix}mlw_quizzes" . $condition;
173	$quizzes = $wpdb->get_results($qry );
174
175	}
	@@ -216,7 +216,7 @@ function qsm_generate_quizzes_surveys_page() {
216	);
217	}
218
219	- $quiz_results_count = $wpdb->get_var( "SELECT COUNT(result_id) FROM {$wpdb->prefix}mlw_results WHERE `deleted`='0' AND `quiz_id`='{$quiz->quiz_id~~}'"~~ );
220
221	$activity_date = date_i18n(get_option('date_format'), strtotime($quiz->last_activity));
222	$activity_time = date('h:i:s A', strtotime($quiz->last_activity));


122	/Set Request To Post as form method is Post.(AA)/
123	if (isset($_POST['btnSearchQuiz']) && $_POST['s'] != '') {
124	$search = $_POST['s'];
125	+ $condition = " WHERE deleted=0 AND quiz_name LIKE '%$search%'";
126	+ $qry = stripslashes( $wpdb->prepare( "SELECT COUNT('quiz_id') FROM {$wpdb->prefix}mlw_quizzes%1s", $condition ) );
127	$total = $wpdb->get_var($qry);
128	$num_of_pages = ceil($total / $limit);
129	} else {
130	+ $condition = " WHERE deleted=0";
131	+ $total = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(`quiz_id`) FROM {$wpdb->prefix}mlw_quizzes %1s", $condition ) );
132	$num_of_pages = ceil($total / $limit);
133	}
134

168	/Written to get results form search.(AA)/
169	if (isset($_POST['btnSearchQuiz']) && $_POST['s'] != '') {
170	$search_quiz = $_POST['s'];
171	+ $condition = " WHERE quiz_name LIKE '%$search_quiz%'";
172	+ $qry = stripslashes( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_quizzes%1s", $condition) );
173	$quizzes = $wpdb->get_results($qry );
174
175	}

216	);
217	}
218
219	+ $quiz_results_count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(result_id) FROM {$wpdb->prefix}mlw_results WHERE `deleted`= 0 AND `quiz_id`= %d", $quiz->quiz_id ) );
220
221	$activity_date = date_i18n(get_option('date_format'), strtotime($quiz->last_activity));
222	$activity_time = date('h:i:s A', strtotime($quiz->last_activity));

php/admin/stats-page.php CHANGED Viewed

	@@ -178,7 +178,7 @@ function qmn_load_stats($type, $amount = 0) {
178	global $wpdb;
179	for ($i=0; $i < $amount; $i++) {
180	$stat_date = date("Y-m-d", mktime(0, 0, 0, date("m") , date("d")-$i, date("Y")));
181	- $retrieved_stats = $wpdb->get_var("SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$stat_date."~~ 00:00:00' AND '~~".$stat_date."~~ 23:59:59') AND deleted=0");
182	array_unshift($stats, $retrieved_stats);
183	}
184	break;
	@@ -188,7 +188,7 @@ function qmn_load_stats($type, $amount = 0) {
188	for ($i=0; $i < $amount; $i++) {
189	$stat_date = date("Y-m-d", mktime(0, 0, 0, date("m") , date("d")-(6+($i*7)), date("Y")));
190	$stat_end_date = date("Y-m-d", mktime(0, 0, 0, date("m") , date("d")-($i*7), date("Y")));
191	- $retrieved_stats = $wpdb->get_var("SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$stat_date."~~ 00:00:00' AND '~~".$stat_end_date."~~ 23:59:59') AND deleted=0");
192	array_unshift($stats, $retrieved_stats);
193	}
194	break;
	@@ -198,7 +198,7 @@ function qmn_load_stats($type, $amount = 0) {
198	for ($i=0; $i < $amount; $i++) {
199	$stat_date = date("Y-m-d", mktime(0, 0, 0, date("m")-$i, 1, date("Y")));
200	$stat_end_date = date("Y-m-t", mktime(0, 0, 0, date("m")-$i, date("d"), date("Y")));
201	- $retrieved_stats = $wpdb->get_var("SELECT COUNT(*) FROM ~~" .~~ $wpdb->prefix ~~. "~~mlw_results WHERE (time_taken_real BETWEEN '~~".$stat_date."~~ 00:00:00' AND '~~".$stat_end_date."~~ 23:59:59') AND deleted=0");
202	array_unshift($stats, $retrieved_stats);
203	}
204	break;


178	global $wpdb;
179	for ($i=0; $i < $amount; $i++) {
180	$stat_date = date("Y-m-d", mktime(0, 0, 0, date("m") , date("d")-$i, date("Y")));
181	+ $retrieved_stats = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $stat_date, $stat_date ) );
182	array_unshift($stats, $retrieved_stats);
183	}
184	break;

188	for ($i=0; $i < $amount; $i++) {
189	$stat_date = date("Y-m-d", mktime(0, 0, 0, date("m") , date("d")-(6+($i*7)), date("Y")));
190	$stat_end_date = date("Y-m-d", mktime(0, 0, 0, date("m") , date("d")-($i*7), date("Y")));
191	+ $retrieved_stats = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $stat_date, $stat_end_date ) );
192	array_unshift($stats, $retrieved_stats);
193	}
194	break;

198	for ($i=0; $i < $amount; $i++) {
199	$stat_date = date("Y-m-d", mktime(0, 0, 0, date("m")-$i, 1, date("Y")));
200	$stat_end_date = date("Y-m-t", mktime(0, 0, 0, date("m")-$i, date("d"), date("Y")));
201	+ $retrieved_stats = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE (time_taken_real BETWEEN '%1s 00:00:00' AND '%2s 23:59:59') AND deleted=0", $stat_date, $stat_end_date ) );
202	array_unshift($stats, $retrieved_stats);
203	}
204	break;

php/classes/class-qmn-plugin-helper.php CHANGED Viewed

	@@ -170,7 +170,7 @@ class QMNPluginHelper {
170	$limit = ' limit ' . $offset . ', ' . $limit;
171	}
172	// Get quizzes and return them
173	- $quizzes = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_quizzes $delete $user_str $where_str ~~ORDER BY~~ $order_field $order_direction $limit" );
174	return $quizzes;
175	}
176


