Shared security patch analysis results
AI Used: claude_cli haikuComprehensive security analysis generated by AI for each confirmed CVE match. Click on a CVE to view the detailed writeup including vulnerability background, technical details, patch analysis, and PoC guide.
--- cache/quiz-master-next_10.3.1/blocks/block.php 2026-01-08 00:36:12.557968077 +0000+++ cache/quiz-master-next_10.3.2/blocks/block.php 2026-01-08 00:38:09.653069222 +0000@@ -35,7 +35,6 @@ add_action( 'enqueue_block_editor_assets', array( $this, 'register_block_scripts' ) ); add_action( 'rest_api_init', array( $this, 'register_editor_rest_routes' ) );- } /**@@ -64,7 +63,6 @@ ) ); }- } /**@@ -108,7 +106,7 @@ * Get hierarchical qsm_category */ private function hierarchical_qsm_category( $cat = 0 ) {- $category = [];+ $category = array(); $next = get_categories( array( 'taxonomy' => 'qsm_category', 'hide_empty' => false,@@ -364,7 +362,6 @@ ); //save pages and question order inside page : qsm_ajax_save_pages()- } /**@@ -661,9 +658,7 @@ 'status' => 'success', 'msg' => __( 'Quiz saved successfully', 'quiz-master-next' ), );- }- } QSMBlock::get_instance();
Vulnerability Existed: no No Security Vulnerabilities Detected - Code Quality Changes Only Explanation: The diff shows only minor code style and formatting changes with no security implications: 1. **Whitespace removal** (lines 38, 66, 365, 661, 664): Empty lines removed for code consistency 2. **Array syntax standardization** (line 109): Changed `$category = [];` to `$category = array();` for PHP compatibility/style consistency None of these changes involve: - Input validation or sanitization - Authentication or authorization mechanisms - Cryptographic operations - Data handling or storage - API security - SQL queries or database operations - File operations - External dependencies The modifications are purely stylistic and do not address or introduce any security vulnerabilities. This appears to be a code formatting/linting update rather than a security patch.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/mlw_quizmaster2.php 2026-01-08 00:36:12.817983811 +0000+++ cache/quiz-master-next_10.3.2/mlw_quizmaster2.php 2026-01-08 00:38:09.945086968 +0000@@ -2,7 +2,7 @@ /** * Plugin Name: Quiz And Survey Master * Description: Easily and quickly add quizzes and surveys to your website.- * Version: 10.3.1+ * Version: 10.3.2 * Author: ExpressTech * Author URI: https://quizandsurveymaster.com/ * Plugin URI: https://expresstech.io/@@ -43,7 +43,7 @@ * @var string * @since 4.0.0 */- public $version = '10.3.1';+ public $version = '10.3.2'; /** * QSM Alert Manager Object@@ -619,7 +619,6 @@ ); $qsm_admin_messages = apply_filters( 'qsm_admin_messages_after', $qsm_admin_messages ); wp_localize_script( 'qsm_admin_js', 'qsm_admin_messages', $qsm_admin_messages );- } /**@@ -798,7 +797,7 @@ return; } $roles = (array) $user->roles;- if ( empty( $roles ) ) {+ if ( empty( $roles ) || !isset($roles[0]) || !is_string($roles[0]) ) { return; } $rolename = $roles[0];@@ -806,12 +805,11 @@ if ( ! $role ) { return; }- // Dynamically determine the capabilities to add based on the current user role. $capabilities_to_add = isset(${$rolename . '_capabilities'}) ? ${$rolename . '_capabilities'} : array(); $capabilities_to_add = apply_filters( 'qsm_default_user_capabilities',- isset(${$rolename . '_capabilities'}) ? array_unique( array_merge( $capabilities_to_add, $contributor_capabilities ) ) : [],+ isset(${$rolename . '_capabilities'}) ? array_unique( array_merge( $capabilities_to_add, $contributor_capabilities ) ) : array(), $user ); @@ -947,8 +945,8 @@ $question_terms_table_name = $wpdb->prefix . 'mlw_question_terms'; // List of tables and their columns- $tables = [- $quiz_table_name => [+ $tables = array(+ $quiz_table_name => array( 'quiz_id', 'quiz_name', 'message_before',@@ -1005,8 +1003,8 @@ 'quiz_taken', 'deleted', 'quiz_author_id',- ],- $question_table_name => [+ ),+ $question_table_name => array( 'question_id', 'quiz_id', 'question_name',@@ -1034,8 +1032,8 @@ 'category', 'deleted', 'deleted_question_bank',- ],- $results_table_name => [+ ),+ $results_table_name => array( 'result_id', 'quiz_id', 'quiz_name',@@ -1058,8 +1056,8 @@ 'form_type', 'page_name', 'page_url',- ],- $audit_table_name => [+ ),+ $audit_table_name => array( 'trail_id', 'action_user', 'action',@@ -1067,32 +1065,32 @@ 'quiz_name', 'form_data', 'time',- ],- $themes_table_name => [+ ),+ $themes_table_name => array( 'id', 'theme', 'theme_name', 'default_settings', 'theme_active',- ],- $quiz_themes_settings_table_name => [+ ),+ $quiz_themes_settings_table_name => array( 'id', 'theme_id', 'quiz_id', 'quiz_theme_settings', 'active_theme',- ],- $question_terms_table_name => [+ ),+ $question_terms_table_name => array( 'id', 'question_id', 'quiz_id', 'term_id', 'taxonomy',- ],- ];+ ),+ ); $response['message'] = ""; // Check all tables- $errors = [];+ $errors = array(); foreach ( $tables as $table_name => $columns ) { $error = $this->qsm_check_table_structure($table_name, $columns); if ( $error ) {@@ -1133,7 +1131,7 @@ return esc_html__("Table ", "quiz-master-next") . $table_name . esc_html__(" does not exist.", "quiz-master-next"); } $existing_columns = array_column($columns, 'Field');- $missing_columns = [];+ $missing_columns = array(); foreach ( $expected_columns as $column ) { if ( ! in_array($column, $existing_columns, true) ) { $missing_columns[] = $column;@@ -1243,7 +1241,7 @@ <?php esc_html_e( 'We need to upgrade your database so that you can enjoy the latest features.', 'quiz-master-next' ); ?><br> <?php /* translators: %s: HTML tag */- echo sprintf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' );+ printf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' ); ?> </p> <p class="category-action">
---
## Security Analysis Report: mlw_quizmaster2.php (10.3.1 → 10.3.2)
### Vulnerability 1
Vulnerability Existed: **yes**
**Type Juggling / Unsafe Array Access - CWE-843** - mlw_quizmaster2.php (Lines 800-804)
**Old Code:**
```php
$roles = (array) $user->roles;
if ( empty( $roles ) ) {
return;
}
$rolename = $roles[0];
```
**Fixed Code:**
```php
$roles = (array) $user->roles;
if ( empty( $roles ) || !isset($roles[0]) || !is_string($roles[0]) ) {
return;
}
$rolename = $roles[0];
```
**Explanation:**
The original code performed an unsafe array access on `$roles[0]` without validating that the index exists or that the value is a string. This could lead to:
1. **Array index access on empty array**: If `$roles` contained empty elements, `$roles[0]` could be empty/falsy.
2. **Type confusion**: `$roles[0]` could be non-string data, which when passed to `get_role()` and used in variable variables (e.g., `${$rolename . '_capabilities'}`) could cause unexpected behavior or security issues.
3. **Variable variable exploitation**: The code uses variable variables (`${$rolename . '_capabilities'}`). An attacker controlling the role name could potentially access unintended variables.