170	$limit = ' limit ' . $offset . ', ' . $limit;
171	}
172	// Get quizzes and return them
173	+ $quizzes = $wpdb->get_results( stripslashes( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_quizzes %1s %2s %3s ORDER BY %4s %5s %6s", $delete, $user_str, $where_str, $order_field, $order_direction, $limit ) ) );
174	return $quizzes;
175	}
176

php/classes/class-qmn-quiz-manager.php CHANGED Viewed

	@@ -183,7 +183,7 @@ class QMNQuizManager {
183	global $wpdb;
184	$question_id = isset($_POST['question_id']) ? intval($_POST['question_id']) : 0;
185	$answer = isset( $_POST['answer'] ) ? stripslashes_deep( $_POST['answer'] ) : '';
186	- $question_array = $wpdb->get_row( "SELECT answer_array, question_answer_info FROM {$wpdb->prefix}mlw_questions WHERE question_id = ($question_id)", 'ARRAY_A' );
187	$answer_array = unserialize($question_array['answer_array']);
188	$correct_info_text = isset( $question_array['question_answer_info'] ) ? html_entity_decode( $question_array['question_answer_info'] ) : '';
189	$show_correct_info = isset( $_POST['show_correct_info'] ) ? sanitize_text_field( $_POST['show_correct_info'] ) : 0;
	@@ -457,7 +457,7 @@ class QMNQuizManager {
457	}
458	$question_ids = apply_filters('qsm_load_questions_ids', $question_ids, $quiz_id, $quiz_options);
459	$question_sql = implode(', ', $question_ids);
460	- $questions = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id IN (~~$question_sql~~) " . $cat_query . $order_by_sql . $limit_sql);
461
462	// If we are not using randomization, we need to put the questions in the order of the new question editor.
463	// If a user has saved the pages in the question editor but still uses the older pagination options
	@@ -480,7 +480,7 @@ class QMNQuizManager {
480	$qids = implode(', ', $question_ids);
481	$question_sql = " AND question_id IN ({$qids}) ";
482	}
483	- $questions = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "mlw_questions WHERE quiz_id=%d AND deleted=0 {~~$question_sql~~} {~~$cat_query~~} {~~$order_by_sql~~} {~~$limit_sql~~}", $quiz_id));
484	}
485	$questions = apply_filters('qsm_load_questions_filter', $questions, $quiz_id, $quiz_options);
486	// Returns an array of all the loaded questions.


183	global $wpdb;
184	$question_id = isset($_POST['question_id']) ? intval($_POST['question_id']) : 0;
185	$answer = isset( $_POST['answer'] ) ? stripslashes_deep( $_POST['answer'] ) : '';
186	+ $question_array = $wpdb->get_row( $wpdb->prepare( "SELECT answer_array, question_answer_info FROM {$wpdb->prefix}mlw_questions WHERE question_id = (%d)", $question_id ), 'ARRAY_A' );
187	$answer_array = unserialize($question_array['answer_array']);
188	$correct_info_text = isset( $question_array['question_answer_info'] ) ? html_entity_decode( $question_array['question_answer_info'] ) : '';
189	$show_correct_info = isset( $_POST['show_correct_info'] ) ? sanitize_text_field( $_POST['show_correct_info'] ) : 0;

457	}
458	$question_ids = apply_filters('qsm_load_questions_ids', $question_ids, $quiz_id, $quiz_options);
459	$question_sql = implode(', ', $question_ids);
460	+ $questions = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id IN (%1s) %2s %3s %4s", $question_sql, $cat_query, $order_by_sql, $limit_sql ));
461
462	// If we are not using randomization, we need to put the questions in the order of the new question editor.
463	// If a user has saved the pages in the question editor but still uses the older pagination options

480	$qids = implode(', ', $question_ids);
481	$question_sql = " AND question_id IN ({$qids}) ";
482	}
483	+ $questions = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "mlw_questions WHERE quiz_id=%d AND deleted=0 {%1s} {%2s} {%3s} {%4s}", $quiz_id, $question_sql, $question_sql, $order_by_sql, $limit_sql));
484	}
485	$questions = apply_filters('qsm_load_questions_filter', $questions, $quiz_id, $quiz_options);
486	// Returns an array of all the loaded questions.

php/classes/class-qsm-install.php CHANGED Viewed

	@@ -1615,7 +1615,7 @@ class QSM_Install {
1615	{
1616	$sql = "ALTER TABLE ".$table_name." ADD last_activity DATETIME NOT NULL AFTER theme_selected";
1617	$results = $wpdb->query( $sql );
1618	- $update_sql = "UPDATE ~~".$~~table_name." SET last_activity='".date("Y-m-d H:i:s")~~."'"~~;
1619	$results = $wpdb->query( $update_sql );
1620	}
1621
	@@ -1624,28 +1624,28 @@ class QSM_Install {
1624	{
1625	$sql = "ALTER TABLE ".$table_name." ADD require_log_in INT NOT NULL AFTER last_activity";
1626	$results = $wpdb->query( $sql );
1627	- $update_sql = "UPDATE ~~".$~~table_name." SET require_log_in='0'";
1628	$results = $wpdb->query( $update_sql );
1629	}
1630	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'require_log_in_text'") != "require_log_in_text")
1631	{
1632	$sql = "ALTER TABLE ".$table_name." ADD require_log_in_text TEXT NOT NULL AFTER require_log_in";
1633	$results = $wpdb->query( $sql );
1634	- $update_sql = "UPDATE ".$table_name." SET require_log_in_text='Enter Text Here'";
1635	$results = $wpdb->query( $update_sql );
1636	}
1637	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'limit_total_entries'") != "limit_total_entries")
1638	{
1639	$sql = "ALTER TABLE ".$table_name." ADD limit_total_entries INT NOT NULL AFTER require_log_in_text";
1640	$results = $wpdb->query( $sql );
1641	- $update_sql = "UPDATE ~~".$~~table_name." SET limit_total_entries='0'";
1642	$results = $wpdb->query( $update_sql );
1643	}
1644	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'limit_total_entries_text'") != "limit_total_entries_text")
1645	{
1646	$sql = "ALTER TABLE ".$table_name." ADD limit_total_entries_text TEXT NOT NULL AFTER limit_total_entries";
1647	$results = $wpdb->query( $sql );
1648	- $update_sql = "UPDATE ~~".$~~table_name." SET limit_total_entries_text='Enter Text Here'";
1649	$results = $wpdb->query( $update_sql );
1650	}
1651
	@@ -1655,13 +1655,13 @@ class QSM_Install {
1655	$sql = "ALTER TABLE ".$table_name." ADD scheduled_timeframe TEXT NOT NULL AFTER limit_total_entries_text";
1656	$results = $wpdb->query( $sql );
1657	$update_sql = "UPDATE ".$table_name." SET scheduled_timeframe=''";
1658	- $results = $wpdb->query( $update_sql );
1659	}
1660	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'scheduled_timeframe_text'") != "scheduled_timeframe_text")
1661	{
1662	$sql = "ALTER TABLE ".$table_name." ADD scheduled_timeframe_text TEXT NOT NULL AFTER scheduled_timeframe";
1663	$results = $wpdb->query( $sql );
1664	- $update_sql = "UPDATE ~~".$~~table_name." SET scheduled_timeframe_text='Enter Text Here'";
1665	$results = $wpdb->query( $update_sql );
1666	}
1667
	@@ -1670,14 +1670,14 @@ class QSM_Install {
1670	{
1671	$sql = "ALTER TABLE ".$table_name." ADD disable_answer_onselect INT NOT NULL AFTER scheduled_timeframe_text";
1672	$results = $wpdb->query( $sql );
1673	- $update_sql = "UPDATE ~~".$~~table_name." SET disable_answer_onselect=0";
1674	$results = $wpdb->query( $update_sql );
1675	}
1676	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'ajax_show_correct'") != "ajax_show_correct")
1677	{
1678	$sql = "ALTER TABLE ".$table_name." ADD ajax_show_correct INT NOT NULL AFTER disable_answer_onselect";
1679	$results = $wpdb->query( $sql );
1680	- $update_sql = "UPDATE ~~".$~~table_name." SET ajax_show_correct=0";
1681	$results = $wpdb->query( $update_sql );
1682	}
1683
	@@ -1690,7 +1690,7 @@ class QSM_Install {
1690	$results = $wpdb->query( $sql );
1691	$sql = "ALTER TABLE ".$table_name." ADD hints TEXT NOT NULL AFTER comments";
1692	$results = $wpdb->query( $sql );
1693	- $update_sql = "UPDATE ~~".$~~table_name." SET comments=1, hints=''";
1694	$results = $wpdb->query( $update_sql );
1695	}
1696	//Update 0.8
	@@ -1698,7 +1698,7 @@ class QSM_Install {
1698	{
1699	$sql = "ALTER TABLE ".$table_name." ADD question_order INT NOT NULL AFTER hints";
1700	$results = $wpdb->query( $sql );
1701	- $update_sql = "UPDATE ~~".$~~table_name." SET question_order=0";
1702	$results = $wpdb->query( $update_sql );
1703	}
1704
	@@ -1706,7 +1706,7 @@ class QSM_Install {
1706	{
1707	$sql = "ALTER TABLE ".$table_name." ADD question_type INT NOT NULL AFTER question_order";
1708	$results = $wpdb->query( $sql );
1709	- $update_sql = "UPDATE ~~".$~~table_name." SET question_type=0";
1710	$results = $wpdb->query( $update_sql );
1711	}
1712
	@@ -1716,7 +1716,7 @@ class QSM_Install {
1716	$sql = "ALTER TABLE ".$table_name." ADD question_answer_info TEXT NOT NULL AFTER correct_answer";
1717	$results = $wpdb->query( $sql );
1718	$update_sql = "UPDATE ".$table_name." SET question_answer_info=''";
1719	- $results = $wpdb->query( $update_sql );
1720	}
1721
1722	//Update 2.5.1
	@@ -1725,7 +1725,7 @@ class QSM_Install {
1725	$sql = "ALTER TABLE ".$table_name." ADD answer_array TEXT NOT NULL AFTER question_name";
1726	$results = $wpdb->query( $sql );
1727	$update_sql = "UPDATE ".$table_name." SET answer_array=''";
1728	- $results = $wpdb->query( $update_sql );
1729	}
1730
1731	//Update 3.1.1
	@@ -1734,7 +1734,7 @@ class QSM_Install {
1734	$sql = "ALTER TABLE ".$table_name." ADD question_settings TEXT NOT NULL AFTER question_type";
1735	$results = $wpdb->query( $sql );
1736	$update_sql = "UPDATE ".$table_name." SET question_settings=''";
1737	- $results = $wpdb->query( $update_sql );
1738	}
1739
1740	//Update 4.0.0
	@@ -1743,7 +1743,7 @@ class QSM_Install {
1743	$sql = "ALTER TABLE ".$table_name." ADD category TEXT NOT NULL AFTER question_settings";
1744	$results = $wpdb->query( $sql );
1745	$update_sql = "UPDATE ".$table_name." SET category=''";
1746	- $results = $wpdb->query( $update_sql );
1747	}
1748
1749	//Update 4.0.0
	@@ -1751,7 +1751,7 @@ class QSM_Install {
1751	{
1752	$sql = "ALTER TABLE ".$table_name." ADD question_type_new TEXT NOT NULL AFTER question_type";
1753	$results = $wpdb->query( $sql );
1754	- $update_sql = "UPDATE ~~".$~~table_name." SET question_type_new=question_type";
1755	$results = $wpdb->query( $update_sql );
1756	}
1757
	@@ -1778,7 +1778,7 @@ class QSM_Install {
1778	{
1779	$sql = "ALTER TABLE ".$table_name." ADD user INT NOT NULL AFTER phone";
1780	$results = $wpdb->query( $sql );
1781	- $update_sql = "UPDATE ~~".$~~table_name." SET user=0";
1782	$results = $wpdb->query( $update_sql );
1783	}
1784
	@@ -1786,7 +1786,7 @@ class QSM_Install {
1786	if( $wpdb->get_var( "SHOW COLUMNS FROM $table_name LIKE 'user_ip'" ) != "user_ip" ) {
1787	$sql = "ALTER TABLE $table_name ADD user_ip TEXT NOT NULL AFTER user";
1788	$results = $wpdb->query( $sql );
1789	- $update_sql = "UPDATE $table_name SET user_ip='Unknown'";
1790	$results = $wpdb->query( $update_sql );
1791	}
1792	//Update 7.1.11