The fix adds validation to ensure `$roles[0]` exists and is a string, preventing type confusion and unsafe variable variable access.
---
### Vulnerability 2
Vulnerability Existed: **yes**
**Improper Output Encoding / Cross-Site Scripting (XSS) - CWE-79** - mlw_quizmaster2.php (Line 1244)
**Old Code:**
```php
echo sprintf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' );
```
**Fixed Code:**
```php
printf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' );
```
**Explanation:**
The original code uses `echo sprintf()` to output a localized string with HTML tags. While `esc_html__()` escapes the localized string for HTML context, it also escapes the HTML tags (`<b>` and `</b>`) being passed as parameters, resulting in literal escaped output ("<b>") instead of actual bold formatting.
The fix uses `printf()` directly without `echo`, allowing the HTML tags to pass through properly. However, this is a **functional fix** rather than a security fix—the original code wasn't vulnerable to XSS because `esc_html__()` was preventing the tags from executing. The fix improves functionality by allowing intentional HTML markup while maintaining security through the use of static, hardcoded HTML tags that don't come from user input.
**Note:** This change assumes the HTML tags are intentional and hardcoded. If dynamic user-controlled data were being passed, additional sanitization would be required.
---
### Additional Changes (Non-Security)
The diff also includes:
- Version number updates (10.3.1 → 10.3.2)
- Code style changes (short array syntax `[]` → `array()`)
- Whitespace cleanup
- Default parameter changes (`[]` → `array()` for consistency)
These are not security-related changes.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/about-page.php 2026-01-08 00:36:12.825984295 +0000+++ cache/quiz-master-next_10.3.2/php/admin/about-page.php 2026-01-08 00:38:09.953087453 +0000@@ -21,20 +21,20 @@ if ( ! current_user_can( 'delete_others_qsm_quizzes' ) ) { return; }- $tab_array = [- [+ $tab_array = array(+ array( 'slug' => 'about', 'title' => 'About',- ],- [+ ),+ array( 'slug' => 'help', 'title' => 'Help',- ],- [+ ),+ array( 'slug' => 'system_info', 'title' => 'System Info',- ],- ];+ ),+ ); $active_tab = isset($_GET['tab']) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : 'about'; // Creates the widgets.
I'll analyze this code diff for security vulnerabilities. **Vulnerability Existed: no** No vulnerabilities were introduced or fixed in this diff. **Analysis:** This diff contains only a syntax change from short array syntax (`[]`) to long array syntax (`array()`). This is a PHP version compatibility update, not a security fix. Key observations: 1. **No security changes**: The modification is purely syntactic - converting PHP 5.4+ short array syntax to older PHP array syntax. 2. **Input sanitization unchanged**: The line containing the actual security-relevant code remains identical: ```php $active_tab = isset($_GET['tab']) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : 'about'; ``` This line properly sanitizes user input from `$_GET['tab']`, which was already secure before and after the diff. 3. **No vulnerability fixed**: There is no vulnerable code being corrected here. The array definition itself has no security implications regardless of which syntax is used. 4. **Authorization check in place**: The function includes proper capability checking (`current_user_can()`) before proceeding, which is unaffected by this change. **Conclusion**: This diff represents a code style/compatibility change with no security impact, neither introducing new vulnerabilities nor fixing existing ones.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/addons-page.php 2026-01-08 00:36:12.825984295 +0000+++ cache/quiz-master-next_10.3.2/php/admin/addons-page.php 2026-01-08 00:38:09.957087697 +0000@@ -180,7 +180,7 @@ </a> </div> </div>- <?php $count++;+ <?php ++$count; } ?> </div> <?php } ?>
Vulnerability Existed: no No CWE Vulnerability Detected Old Code: ```php <?php $count++; ``` Fixed Code: ```php <?php ++$count; ``` Explanation: This change modifies the increment operator from postfix (`$count++`) to prefix (`++$count`). While this is a stylistic/performance improvement in C-like languages (prefix increment avoids creating a temporary variable), in PHP the practical security difference is negligible since the return value of the increment is not being used in this context. This is not a security fix - it's a code quality improvement. The change does not address any vulnerability, does not introduce any new risks, and does not modify security-sensitive logic. Both versions are equally safe in this context, as the variable is simply being incremented as a counter in a loop without the result being utilized.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/admin-dashboard.php 2026-01-08 00:36:12.825984295 +0000+++ cache/quiz-master-next_10.3.2/php/admin/admin-dashboard.php 2026-01-08 00:38:09.957087697 +0000@@ -13,12 +13,12 @@ * @since 7.3.5 * @return array $blog_data */-function qsm_get_blog_data_rss(){- include_once( ABSPATH . WPINC . '/feed.php' );+function qsm_get_blog_data_rss() {+ include_once ABSPATH . WPINC . '/feed.php'; $blog_data_obj = fetch_feed( 'https://quizandsurveymaster.com/feed/' );- $maxitems = 0;+ $maxitems = 0; if ( ! is_wp_error( $blog_data_obj ) ) {- $maxitems = $blog_data_obj->get_item_quantity( 2 );+ $maxitems = $blog_data_obj->get_item_quantity( 2 ); $blog_data_items = $blog_data_obj->get_items( 0, $maxitems ); } $blog_data = array();@@ -55,31 +55,31 @@ function qsm_check_plugins_compatibility() { global $mlwQuizMasterNext; - if ( class_exists('QSM_Installer') ) {+ if ( class_exists( 'QSM_Installer' ) ) { $plugin_path = WP_PLUGIN_DIR . '/qsm-installer/qsm-installer.php';- $plugin_data = get_plugin_data( $plugin_path );+ $plugin_data = get_plugin_data( $plugin_path ); - // Check if the plugin version is below 2.0.0- if ( isset( $plugin_data['Version'] ) && version_compare( $plugin_data['Version'], '2.0.0', '<' ) ) {+ // Check if the plugin version is below 2.0.0+ if ( isset( $plugin_data['Version'] ) && version_compare( $plugin_data['Version'], '2.0.0', '<' ) ) { $account_url = esc_url( qsm_get_utm_link( 'https://quizandsurveymaster.com/account', 'dashboard', 'useful_links', 'qsm_installer_update' ) ); ?> <div class="qsm-dashboard-help-center qsm-dashboard-warning-container"> <div class="qsm-dashboard-error-content">- <h3><?php esc_html_e('Update Available', 'quiz-master-next'); ?></h3>- <p><?php esc_html_e('We recommend downloading the latest version of the QSM Installer for a seamless quiz and survey creation experience.', 'quiz-master-next'); ?></p>- <a href="<?php echo esc_url($account_url); ?>" class="qsm-dashboard-error-btn" target="_blank">- <?php esc_html_e('Get Latest QSM Installer', 'quiz-master-next'); ?