1615	{
1616	$sql = "ALTER TABLE ".$table_name." ADD last_activity DATETIME NOT NULL AFTER theme_selected";
1617	$results = $wpdb->query( $sql );
1618	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET last_activity='%s'", date("Y-m-d H:i:s") );
1619	$results = $wpdb->query( $update_sql );
1620	}
1621

1624	{
1625	$sql = "ALTER TABLE ".$table_name." ADD require_log_in INT NOT NULL AFTER last_activity";
1626	$results = $wpdb->query( $sql );
1627	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET require_log_in='%d'", '0' );
1628	$results = $wpdb->query( $update_sql );
1629	}
1630	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'require_log_in_text'") != "require_log_in_text")
1631	{
1632	$sql = "ALTER TABLE ".$table_name." ADD require_log_in_text TEXT NOT NULL AFTER require_log_in";
1633	$results = $wpdb->query( $sql );
1634	+ $update_sql = $wpdb->prepare( "UPDATE ".$table_name." SET require_log_in_text='%s'", 'Enter Text Here' );
1635	$results = $wpdb->query( $update_sql );
1636	}
1637	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'limit_total_entries'") != "limit_total_entries")
1638	{
1639	$sql = "ALTER TABLE ".$table_name." ADD limit_total_entries INT NOT NULL AFTER require_log_in_text";
1640	$results = $wpdb->query( $sql );
1641	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET limit_total_entries='%d'", '0' );
1642	$results = $wpdb->query( $update_sql );
1643	}
1644	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'limit_total_entries_text'") != "limit_total_entries_text")
1645	{
1646	$sql = "ALTER TABLE ".$table_name." ADD limit_total_entries_text TEXT NOT NULL AFTER limit_total_entries";
1647	$results = $wpdb->query( $sql );
1648	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET limit_total_entries_text='%s'", 'Enter Text Here' );
1649	$results = $wpdb->query( $update_sql );
1650	}
1651

1655	$sql = "ALTER TABLE ".$table_name." ADD scheduled_timeframe TEXT NOT NULL AFTER limit_total_entries_text";
1656	$results = $wpdb->query( $sql );
1657	$update_sql = "UPDATE ".$table_name." SET scheduled_timeframe=''";
1658	+ $results = $wpdb->query( stripslashes( esc_sql( $update_sql ) ) );
1659	}
1660	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'scheduled_timeframe_text'") != "scheduled_timeframe_text")
1661	{
1662	$sql = "ALTER TABLE ".$table_name." ADD scheduled_timeframe_text TEXT NOT NULL AFTER scheduled_timeframe";
1663	$results = $wpdb->query( $sql );
1664	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET scheduled_timeframe_text='%s'", 'Enter Text Here' );
1665	$results = $wpdb->query( $update_sql );
1666	}
1667

1670	{
1671	$sql = "ALTER TABLE ".$table_name." ADD disable_answer_onselect INT NOT NULL AFTER scheduled_timeframe_text";
1672	$results = $wpdb->query( $sql );
1673	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET disable_answer_onselect=%d", '0' );
1674	$results = $wpdb->query( $update_sql );
1675	}
1676	if($wpdb->get_var("SHOW COLUMNS FROM ".$table_name." LIKE 'ajax_show_correct'") != "ajax_show_correct")
1677	{
1678	$sql = "ALTER TABLE ".$table_name." ADD ajax_show_correct INT NOT NULL AFTER disable_answer_onselect";
1679	$results = $wpdb->query( $sql );
1680	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET ajax_show_correct=%d", '0' );
1681	$results = $wpdb->query( $update_sql );
1682	}
1683

1690	$results = $wpdb->query( $sql );
1691	$sql = "ALTER TABLE ".$table_name." ADD hints TEXT NOT NULL AFTER comments";
1692	$results = $wpdb->query( $sql );
1693	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET comments=%d, hints=''", '1' );
1694	$results = $wpdb->query( $update_sql );
1695	}
1696	//Update 0.8

1698	{
1699	$sql = "ALTER TABLE ".$table_name." ADD question_order INT NOT NULL AFTER hints";
1700	$results = $wpdb->query( $sql );
1701	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET question_order=%d", '0' );
1702	$results = $wpdb->query( $update_sql );
1703	}
1704

1706	{
1707	$sql = "ALTER TABLE ".$table_name." ADD question_type INT NOT NULL AFTER question_order";
1708	$results = $wpdb->query( $sql );
1709	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET question_type=%d", '0' );
1710	$results = $wpdb->query( $update_sql );
1711	}
1712

1716	$sql = "ALTER TABLE ".$table_name." ADD question_answer_info TEXT NOT NULL AFTER correct_answer";
1717	$results = $wpdb->query( $sql );
1718	$update_sql = "UPDATE ".$table_name." SET question_answer_info=''";
1719	+ $results = $wpdb->query( stripslashes( esc_sql( $update_sql ) ) );
1720	}
1721
1722	//Update 2.5.1

1725	$sql = "ALTER TABLE ".$table_name." ADD answer_array TEXT NOT NULL AFTER question_name";
1726	$results = $wpdb->query( $sql );
1727	$update_sql = "UPDATE ".$table_name." SET answer_array=''";
1728	+ $results = $wpdb->query( stripslashes( esc_sql( $update_sql ) ) );
1729	}
1730
1731	//Update 3.1.1

1734	$sql = "ALTER TABLE ".$table_name." ADD question_settings TEXT NOT NULL AFTER question_type";
1735	$results = $wpdb->query( $sql );
1736	$update_sql = "UPDATE ".$table_name." SET question_settings=''";
1737	+ $results = $wpdb->query( stripslashes( esc_sql( $update_sql ) ) );
1738	}
1739
1740	//Update 4.0.0

1743	$sql = "ALTER TABLE ".$table_name." ADD category TEXT NOT NULL AFTER question_settings";
1744	$results = $wpdb->query( $sql );
1745	$update_sql = "UPDATE ".$table_name." SET category=''";
1746	+ $results = $wpdb->query( stripslashes( esc_sql( $update_sql ) ) );
1747	}
1748
1749	//Update 4.0.0

1751	{
1752	$sql = "ALTER TABLE ".$table_name." ADD question_type_new TEXT NOT NULL AFTER question_type";
1753	$results = $wpdb->query( $sql );
1754	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET question_type_new=%s", 'question_type' );
1755	$results = $wpdb->query( $update_sql );
1756	}
1757

1778	{
1779	$sql = "ALTER TABLE ".$table_name." ADD user INT NOT NULL AFTER phone";
1780	$results = $wpdb->query( $sql );
1781	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET user=%d", '0' );
1782	$results = $wpdb->query( $update_sql );
1783	}
1784

1786	if( $wpdb->get_var( "SHOW COLUMNS FROM $table_name LIKE 'user_ip'" ) != "user_ip" ) {
1787	$sql = "ALTER TABLE $table_name ADD user_ip TEXT NOT NULL AFTER user";
1788	$results = $wpdb->query( $sql );
1789	+ $update_sql = $wpdb->prepare( "UPDATE {$table_name} SET user_ip='%s'", 'Unknown' );
1790	$results = $wpdb->query( $update_sql );
1791	}
1792	//Update 7.1.11

php/gdpr.php CHANGED Viewed

	@@ -97,13 +97,13 @@ function qsm_data_exporter( $email, $page = 1 ) {
97	}
98
99	// Calculate query range.
100	- $total = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(result_id) FROM {$wpdb->prefix}mlw_results WHERE ~~$user_sql~~ email = '%s'", $email ) );
101	$per_page = 25;
102	$begin = $per_page * ( $page - 1 );
103	$remaining = $total - ( $page * $per_page );
104
105	// Get the results.
106	- $results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_results WHERE ~~$user_sql~~ email = '%s' ORDER BY result_id DESC LIMIT %d, %d", $email, $begin, $per_page ) );
107
108	// Cycle through adding to array.
109	foreach ( $results as $result ) {


97	}
98
99	// Calculate query range.
100	+ $total = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(result_id) FROM {$wpdb->prefix}mlw_results WHERE %1s email = '%2s'", $user_sql, $email ) );
101	$per_page = 25;
102	$begin = $per_page * ( $page - 1 );
103	$remaining = $total - ( $page * $per_page );
104
105	// Get the results.
106	+ $results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_results WHERE %1s email = '%2s' ORDER BY result_id DESC LIMIT %d, %d", $user_sql, $email, $begin, $per_page ) );
107
108	// Cycle through adding to array.
109	foreach ( $results as $result ) {

php/question-types.php CHANGED Viewed

	@@ -1330,7 +1330,8 @@ function qsm_question_title_func( $question, $question_type = '', $new_question_
1330	$question_display .= "<span class='mlw_qmn_new_question'>" . sanitize_text_field( htmlspecialchars_decode( $new_question_title, ENT_QUOTES ) ) . '</span>';
1331	$polar_extra_class .= ' qsm_remove_bold';
1332	}
1333	- ~~$question_display .= "<span class='mlw_qmn_question {$polar_extra_class}' >" . htmlspecialchars_decode( do_shortcode( $question_title ), ENT_QUOTES ) . $deselect_answer . '</span>';~~

1334	return $question_display;
1335	}
1336	?>


1330	$question_display .= "<span class='mlw_qmn_new_question'>" . sanitize_text_field( htmlspecialchars_decode( $new_question_title, ENT_QUOTES ) ) . '</span>';
1331	$polar_extra_class .= ' qsm_remove_bold';
1332	}
1333	+
1334	+ $question_display .= "<span class='mlw_qmn_question {$polar_extra_class}' >" . do_shortcode( htmlspecialchars_decode( $question_title, ENT_QUOTES )) . $deselect_answer . '</span>';
1335	return $question_display;
1336	}
1337	?>