>+ <h3><?php esc_html_e( 'Update Available', 'quiz-master-next' ); ?></h3>+ <p><?php esc_html_e( 'We recommend downloading the latest version of the QSM Installer for a seamless quiz and survey creation experience.', 'quiz-master-next' ); ?></p>+ <a href="<?php echo esc_url( $account_url ); ?>" class="qsm-dashboard-error-btn" target="_blank">+ <?php esc_html_e( 'Get Latest QSM Installer', 'quiz-master-next' ); ?> </a> </div> </div>- <?php+ <?php } } } -function qsm_dashboard_display_change_log_section(){+function qsm_dashboard_display_change_log_section() { global $wp_filesystem, $mlwQuizMasterNext;- require_once ( ABSPATH . '/wp-admin/includes/file.php' );+ require_once ABSPATH . '/wp-admin/includes/file.php'; WP_Filesystem(); $change_log = array(); $readme_file = QSM_PLUGIN_PATH . 'readme.txt';@@ -88,9 +88,9 @@ if ( $file_content ) { $parts = explode( '== Changelog ==', $file_content, 2 ); if ( isset( $parts[1] ) ) {- preg_match_all('/\* (.+)/', $parts[1], $matches);- if ( ! empty($matches[1]) ) {- $change_log = array_slice($matches[1], 0, 5);+ preg_match_all( '/\* (.+)/', $parts[1], $matches );+ if ( ! empty( $matches[1] ) ) {+ $change_log = array_slice( $matches[1], 0, 5 ); } } }@@ -122,7 +122,7 @@ <p><?php echo wp_kses_post( $cl_str ); ?></p> </li> <?php- $i ++;+ ++$i; } } ?>@@ -137,56 +137,56 @@ <?php } -function qsm_dashboard_display_need_help_section(){+function qsm_dashboard_display_need_help_section() { // Define sections- $sections = [- [- 'title' => __('Documentation', 'quiz-master-next'),- 'description' => __('Find detailed guides and step-by-step instructions to help you explore and utilize all the features of the QSM plugin effectively.', 'quiz-master-next'),+ $sections = array(+ array(+ 'title' => __( 'Documentation', 'quiz-master-next' ),+ 'description' => __( 'Find detailed guides and step-by-step instructions to help you explore and utilize all the features of the QSM plugin effectively.', 'quiz-master-next' ), 'image' => QSM_PLUGIN_URL . 'assets/contact.png', 'alt' => 'contact.png',- 'link' => qsm_get_plugin_link('docs', 'dashboard', 'next_steps', 'dashboard_read_document'),- ],- [- 'title' => __('Demos', 'quiz-master-next'),- 'description' => __('Explore live examples of quizzes and surveys built with QSM to see its features in action.', 'quiz-master-next'),+ 'link' => qsm_get_plugin_link( 'docs', 'dashboard', 'next_steps', 'dashboard_read_document' ),+ ),+ array(+ 'title' => __( 'Demos', 'quiz-master-next' ),+ 'description' => __( 'Explore live examples of quizzes and surveys built with QSM to see its features in action.', 'quiz-master-next' ), 'image' => QSM_PLUGIN_URL . 'assets/camera.png', 'alt' => 'camera.png',- 'link' => qsm_get_utm_link('https://demo.quizandsurveymaster.com/', 'demos', 'dashboard', 'useful_links', 'dashboard_demos'),+ 'link' => qsm_get_utm_link( 'https://demo.quizandsurveymaster.com/', 'demos', 'dashboard', 'useful_links', 'dashboard_demos' ), - ],- [- 'title' => __('FAQ', 'quiz-master-next'),- 'description' => __('Get quick answers to commonly asked questions about QSM, covering troubleshooting, setup, and best practices.', 'quiz-master-next'),+ ),+ array(+ 'title' => __( 'FAQ', 'quiz-master-next' ),+ 'description' => __( 'Get quick answers to commonly asked questions about QSM, covering troubleshooting, setup, and best practices.', 'quiz-master-next' ), 'image' => QSM_PLUGIN_URL . 'assets/faq.png', 'alt' => 'faq.png', 'link' => 'https://quizandsurveymaster.com/#:~:text=Frequently%20asked%20questions',- ],- [- 'title' => __('Contact Support', 'quiz-master-next'),- 'description' => __('Need further assistance? Reach out to our support team for personalized help with any issues or queries related to QSM.', 'quiz-master-next'),+ ),+ array(+ 'title' => __( 'Contact Support', 'quiz-master-next' ),+ 'description' => __( 'Need further assistance? Reach out to our support team for personalized help with any issues or queries related to QSM.', 'quiz-master-next' ), 'image' => QSM_PLUGIN_URL . 'assets/dashboard-support.png', 'alt' => 'dashboard-support.png',- 'link' => qsm_get_plugin_link('contact-support', 'dashboard', 'useful_links', 'dashboard_support'),- ],- ];+ 'link' => qsm_get_plugin_link( 'contact-support', 'dashboard', 'useful_links', 'dashboard_support' ),+ ),+ ); ?> <div class="qsm-dashboard-help-center">- <h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__('Need Help?', 'quiz-master-next'); ?></h3>+ <h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__( 'Need Help?', 'quiz-master-next' ); ?></h3> <div class="qsm-dashboard-help-center-grid qsm-dashboard-page-common-style"> <?php foreach ( $sections as $section ) : ?> <div class="qsm-dashboard-help-center-card"> <div class="qsm-dashboard-help-center-card-icon"> <div class="qsm-dashboard-help-icon-wrap">- <img class="qsm-dashboard-help-image" src="<?php echo esc_url($section['image']); ?>" alt="<?php echo esc_attr($section['alt']); ?>"/>+ <img class="qsm-dashboard-help-image" src="<?php echo esc_url( $section['image'] ); ?>" alt="<?php echo esc_attr( $section['alt'] ); ?>"/> </div> </div> <h3 class="qsm-dashboard-help-center-card-title">- <a target="_blank" rel="noopener" href="<?php echo esc_url( $section['link'] )?>" class="welcome-icon"><?php echo esc_html($section['title']); ?></a>+ <a target="_blank" rel="noopener" href="<?php echo esc_url( $section['link'] ); ?>" class="welcome-icon"><?php echo esc_html( $section['title'] ); ?></a> </h3> <p class="qsm-dashboard-help-center-card-description">- <?php echo esc_html($section['description']); ?>+ <?php echo esc_html( $section['description'] ); ?> </p> </div> <?php endforeach; ?>@@ -196,8 +196,8 @@ } function qsm_dashboard_display_popular_addon_section( $popular_addons ) {- $desiredOrder = [ 572582, 591230, 567900, 3437 ];- $sortedAddons = [];+ $desiredOrder = array( 572582, 591230, 567900, 3437 );+ $sortedAddons = array(); foreach ( $desiredOrder as $id ) { foreach ( $popular_addons as $addon ) { if ( $addon['id'] == $id ) {@@ -207,11 +207,12 @@ } ?> <div class="qsm-dashboard-help-center">- <h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__('Explore Addons', 'quiz-master-next'); ?></h3>+ <h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__( 'Explore Addons', 'quiz-master-next' ); ?></h3> <div class="qsm-dashboard-help-center-grid qsm-dashboard-page-common-style">- <?php foreach ( array_slice($sortedAddons, 0, 4) as $addon ) :+ <?php+ foreach ( array_slice( $sortedAddons, 0, 4 ) as $addon ) : $addon_link = qsm_get_utm_link( $addon['link'], 'addon_setting', 'popular_addon', 'addon-settings_' . sanitize_title( $addon['name'] ) );- $addon_icon = isset($addon['icon']) && "" != $addon['icon'] ? $addon['icon'] : QSM_PLUGIN_URL . 'assets/chat-smile.png';+ $addon_icon = isset( $addon['icon'] ) && '' != $addon['icon'] ? $addon['icon'] : QSM_PLUGIN_URL . 'assets/chat-smile.png'; ?