php/rest-api.php CHANGED Viewed

	@@ -91,20 +91,20 @@ function qsm_rest_get_bank_questions( WP_REST_Request $request ){
91	$category = isset($_REQUEST['category']) ? sanitize_text_field( $_REQUEST['category'] ) : '';
92	$category_query = '';
93	if($category){
94	- $category_query = ' AND category = "' . $category . '"';
95	- }
96	- $total_count_query = $wpdb->get_row( "SELECT COUNT(question_id) as total_question FROM {$wpdb->prefix}mlw_questions WHERE deleted='0' AND deleted_question_bank='0'$category_query", 'ARRAY_A' );
97	$total_count = isset($total_count_query['total_question']) ? $total_count_query['total_question'] : 0;
98	- $settings = (array) get_option( 'qmn-settings' );
99	$limit = 20;
100	if ( isset( $settings['items_per_page_question_bank'] ) ) {
101	$limit = $settings['items_per_page_question_bank'];
102	}
103	$limit = $limit == '' \|\| $limit == 0 ? 20 : $limit;
104	$total_pages = ceil($total_count / $limit);
105	- $pageno = isset($_REQUEST['page']) ? $_REQUEST['page'] : 1;
106	$offset = ($pageno-1) * $limit;
107	- $questions = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_questions WHERE deleted='0' AND deleted_question_bank='0~~'$category_query~~ ORDER BY question_order ASC LIMIT $offset, $limit", 'ARRAY_A' );
108	$quiz_table = $wpdb->prefix . 'mlw_quizzes';
109	$question_array = array();
110	$question_array['pagination'] = array(
	@@ -115,7 +115,7 @@ function qsm_rest_get_bank_questions( WP_REST_Request $request ){
115
116	$question_array['questions'] = array();
117	foreach ( $questions as $question ) {
118	- $quiz_name = $wpdb->get_row('SELECT quiz_name FROM '. ~~$quiz_table . '~~ WHERE quiz_id = ' . $question['quiz_id'], ARRAY_A );
119	$question['page'] = isset( $question['page'] ) ? $question['page'] : 0;
120
121	$answers = maybe_unserialize( $question['answer_array'] );
	@@ -174,7 +174,7 @@ function qsm_get_result_of_quiz( WP_REST_Request $request ){
174	$quiz_id = isset($request['id']) ? $request['id'] : 0;
175	if($quiz_id > 0){
176	global $wpdb;
177	- $mlw_quiz_data = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_results WHERE deleted='0' AND quiz_id = ~~$quiz_id~~ LIMIT 0,40" );
178	if($mlw_quiz_data){
179	$result_data = array();
180	foreach ($mlw_quiz_data as $mlw_quiz_info) {
	@@ -415,8 +415,8 @@ function qsm_rest_get_questions( WP_REST_Request $request ) {
415	global $wpdb;
416	$quiz_table = $wpdb->prefix . 'mlw_quizzes';
417	$question_array = array();
418	- foreach ( $questions as $question ) {
419	- $quiz_name = $wpdb->get_row('SELECT quiz_name FROM '. ~~$quiz_table . '~~ WHERE quiz_id = ' . $question['quiz_id'], ARRAY_A );
420	$question['page'] = isset( $question['page'] ) ? $question['page'] : 0;
421	$question_data = array(
422	'id' => $question['question_id'],


91	$category = isset($_REQUEST['category']) ? sanitize_text_field( $_REQUEST['category'] ) : '';
92	$category_query = '';
93	if($category){
94	+ $category_query = " AND category = '$category'";
95	+ }
96	+ $total_count_query = $wpdb->get_row( stripslashes( $wpdb->prepare( "SELECT COUNT(question_id) as total_question FROM {$wpdb->prefix}mlw_questions WHERE deleted=0 AND deleted_question_bank=0%1s", $wpdb->esc_like( $category_query ) ) ), 'ARRAY_A' );
97	$total_count = isset($total_count_query['total_question']) ? $total_count_query['total_question'] : 0;
98	+ $settings = (array) get_option( 'qmn-settings' );
99	$limit = 20;
100	if ( isset( $settings['items_per_page_question_bank'] ) ) {
101	$limit = $settings['items_per_page_question_bank'];
102	}
103	$limit = $limit == '' \|\| $limit == 0 ? 20 : $limit;
104	$total_pages = ceil($total_count / $limit);
105	+ $pageno = isset($_REQUEST['page']) ? $_REQUEST['page'] : 1;
106	$offset = ($pageno-1) * $limit;
107	+ $questions = $wpdb->get_results( stripslashes( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_questions WHERE deleted = 0 AND deleted_question_bank = 0%1s ORDER BY question_order ASC LIMIT %2s, %3s", $wpdb->esc_like( $category_query ), $offset, $limit ) ) , 'ARRAY_A' );
108	$quiz_table = $wpdb->prefix . 'mlw_quizzes';
109	$question_array = array();
110	$question_array['pagination'] = array(

115
116	$question_array['questions'] = array();
117	foreach ( $questions as $question ) {
118	+ $quiz_name = $wpdb->get_row( $wpdb->prepare( 'SELECT quiz_name FROM %1s WHERE quiz_id = %d', $quiz_table, $question['quiz_id'] ), ARRAY_A );
119	$question['page'] = isset( $question['page'] ) ? $question['page'] : 0;
120
121	$answers = maybe_unserialize( $question['answer_array'] );

174	$quiz_id = isset($request['id']) ? $request['id'] : 0;
175	if($quiz_id > 0){
176	global $wpdb;
177	+ $mlw_quiz_data = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_results WHERE deleted='0' AND quiz_id = %d LIMIT 0,40", $quiz_id ) );
178	if($mlw_quiz_data){
179	$result_data = array();
180	foreach ($mlw_quiz_data as $mlw_quiz_info) {

415	global $wpdb;
416	$quiz_table = $wpdb->prefix . 'mlw_quizzes';
417	$question_array = array();
418	+ foreach ( $questions as $question ) {
419	+ $quiz_name = $wpdb->get_row( $wpdb->prepare( 'SELECT quiz_name FROM %1s WHERE quiz_id = %d', $quiz_table, $question['quiz_id'] ), ARRAY_A );
420	$question['page'] = isset( $question['page'] ) ? $question['page'] : 0;
421	$question_data = array(
422	'id' => $question['question_id'],

php/shortcodes.php CHANGED Viewed

	@@ -120,7 +120,7 @@ function qsm_generate_fb_header_metadata() {
120	}
121	global $mlwQuizMasterNext, $wpdb, $wp_query;
122	$result_id = sanitize_text_field($_GET['result_id']);
123	- $results_data = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}mlw_results WHERE unique_id = '$result_id'");
124	if ($results_data) {
125	// Prepare responses array.
126	if (is_serialized($results_data->quiz_results) && is_array(@unserialize($results_data->quiz_results))) {


120	}
121	global $mlwQuizMasterNext, $wpdb, $wp_query;
122	$result_id = sanitize_text_field($_GET['result_id']);
123	+ $results_data = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_results WHERE unique_id = '%s'", $result_id ) );
124	if ($results_data) {
125	// Prepare responses array.
126	if (is_serialized($results_data->quiz_results) && is_array(@unserialize($results_data->quiz_results))) {

php/template-variables.php CHANGED Viewed

	@@ -171,12 +171,12 @@ function qsm_variable_poll_result($content, $mlw_quiz_array, $variables){
171	global $wpdb;
172	$table_name = $wpdb->prefix . 'mlw_results';
173	$table_question = $wpdb->prefix . 'mlw_questions';
174	- $total_query = $wpdb->get_row('SELECT count(*) AS total_count FROM ~~' .~~ $table_name ~~. '~~ WHERE quiz_id = ' . $quiz_id,ARRAY_A);
175	$total_result = $total_query['total_count'];
176	- $ser_answer = $wpdb->get_row('SELECT answer_array FROM ~~' .~~ $table_question ~~. '~~ WHERE question_id = ' . $question_id,ARRAY_A);
177	$ser_answer_arry = unserialize($ser_answer['answer_array']);
178	$ser_answer_arry_change = array_filter(array_merge(array(0), $ser_answer_arry));
179	- $total_quiz_results = $wpdb->get_results('SELECT quiz_results FROM ~~' .~~ $table_name ~~. '~~ WHERE quiz_id = ' . $quiz_id,ARRAY_A);
180	$answer_array = array();
181	if($total_quiz_results){
182	foreach ($total_quiz_results as $key => $value) {
	@@ -347,7 +347,7 @@ function mlw_qmn_variable_quiz_links($content, $mlw_quiz_array) {
347	if (false !== strpos($content, '%RESULT_LINK%')) {
348	$result_link = $quiz_link;
349	if (isset($mlw_quiz_array['result_id'])) {
350	- $unique_id = $wpdb->get_var("SELECT `unique_id` FROM `{$wpdb->prefix}mlw_results` WHERE `quiz_id`='{~~$mlw_quiz_array['quiz_id']~~}' AND `result_id`='{$mlw_quiz_array['result_id']~~}'"~~);
351	$result_link = add_query_arg('result_id', $unique_id, $quiz_link);
352	}
353	$content = str_replace("%RESULT_LINK%", $result_link, $content);
	@@ -777,8 +777,8 @@ function qsm_end_results_rank($result_display, $qmn_quiz_options, $qmn_array_for
777	while (strpos($result_display, '%RANK%') !== false){
778	global $wpdb;
779	$mlw_quiz_id = $qmn_array_for_variables['quiz_id'];
780	- $mlw_result_id = $wpdb->get_var("SELECT MAX(`result_id`) FROM `{$wpdb->prefix}mlw_results` WHERE `quiz_id`='~~{$mlw_quiz_id}~~' AND `deleted`='0'");
781	- $mlw_result_data = $wpdb->get_results("SELECT `result_id`, `correct_score`, `point_score`, `quiz_results` FROM `{$wpdb->prefix}mlw_results` WHERE `quiz_id`='~~{$mlw_quiz_id}~~' AND `deleted`='0'");
782	if (!empty($mlw_result_data)) {
783	foreach ($mlw_result_data as $key => $mlw_eaches) {
784	$time_taken = 0;
	@@ -1008,7 +1008,7 @@ function qsm_questions_answers_shortcode_to_text($mlw_quiz_array, $qmn_question_
1008	$question_with_answer_text .= '<span class="qsm-text-correct-option qsm-text-user-correct-answer">' . htmlspecialchars_decode($single_answer[0], ENT_QUOTES) . '</span>';
1009	} else if (isset($single_answer[2]) && $single_answer[2] == 1) {
1010	$question_with_answer_text .= '<span class="qsm-text-correct-option">' . htmlspecialchars_decode($single_answer[0], ENT_QUOTES) . '</span>';
1011	- } else if (~~htmlspecialchars_decode(~~$answer[1], ~~ENT_QUOTES)~~ == $single_answer_option && $single_answer[2] !== 1) {
1012	$question_with_answer_text .= '<span class="qsm-text-wrong-option">' . htmlspecialchars_decode($single_answer[0], ENT_QUOTES) . '</span>';
1013	} else {
1014	$question_with_answer_text .= '<span class="qsm-text-simple-option">' . htmlspecialchars_decode($single_answer[0], ENT_QUOTES) . '</span>';


171	global $wpdb;
172	$table_name = $wpdb->prefix . 'mlw_results';
173	$table_question = $wpdb->prefix . 'mlw_questions';
174	+ $total_query = $wpdb->get_row( $wpdb->prepare( "SELECT count(*) AS total_count FROM {$table_name} WHERE quiz_id = %d", $quiz_id ),ARRAY_A);
175	$total_result = $total_query['total_count'];
176	+ $ser_answer = $wpdb->get_row( $wpdb->prepare( "'SELECT answer_array FROM {$table_question} WHERE question_id = %d", $question_id ) ,ARRAY_A);
177	$ser_answer_arry = unserialize($ser_answer['answer_array']);
178	$ser_answer_arry_change = array_filter(array_merge(array(0), $ser_answer_arry));
179	+ $total_quiz_results = $wpdb->get_results( $wpdb->prepare( "SELECT quiz_results FROM {$table_name} WHERE quiz_id = %d", $quiz_id ) ,ARRAY_A);
180	$answer_array = array();
181	if($total_quiz_results){
182	foreach ($total_quiz_results as $key => $value) {