> <div class="qsm-dashboard-help-center-card"> <div class="qsm-dashboard-help-center-card-icon">@@ -220,12 +221,13 @@ </div> </div> <h3 class="qsm-dashboard-help-center-card-title">- <a target="_blank" rel="noopener" href="<?php echo esc_url($addon_link); ?>"><?php echo esc_html($addon['name']); ?></a>+ <a target="_blank" rel="noopener" href="<?php echo esc_url( $addon_link ); ?>"><?php echo esc_html( $addon['name'] ); ?></a> </h3> <p class="qsm-dashboard-help-center-card-description">- <?php $display_text = mb_strlen($addon['description']) > 110 ? mb_substr($addon['description'], 0, 110) . '...' : $addon['description'];- echo esc_html($display_text);- ?>+ <?php+ $display_text = mb_strlen( $addon['description'] ) > 110 ? mb_substr( $addon['description'], 0, 110 ) . '...' : $addon['description'];+ echo esc_html( $display_text );+ ?> </p> </div> <?php endforeach; ?>@@ -236,8 +238,8 @@ function qsm_dashboard_display_popular_theme_section( $themes ) {- $desiredOrder = [ 547794, 557086, 551027, 302299 ];- $sortedThemes = [];+ $desiredOrder = array( 547794, 557086, 551027, 302299 );+ $sortedThemes = array(); foreach ( $desiredOrder as $id ) { foreach ( $themes as $theme ) { if ( $theme['id'] == $id ) {@@ -247,24 +249,25 @@ } ?> <div class="qsm-dashboard-help-center">- <h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__('Popular Themes', 'quiz-master-next'); ?></h3>+ <h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__( 'Popular Themes', 'quiz-master-next' ); ?></h3> <div class="qsm-dashboard-themes-container qsm-dashboard-page-common-style">- <?php foreach ( $sortedThemes as $single_theme ) {- $theme_demo = qsm_get_utm_link( $single_theme['demo'], 'new_quiz', 'themes', 'quizsurvey_preview_' . sanitize_title( $single_theme['name'] ) );+ <?php+ foreach ( $sortedThemes as $single_theme ) {+ $theme_demo = qsm_get_utm_link( $single_theme['demo'], 'new_quiz', 'themes', 'quizsurvey_preview_' . sanitize_title( $single_theme['name'] ) ); ?> <div class="qsm-dashboard-themes-card"> <div class="qsm-dashboard-themes-image-wrapper">- <img src="<?php echo esc_url($single_theme['img']); ?>" alt="<?php echo esc_attr($single_theme['name']); ?>">+ <img src="<?php echo esc_url( $single_theme['img'] ); ?>" alt="<?php echo esc_attr( $single_theme['name'] ); ?>"> </div> <div class="qsm-dashboard-themes-details-wrapper">- <h3><?php echo esc_html($single_theme['name']); ?></h3>- <a class="button button-secondary" target="_blank" href="<?php echo esc_url($theme_demo); ?>" class="qsm-dashboard-themes-button"><?php echo esc_html__('Demo', 'quiz-master-next'); ?></a>+ <h3><?php echo esc_html( $single_theme['name'] ); ?></h3>+ <a class="button button-secondary" target="_blank" href="<?php echo esc_url( $theme_demo ); ?>" class="qsm-dashboard-themes-button"><?php echo esc_html__( 'Demo', 'quiz-master-next' ); ?></a> </div> </div> <?php } ?> </div> </div>-<?php+ <?php } /**@@ -276,34 +279,38 @@ function qsm_dashboard_recent_taken_quiz() { global $wpdb; $mlw_result_data = $wpdb->get_row( "SELECT DISTINCT COUNT(result_id) as total_result FROM {$wpdb->prefix}mlw_results WHERE deleted=0", ARRAY_A );- if($mlw_result_data['total_result'] != 0){- ?>+ if ( 0 != $mlw_result_data['total_result'] ) {+ ?> <div class="qsm-dashboard-help-center"> <h3 class="qsm-dashboard-help-center-title"><?php esc_html_e( 'Recent Activity', 'quiz-master-next' ); ?></h3> <div class="qsm-dashboard-recently-taken-quiz qsm-dashboard-page-common-style"> <a href="admin.php?page=mlw_quiz_results" style="color: #fff;" class="button button-primary qsm-dashboard-view-all-results">- <?php echo esc_html__( 'See All Results ', 'quiz-master-next' );- echo isset( $mlw_result_data['total_result'] ) ? ' (' . wp_kses_post( $mlw_result_data['total_result'] ) . ')' : ''; ?>+ <?php+ echo esc_html__( 'See All Results ', 'quiz-master-next' );+ echo isset( $mlw_result_data['total_result'] ) ? ' (' . wp_kses_post( $mlw_result_data['total_result'] ) . ')' : '';+ ?> </a> <ul class="recently-taken-quiz-ul"> <?php $mlw_result_data = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_results WHERE deleted=0 ORDER BY result_id DESC LIMIT 2", ARRAY_A ); if ( $mlw_result_data ) {- foreach ( $mlw_result_data as $key => $single_result_arr ) { ?>- <li> <?php- if ( isset( $single_result_arr['user'] ) && '' !== $single_result_arr['user'] ) {- echo '<img src="' . esc_url( get_avatar_url( $single_result_arr['user'] ) ) . '" class="avatar avatar-50 photo" alt="User Avatar">';- } else {- echo '<img src="' . esc_url( QSM_PLUGIN_URL . '/assets/default_image.png' ) . '" class="avatar avatar-50 photo" alt="Default Image">';- }- ?>+ foreach ( $mlw_result_data as $key => $single_result_arr ) {+ ?>+ <li> + <?php+ if ( isset( $single_result_arr['user'] ) && '' !== $single_result_arr['user'] ) {+ echo '<img src="' . esc_url( get_avatar_url( $single_result_arr['user'] ) ) . '" class="avatar avatar-50 photo" alt="User Avatar">';+ } else {+ echo '<img src="' . esc_url( QSM_PLUGIN_URL . '/assets/default_image.png' ) . '" class="avatar avatar-50 photo" alt="Default Image">';+ }+ ?> <div class="rtq-main-wrapper"> <span class="rtq_user_info"> <?php if ( isset( $single_result_arr['user'] ) && 0 !== intval( $single_result_arr['user'] ) ) {- $edit_link = get_edit_profile_url( $single_result_arr['user'] );+ $edit_link = get_edit_profile_url( $single_result_arr['user'] ); $actual_user = get_userdata( $single_result_arr['user'] );- $user_name = 'None' === $single_result_arr['name'] ? $actual_user->data->display_name : $single_result_arr['name'];+ $user_name = 'None' === $single_result_arr['name'] ? $actual_user->data->display_name : $single_result_arr['name']; echo '<a href="' . esc_url( $edit_link ) . '">' . esc_html( $user_name ) . '</a>'; } else { esc_html_e( 'Guest', 'quiz-master-next' );@@ -315,7 +322,7 @@ <span class="rtq-result-info"> <?php $quotes_list = '';- $form_type = isset( $single_result_arr['form_type'] ) ? $single_result_arr['form_type'] : 0;+ $form_type = isset( $single_result_arr['form_type'] ) ? $single_result_arr['form_type'] : 0; if ( 1 === intval( $form_type ) || 2 === intval( $form_type ) ) { $quotes_list .= __( 'Not Graded', 'quiz-master-next' ); } else {@@ -353,23 +360,29 @@ ?> </span> <span class="rtq-time-taken"><?php echo esc_html( date_i18n( get_option( 'date_format' ), strtotime( $single_result_arr['time_taken'] ) ) ); ?></span>- <p class="row-actions-c">- <a- href="admin.php?page=qsm_quiz_result_details&result_id=<?php echo esc_attr( $single_result_arr['result_id'] ); ?>">View</a>- | <a href="javascript:void(0)" data-result_id="<?php echo esc_attr( $single_result_arr['result_id'] ); ?>"- class="trash rtq-delete-result"><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>- </p>+ <?php if ( current_user_can( 'view_qsm_quiz_result' ) || current_user_can( 'administrator' ) ) { ?>+ <p class="row-actions-c">+ <a href="admin.php?page=qsm_quiz_result_details&result_id=<?php echo esc_attr( $single_result_arr['result_id'] ); ?>"><?php esc_html_e( 'View', 'quiz-master-next' ); ?></a>+ <?php if ( current_user_can( 'administrator' ) ) { ?>+ | <a href="javascript:void(0)" data-result_id="<?php echo esc_attr( $single_result_arr['result_id'] ); ?>"+ class="trash rtq-delete-result"><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>+ <?php } ?>+ </p>+ <?php } ?> </div>- </li>- <?php }- } else { ?>+ <?php+ }+ } else {+ ?> <li><?php esc_html_e( 'No recent activity found.', 'quiz-master-next' ); ?></li>- <?php }+ <?php+ } ?> </ul> </div> </div>- <?php }+ <?php+ } } /**@@ -383,7 +396,7 @@ } global $mlwQuizMasterNext; qsm_display_header_section_links();-?>+ ?> <div class="wrap"> <div class="qsm-dashboard-wrapper"> <div class="qsm-dashboard-container">@@ -393,19 +406,19 @@ <p class="qsm-dashboard-card-description"><?php esc_html_e( 'Design quizzes and surveys tailored to your needs.', 'quiz-master-next' ); ?></p> </div> <div class="">- <a class="button button-primary qsm-dashboard-section-create-quiz" href="<?php echo esc_url(admin_url('admin.php?page=qsm_create_quiz_page')); ?>" ><?php esc_html_e( 'Get Started', 'quiz-master-next' ) ?><img class="qsm-dashboard-help-image" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/right-arrow.png'); ?>" alt="right-arrow.png"/></a>+ <a class="button button-primary qsm-dashboard-section-create-quiz" href="<?php echo esc_url( admin_url( 'admin.php?page=qsm_create_quiz_page' ) ); ?>" ><?php esc_html_e( 'Get Started', 'quiz-master-next' ); ?><img class="qsm-dashboard-help-image" src="<?php echo esc_url( QSM_PLUGIN_URL . 'assets/right-arrow.png' ); ?>" alt="right-arrow.png"/></a> </div> </div> <?php $qsm_admin_dd = qsm_get_parsing_script_data(); if ( $qsm_admin_dd ) {- $popular_addons = isset($qsm_admin_dd['popular_products']) ? $qsm_admin_dd['popular_products'] : [];- $themes = isset($qsm_admin_dd['themes']) ? $qsm_admin_dd['themes'] : [];+ $popular_addons = isset( $qsm_admin_dd['popular_products'] ) ? $qsm_admin_dd['popular_products'] : array();+ $themes = isset( $qsm_admin_dd['themes'] ) ? $qsm_admin_dd['themes'] : array(); qsm_check_plugins_compatibility(); qsm_dashboard_recent_taken_quiz();- qsm_dashboard_display_popular_theme_section($themes);- qsm_dashboard_display_popular_addon_section($popular_addons);+ qsm_dashboard_display_popular_theme_section( $themes );+ qsm_dashboard_display_popular_addon_section( $popular_addons ); qsm_dashboard_display_change_log_section(); qsm_dashboard_display_need_help_section(); } else {@@ -416,7 +429,7 @@ </div> <?php qsm_display_promotion_links_section(); ?> </div>-<?php+ <?php } /** * @since 7.0@@ -454,33 +467,33 @@ <ul class="what-new-ul"> <li> <a href="https://app.productstash.io/qsm#/roadmap"- target="_blank" rel="noopener"> <?php esc_html_e( "Roadmap", "quiz-master-next"); ?>+ target="_blank" rel="noopener"> <?php esc_html_e( 'Roadmap', 'quiz-master-next' ); ?> </a> <div class="post-description">- <?php esc_html_e( "Visit out public Roadmap to checkout what's in the development pipepline of QSM.", "quiz-master-next"); ?>+ <?php esc_html_e( "Visit out public Roadmap to checkout what's in the development pipepline of QSM.", 'quiz-master-next' ); ?> </div> </li> <li> <a href="https://app.productstash.io/qsm#/updates"- target="_blank" rel="noopener"><?php esc_html_e( "Recent Updates", "quiz-master-next"); ?>+ target="_blank" rel="noopener"><?php esc_html_e( 'Recent Updates', 'quiz-master-next' ); ?> </a> <div class="post-description">- <?php esc_html_e( "Checkout our updates page to know more about our recent releases", "quiz-master-next"); ?>+ <?php esc_html_e( 'Checkout our updates page to know more about our recent releases', 'quiz-master-next' ); ?> </div> </li> <li> <a href="https://app.productstash.io/qsm#/ideas"- target="_blank" rel="noopener"><?php esc_html_e( "Submit your ideas", "quiz-master-next"); ?>+ target="_blank" rel="noopener"><?php esc_html_e( 'Submit your ideas', 'quiz-master-next' ); ?> </a> <div class="post-description">- <?php esc_html_e( "We are open your suggestions on how to improve QSM. Please visit our ideas page to share your thoughts.", "quiz-master-next"); ?>+ <?php esc_html_e( 'We are open your suggestions on how to improve QSM. Please visit our ideas page to share your thoughts.', 'quiz-master-next' ); ?> </div> </li> </ul> </div> </div> </div>-<?php+ <?php } /**@@ -489,11 +502,11 @@ */ function qsm_create_new_quiz_from_wizard() { // Create new quiz.- if ( isset( $_POST['qsm_new_quiz_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash($_POST['qsm_new_quiz_nonce'] ) ), 'qsm_new_quiz' ) ) {+ if ( isset( $_POST['qsm_new_quiz_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['qsm_new_quiz_nonce'] ) ), 'qsm_new_quiz' ) ) { global $mlwQuizMasterNext; $quiz_name = isset( $_POST['quiz_name'] ) ? sanitize_text_field( wp_unslash( $_POST['quiz_name'] ) ) : ''; $quiz_name = htmlspecialchars( $quiz_name, ENT_QUOTES );- $theme_id = isset( $_POST['quiz_theme_id'] ) ? intval( $_POST['quiz_theme_id'] ) : 0;+ $theme_id = isset( $_POST['quiz_theme_id'] ) ? intval( $_POST['quiz_theme_id'] ) : 0; unset( $_POST['qsm_new_quiz_nonce'] ); unset( $_POST['_wp_http_referer'] ); unset( $_POST['quiz_theme_id'] );@@ -521,26 +534,30 @@ /** * Prepare Contact Fields */- $contact_form = array();+ $contact_form = array(); if ( isset( $_POST['enable_contact_form'] ) && 1 == sanitize_text_field( wp_unslash( $_POST['enable_contact_form'] ) ) ) {- $cf_fields = QSM_Contact_Manager::default_fields();+ $cf_fields = QSM_Contact_Manager::default_fields(); if ( isset( $cf_fields['name'] ) ) { $cf_fields['name']['enable'] = 'true'; $contact_form[] = $cf_fields['name']; } if ( isset( $cf_fields['email'] ) ) {- $cf_fields['email']['enable'] = 'true';- $contact_form[] = $cf_fields['email'];+ $cf_fields['email']['enable'] = 'true';+ $contact_form[] = $cf_fields['email']; } } /** * Prepare Quiz Options */ $quiz_options = apply_filters( 'qsm_quiz_wizard_settings_option_save', $quiz_options );- $mlwQuizMasterNext->quizCreator->create_quiz( $quiz_name, $theme_id, array(- 'quiz_options' => $quiz_options,- 'contact_form' => $contact_form,- ) );+ $mlwQuizMasterNext->quizCreator->create_quiz(+ $quiz_name,+ $theme_id,+ array(+ 'quiz_options' => $quiz_options,+ 'contact_form' => $contact_form,+ )+ ); } }