347	if (false !== strpos($content, '%RESULT_LINK%')) {
348	$result_link = $quiz_link;
349	if (isset($mlw_quiz_array['result_id'])) {
350	+ $unique_id = $wpdb->get_var( $wpdb->prepare( "SELECT `unique_id` FROM `{$wpdb->prefix}mlw_results` WHERE `quiz_id`='{%1s}' AND `result_id`='{%2s}'", $mlw_quiz_array['quiz_id'], $mlw_quiz_array['result_id'] ) );
351	$result_link = add_query_arg('result_id', $unique_id, $quiz_link);
352	}
353	$content = str_replace("%RESULT_LINK%", $result_link, $content);

777	while (strpos($result_display, '%RANK%') !== false){
778	global $wpdb;
779	$mlw_quiz_id = $qmn_array_for_variables['quiz_id'];
780	+ $mlw_result_id = $wpdb->get_var( $wpdb->prepare( "SELECT MAX(`result_id`) FROM `{$wpdb->prefix}mlw_results` WHERE `quiz_id`='%d' AND `deleted`='0'", $mlw_quiz_id ) );
781	+ $mlw_result_data = $wpdb->get_results( $wpdb->prepare( "SELECT `result_id`, `correct_score`, `point_score`, `quiz_results` FROM `{$wpdb->prefix}mlw_results` WHERE `quiz_id`='%d' AND `deleted`='0'", $mlw_quiz_id ) );
782	if (!empty($mlw_result_data)) {
783	foreach ($mlw_result_data as $key => $mlw_eaches) {
784	$time_taken = 0;

1008	$question_with_answer_text .= '<span class="qsm-text-correct-option qsm-text-user-correct-answer">' . htmlspecialchars_decode($single_answer[0], ENT_QUOTES) . '</span>';
1009	} else if (isset($single_answer[2]) && $single_answer[2] == 1) {
1010	$question_with_answer_text .= '<span class="qsm-text-correct-option">' . htmlspecialchars_decode($single_answer[0], ENT_QUOTES) . '</span>';
1011	+ } else if ($answer[1] == $single_answer_option && $single_answer[2] !== 1) {
1012	$question_with_answer_text .= '<span class="qsm-text-wrong-option">' . htmlspecialchars_decode($single_answer[0], ENT_QUOTES) . '</span>';
1013	} else {
1014	$question_with_answer_text .= '<span class="qsm-text-simple-option">' . htmlspecialchars_decode($single_answer[0], ENT_QUOTES) . '</span>';

readme.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Contributors: quizsurvey,expresstech
3	Tags: quiz, survey, lead, test, score, exam, questionnaire, question,wordpress quiz plugin
4	Requires at least: 4.9
5	- Tested up to: 5.6
6	Requires PHP: 5.4
7	- Stable tag: 7.1.12
8	License: GPLv2
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -140,14 +140,20 @@ This is usually a theme conflict. You can [checkout out our common conflict solu
140
141	== Changelog ==
142
143	- = 7.1.12 (~~February~~ 22, ~~2020~~) =






144	* Bug: Fixed prevention of SQL injection while using result shortcode and question bank.
145	* Bug: Fixed the issue of broken [latex] shortcode in result and user dashboard page.
146	* Enhancement: Added option to end the quiz if answer is wrong.
147	* Enhancement: Added option to turn off the HTML auto complete.
148	* Enhancement: Modified background color to fix contrast ratios from SEO perspective.
149
150	- = 7.1.11 (January 27, ~~2020~~) =
151	* Bug: Fixed jquery issue while editing the result page.
152	* Bug: Added string translation for %POLL_RESULTS_X% variable.
153	* Bug: Fixed incorrect score while using point value with decimal.


2	Contributors: quizsurvey,expresstech
3	Tags: quiz, survey, lead, test, score, exam, questionnaire, question,wordpress quiz plugin
4	Requires at least: 4.9
5	+ Tested up to: 5.7
6	Requires PHP: 5.4
7	+ Stable tag: 7.1.13
8	License: GPLv2
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

140
141	== Changelog ==
142
143	+ = 7.1.13 (March 9, 2021) =
144	+ * Bug: Fixed several security issues.
145	+ * Bug: Fixed the issue of audio and video player not showing in question content
146	+ * Bug: Fixed the issue of [latex] shortcode not showing Red cross mark for incorrect option.
147	+ * Bug: Fixed the issue required field getting surpassed by spaces in contact form.
148	+
149	+ = 7.1.12 (February 22, 2021) =
150	* Bug: Fixed prevention of SQL injection while using result shortcode and question bank.
151	* Bug: Fixed the issue of broken [latex] shortcode in result and user dashboard page.
152	* Enhancement: Added option to end the quiz if answer is wrong.
153	* Enhancement: Added option to turn off the HTML auto complete.
154	* Enhancement: Modified background color to fix contrast ratios from SEO perspective.
155
156	+ = 7.1.11 (January 27, 2021) =
157	* Bug: Fixed jquery issue while editing the result page.
158	* Bug: Added string translation for %POLL_RESULTS_X% variable.
159	* Bug: Fixed incorrect score while using point value with decimal.

Quiz And Survey Master (Formerly Quiz Master Next) - Version 7.1.13

Version Description

Release Info

Code changes from version 7.1.12 to 7.1.13