Vulnerability Existed: no Code Style/Formatting Changes - N/A - php/admin/admin-dashboard.php - Multiple lines Old Code: Various formatting inconsistencies (spacing, indentation, quote styles) Fixed Code: Standardized formatting throughout the file Explanation: This diff contains exclusively code style and formatting changes with no security implications. The changes include: - Standardizing spacing around parentheses in function calls - Converting square bracket array syntax `[]` to `array()` syntax for WordPress coding standards compliance - Fixing indentation and alignment - Changing double quotes `""` to single quotes `''` for consistency - Reformatting multi-line function calls for readability - Standardizing comparison operators (e.g., `$i ++` to `++$i`) - Adding proper line breaks in PHP/HTML mixed code None of these changes introduce, remove, or fix security vulnerabilities. The logic, variable handling, and security functions (like `esc_url()`, `esc_html()`, `esc_attr()`, `wp_kses_post()`) remain unchanged and properly applied throughout.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/admin-results-page.php 2026-01-08 00:36:12.829984537 +0000+++ cache/quiz-master-next_10.3.2/php/admin/admin-results-page.php 2026-01-08 00:38:09.957087697 +0000@@ -116,7 +116,7 @@ global $mlwQuizMasterNext; // If nonce is correct, delete results.- if ( isset( $_POST['delete_results_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['delete_results_nonce'] ) ), 'delete_results' ) ) {+ if ( isset( $_POST['delete_results_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['delete_results_nonce'] ) ), 'delete_results' ) && current_user_can( 'administrator' ) ) { $mlw_delete_results_id = isset( $_POST['result_id'] ) ? intval( $_POST['result_id'] ) : 0; $mlw_delete_results_name = isset( $_POST['delete_quiz_name'] ) ? sanitize_text_field( wp_unslash( $_POST['delete_quiz_name'] ) ) : '';@@ -140,9 +140,9 @@ $mlwQuizMasterNext->alertManager->newAlert( sprintf( __( 'There was an error when deleting this result. Error from WordPress: %s', 'quiz-master-next' ), $error ), 'error' ); $mlwQuizMasterNext->log_manager->add( 'Error deleting result', "Tried {$wpdb->last_query} but got $error.", 0, 'error' ); } else {- qsm_delete_results_attachments($row_before_update);+ qsm_delete_results_attachments( $row_before_update ); $mlwQuizMasterNext->alertManager->newAlert( __( 'Your results has been deleted successfully.', 'quiz-master-next' ), 'success' );- $mlwQuizMasterNext->audit_manager->new_audit( "Results Has Been Deleted From:", $mlw_delete_results_name, "" );+ $mlwQuizMasterNext->audit_manager->new_audit( 'Results Has Been Deleted From:', $mlw_delete_results_name, '' ); } } @@ -153,11 +153,11 @@ if ( isset( $_POST["delete_results"] ) && is_array( $_POST["delete_results"] ) ) { $delete_results = array_map( 'sanitize_text_field', wp_unslash( $_POST["delete_results"] ) ); $table_name = $wpdb->prefix . 'mlw_results';- $query = $wpdb->prepare(- "SELECT * FROM $table_name WHERE result_id IN (" . implode(',', array_fill(0, count($delete_results), '%d')) . ")",+ $query = $wpdb->prepare(+ "SELECT * FROM $table_name WHERE result_id IN (" . implode( ',', array_fill( 0, count( $delete_results ), '%d' ) ) . ')', $delete_results );- $row_before_update = $wpdb->get_results($query);+ $row_before_update = $wpdb->get_results( $query ); // Cycle through the POST array which should be an array of the result ids of the results the user wishes to delete foreach ( $delete_results as $result ) {@@ -174,8 +174,8 @@ ); } }- qsm_delete_results_attachments($row_before_update);- $mlwQuizMasterNext->audit_manager->new_audit( "Results Have Been Bulk Deleted", "", "" );+ qsm_delete_results_attachments( $row_before_update );+ $mlwQuizMasterNext->audit_manager->new_audit( 'Results Have Been Bulk Deleted', '', '' ); } } @@ -389,7 +389,7 @@ 'view_result_page' => __( 'Result Page', 'quiz-master-next' ), ) ); - $values = $quiz_infos = [];+ $values = $quiz_infos = array(); foreach ( $th_elements as $key => $th ) { $values[ $key ]['title'] = $th; $values[ $key ]['style'] = "";@@ -445,8 +445,7 @@ if ( isset( $values['score'] ) ) { if ( 1 === intval( $form_type ) || 2 === intval( $form_type ) ) { $values['score']['content'][] = esc_html__( 'Not Graded', 'quiz-master-next' );- } else {- if ( 0 === intval( $mlw_quiz_info->quiz_system ) ) {+ } elseif ( 0 === intval( $mlw_quiz_info->quiz_system ) ) { $values['score']['content'][] = sprintf( '%1$s %2$s %3$s %4$s %5$s', esc_html( $mlw_quiz_info->correct ), esc_html__( 'out of', 'quiz-master-next' ), esc_html( $out_of_q ), esc_html__( 'or', 'quiz-master-next' ), esc_html( $mlw_quiz_info->correct_score ) ); } elseif ( 1 === intval( $mlw_quiz_info->quiz_system ) ) { $values['score']['content'][] = sprintf( '%1$s %2$s', esc_html( $mlw_quiz_info->point_score ), esc_html__( 'Points', 'quiz-master-next' ) );@@ -454,7 +453,6 @@ $values['score']['content'][] = sprintf( '%1$s %2$s %3$s %4$s %5$s <br /> %6$s %7$s', esc_html( $mlw_quiz_info->correct ), esc_html__( 'out of', 'quiz-master-next' ), esc_html( $out_of_q ), esc_html__( 'or', 'quiz-master-next' ), esc_html( $mlw_quiz_info->correct_score ), esc_html( $mlw_quiz_info->point_score ), esc_html__( 'Points', 'quiz-master-next' ) ); } else { $values['score']['content'][] = esc_html__( 'Not Graded', 'quiz-master-next' );- } } } @@ -521,7 +519,7 @@ $values['view_result_page']['content'][] = '<a target="_blank" class="button" href="' . esc_url( $quiz_page_url ) . '?result_id=' . esc_attr( $unique_id ) . '">' . esc_html__( 'View', 'quiz-master-next' ) . '</a>'; } foreach ( $values as $k => $v ) {- if ( ! in_array( $k, [ 'score', 'time_complete', 'name', 'business', 'email', 'phone', 'user', 'time_taken', 'ip', 'page_name', 'page_url', 'view_result_page' ], true ) ) {+ if ( ! in_array( $k, array( 'score', 'time_complete', 'name', 'business', 'email', 'phone', 'user', 'time_taken', 'ip', 'page_name', 'page_url', 'view_result_page' ), true ) ) { $content = apply_filters( 'mlw_qmn_admin_results_page_column_content', '', $mlw_quiz_info, $k ); if ( isset( $values[ $k ] ) && ! empty( $content ) ) { $values[ $k ]['content'][] = $content;@@ -564,7 +562,9 @@ if ( ( current_user_can( 'view_qsm_quiz_result' ) && get_current_user_id() == $quiz_infos[ $x ]->user ) || current_user_can( 'delete_others_qsm_quizzes' ) ) { ?> <a href="admin.php?page=qsm_quiz_result_details&result_id=<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>"><?php esc_html_e( 'View', 'quiz-master-next' ); ?></a> <?php } ?>- <a style="color: red;" class="delete_table_quiz_results_item" data-quiz-id="<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>" data-quiz-name="<?php echo esc_attr( $quiz_infos[ $x ]->quiz_name ); ?>" href='#'><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>+ <?php if ( current_user_can('administrator') ) { ?>+ <a style="color: red;" class="delete_table_quiz_results_item" data-quiz-id="<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>" data-quiz-name="<?php echo esc_attr( $quiz_infos[ $x ]->quiz_name ); ?>" href='#'><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>+ <?php } ?> <?php if ( ! class_exists( 'QSM_Proctoring_Quiz' ) ) { ?> <a class="qsm-quiz-proctor-addon" href="#"><?php esc_html_e( 'Proctor Reports', 'quiz-master-next' ); ?></a> <?php } ?>@@ -595,30 +595,30 @@ </tbody> </table> </form>-- <div class="qsm-popup qsm-popup-slide qsm-standard-popup " id="qsm-delete-result-page-popup" aria-hidden="false" style="display:none">- <div class="qsm-popup__overlay" tabindex="-1" data-micromodal-close>- <div class="qsm-popup__container" role="dialog" aria-modal="true">- <form action='' method='post'>- <header class="qsm-popup__header qsm-delete-result-page-popup-header">- <div class="qsm-popup__title qsm-upgrade-box-title" id="modal-2-title"></div>- <a class="qsm-popup__close qsm-popup-upgrade-close" aria-label="Close modal" data-micromodal-close></a>- </header>- <main class="qsm-popup__content" id="modal-2-content">- <div class="qsm-result-page-delete-message"><?php esc_html_e( 'Are you sure you want to delete these results?', 'quiz-master-next' ); ?></div>- <?php wp_nonce_field( 'delete_results', 'delete_results_nonce' ); ?>- <input type='hidden' id='result_id' name='result_id' value='' />- <input type='hidden' id='delete_quiz_name' name='delete_quiz_name' value='' />- </main>- <footer class="qsm-popup__footer">- <button class="qsm-popup__btn" data-micromodal-close aria-label="Close this dialog window"><?php esc_html_e( 'Cancel', 'quiz-master-next' ); ?></button>- <button type="submit" class="qsm-popup__btn qsm-delete-result-popup-btn"><span class="dashicons dashicons-warning"></span><?php esc_html_e( 'Delete Result', 'quiz-master-next' ); ?></button>- </footer>- </form>+ <?php if ( current_user_can('administrator') ) { ?>+ <div class="qsm-popup qsm-popup-slide qsm-standard-popup " id="qsm-delete-result-page-popup" aria-hidden="false" style="display:none">+ <div class="qsm-popup__overlay" tabindex="-1" data-micromodal-close>+ <div class="qsm-popup__container" role="dialog" aria-modal="true">+ <form action='' method='post'>+ <header class="qsm-popup__header qsm-delete-result-page-popup-header">+ <div class="qsm-popup__title qsm-upgrade-box-title" id="modal-2-title"></div>+ <a class="qsm-popup__close qsm-popup-upgrade-close" aria-label="Close modal" data-micromodal-close></a>+ </header>+ <main class="qsm-popup__content" id="modal-2-content">+ <div class="qsm-result-page-delete-message"><?php esc_html_e( 'Are you sure you want to delete these results?', 'quiz-master-next' ); ?></div>+ <?php wp_nonce_field( 'delete_results', 'delete_results_nonce' ); ?>+ <input type='hidden' id='result_id' name='result_id' value='' />+ <input type='hidden' id='delete_quiz_name' name='delete_quiz_name' value='' />+ </main>+ <footer class="qsm-popup__footer">+ <button class="qsm-popup__btn" data-micromodal-close aria-label="Close this dialog window"><?php esc_html_e( 'Cancel', 'quiz-master-next' ); ?></button>+ <button type="submit" class="qsm-popup__btn qsm-delete-result-popup-btn"><span class="dashicons dashicons-warning"></span><?php esc_html_e( 'Delete Result', 'quiz-master-next' ); ?></button>+ </footer>+ </form>+ </div> </div> </div>- </div>-+ <?php } ?> <!-- Popup for screen options --> <div class="qsm-popup qsm-popup-slide" id="modal-results-screen-option" aria-hidden="true"> <div class="qsm-popup__overlay" tabindex="-1" data-micromodal-close>@@ -678,7 +678,7 @@ "id" => 'modal-proctor-quiz', "title" => __('Secure Your Quizzes with Proctoring', 'quiz-master-next'), "description" => __('Monitor and prevent cheating with the Quiz Proctor Addon.', 'quiz-master-next'),- "chart_image" => plugins_url('', dirname(__FILE__)) . '/images/proctor_quiz_chart.png',+ "chart_image" => plugins_url('', __DIR__) . '/images/proctor_quiz_chart.png', "information" => __('QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today OR you can buy Quiz Proctor Addon separately.', 'quiz-master-next'), "buy_btn_text" => __('Buy Quiz Proctor Addon', 'quiz-master-next'), "doc_link" => qsm_get_plugin_link( 'docs/add-ons/quiz-proctor/', 'quiz-documentation', 'plugin', 'quiz-proctor', 'qsm_plugin_upsell' ),@@ -701,7 +701,7 @@ "id" => 'export-results', "title" => __( 'Effortlessly Export Quiz Data', 'quiz-master-next' ), "description" => __( 'Manage quiz results with the Export Results Addon.', 'quiz-master-next' ),- "chart_image" => plugins_url( '', dirname( __FILE__ ) ) . '/images/export_results.png',+ "chart_image" => plugins_url( '', __DIR__ ) . '/images/export_results.png', "warning" => __( 'Export Results Addon required', 'quiz-master-next' ), "information" => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Export Results Addon separately.', 'quiz-master-next' ), "buy_btn_text" => __( 'Buy Export Results Addon', 'quiz-master-next' ),@@ -721,7 +721,7 @@ "id" => 'reporting-analysis', "title" => __( 'Gain Powerful Insights with In-Depth Reports', 'quiz-master-next' ), "description" => __( 'Analyze performance trends with the Reporting & Analysis Addon.', 'quiz-master-next' ),- "chart_image" => plugins_url( '', dirname( __FILE__ ) ) . '/images/report_analysis_chart.png',+ "chart_image" => plugins_url( '', __DIR__ ) . '/images/report_analysis_chart.png', "warning" => __( 'Reporting & Analysis Addon required', 'quiz-master-next' ), "information" => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Reporting & Analysis Addon separately.', 'quiz-master-next' ), "buy_btn_text" => __( 'Buy Reporting & Analysis Addon', 'quiz-master-next' ),@@ -742,7 +742,7 @@ "id" => 'proctoring-quiz', "title" => __('Secure Your Quizzes with Proctoring', 'quiz-master-next'), "description" => __('Monitor and prevent cheating with the Quiz Proctor Addon.', 'quiz-master-next'),- "chart_image" => plugins_url( '', dirname( __FILE__ ) ) . '/images/proctor_quiz_chart.png',+ "chart_image" => plugins_url( '', __DIR__ ) . '/images/proctor_quiz_chart.png', "warning" => __( 'Missing Feature - Quiz Proctor Add-on required', 'quiz-master-next' ), "information" => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Proctoring Quiz Addon separately.', 'quiz-master-next' ), "buy_btn_text" => __( 'Buy Quiz Proctor Addon', 'quiz-master-next' ),
# Security Analysis of Code Diff
## Vulnerability 1: Insufficient Authorization Check
**Vulnerability Existed:** yes
**Improper Access Control - CWE-284 - php/admin/admin-results-page.php - Line 119**
**Old Code:**
```php
if ( isset( $_POST['delete_results_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['delete_results_nonce'] ) ), 'delete_results' ) ) {
```
**Fixed Code:**
```php
if ( isset( $_POST['delete_results_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['delete_results_nonce'] ) ), 'delete_results' ) && current_user_can( 'administrator' ) ) {
```
**Explanation:**
The original code only verified the nonce but did not check user capabilities before allowing result deletion. While nonce verification prevents CSRF attacks, it does not enforce authorization. The fix adds `current_user_can( 'administrator' )` check, ensuring only administrators can delete results. This prevents authenticated non-admin users from deleting results despite having access to the form.
---
## Vulnerability 2: Missing UI Authorization Check
**Vulnerability Existed:** yes
**Improper Access Control - CWE-284 - php/admin/admin-results-page.php - Lines 565-567**
**Old Code:**
```php
<a style="color: red;" class="delete_table_quiz_results_item" data-quiz-id="<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>" data-quiz-name="<?php echo esc_attr( $quiz_infos[ $x ]->quiz_name ); ?>" href='#'><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>
```
**Fixed Code:**
```php
<?php if ( current_user_can('administrator') ) { ?>
<a style="color: red;" class="delete_table_quiz_results_item" data-quiz-id="<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>" data-quiz-name="<?php echo esc_attr( $quiz_infos[ $x ]->quiz_name ); ?>" href='#'><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>
<?php } ?>
```
**Explanation:**
The original code displayed the delete button to all users regardless of permission level. While the backend deletion function had insufficient authorization checks (fixed in Vulnerability 1), the UI should also enforce authorization by hiding the delete button from non-administrators. This improves user experience and follows security best practices of enforcing authorization at both UI and backend layers.
---
## Vulnerability 3: Unreachable Delete Modal for Non-Admins
**Vulnerability Existed:** yes
**Improper Access Control - CWE-284 - php/admin/admin-results-page.php - Lines 598-622**
**Old Code:**
```php
<div class="qsm-popup qsm-popup-slide qsm-standard-popup " id="qsm-delete-result-page-popup" aria-hidden="false" style="display:none">
<!-- Modal content for deleting results -->
</div>
```
**Fixed Code:**
```php
<?php if ( current_user_can('administrator') ) { ?>
<div class="qsm-popup qsm-popup-slide qsm-standard-popup " id="qsm-delete-result-page-popup" aria-hidden="false" style="display:none">
<!-- Modal content for deleting results -->
</div>
<?php } ?>
```
**Explanation:**
The delete confirmation modal dialog should only be rendered for users with administrator permissions. The fix conditionally renders the modal only when the user has administrator capabilities. This prevents non-admin users from even seeing the modal HTML and attempting to submit deletion requests through the form.
---
## Non-Vulnerability Changes
The remaining changes in the diff are code style improvements and do not address security vulnerabilities:
- Function call spacing normalization (lines 143, 160, 177)
- Quote style consistency (lines 145, 177)
- Array syntax modernization (`[]` to `array()`)
- Control flow simplification (`else { if` to `elseif`)
- Deprecated `dirname(__FILE__)` replaced with `__DIR__` magic constant (lines 681, 704, 724, 745)
These changes improve code quality but do not fix or introduce security issues.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/create-quiz-page.php 2026-01-08 00:36:12.829984537 +0000+++ cache/quiz-master-next_10.3.2/php/admin/create-quiz-page.php 2026-01-08 00:38:09.961087940 +0000@@ -6,24 +6,24 @@ function qsm_activate_plugin_ajax_activate_plugin() { // Check if the user has permission to activate plugins if ( ! current_user_can('activate_plugins') ) {- wp_send_json_error([ 'message' => 'Permission denied.' ]);+ wp_send_json_error(array( 'message' => 'Permission denied.' )); wp_die(); } check_ajax_referer('qsm_installer_nonce', 'nonce'); if ( empty($_POST['plugin_path']) ) {- wp_send_json_error([ 'message' => 'No plugin path provided.' ]);+ wp_send_json_error(array( 'message' => 'No plugin path provided.' )); wp_die(); } $plugin_path = isset($_POST['plugin_path']) ? sanitize_text_field(wp_unslash( $_POST['plugin_path'] ) ) : ""; $result = activate_plugin($plugin_path);- wp_send_json_success([ 'message' => 'Plugin activated successfully.' ]);+ wp_send_json_success(array( 'message' => 'Plugin activated successfully.' )); wp_die(); } function qsm_activate_plugin_ajax_handler() { // Check if the user has permission to activate plugins if ( ! current_user_can('activate_plugins') ) {- wp_send_json_error([ 'message' => 'Permission denied.' ]);+ wp_send_json_error(array( 'message' => 'Permission denied.' )); wp_die(); } @@ -38,9 +38,9 @@ $all_plugins = get_plugins(); if ( isset($all_plugins[ $plugin_path ]) ) {- wp_send_json_success([ 'version' => esc_html__('Version: ', 'quiz-master-next') . $all_plugins[ $plugin_path ]['Version'] ]);+ wp_send_json_success(array( 'version' => esc_html__('Version: ', 'quiz-master-next') . $all_plugins[ $plugin_path ]['Version'] )); } else {- wp_send_json_error([ 'message' => 'Plugin not found.' ]);+ wp_send_json_error(array( 'message' => 'Plugin not found.' )); } wp_die(); }@@ -59,7 +59,7 @@ global $wpdb; $query = $wpdb->prepare("SELECT id FROM {$wpdb->prefix}mlw_themes WHERE theme = %s", $theme_slug); $id = $wpdb->get_var($query);- wp_send_json_success([ 'id' => $id ]);+ wp_send_json_success(array( 'id' => $id )); wp_die(); } @@ -74,7 +74,7 @@ } // Filter active themes to ensure their directories exist- $filtered_active_themes = [];+ $filtered_active_themes = array(); if ( ! empty($active_themes) ) { foreach ( $active_themes as $theme ) { $theme_dir = WP_PLUGIN_DIR . '/' . $theme['theme'];@@ -85,7 +85,7 @@ } // Merge installed themes and filtered active themes- $merged_themes = [];+ $merged_themes = array(); foreach ( array_merge($installed_themes, $filtered_active_themes) as $theme ) { $key = $theme['theme']; if ( ! isset($merged_themes[ $key ]) ) {@@ -176,12 +176,12 @@ foreach ( $all_addons as $addon ) { if ( $addon['id'] == $theme_value['id'] ) { // Merge the additional keys into the theme array- $theme_value = array_merge($theme_value, [+ $theme_value = array_merge($theme_value, array( 'path' => $addon['path'], 'icon' => $addon['icon'], 'settings_tab' => $addon['settings_tab'], 'option' => $addon['option'],- ]);+ )); break; // Stop looping once a match is found } }@@ -439,28 +439,28 @@ $all_addons = $qsm_admin_dd['all_addons']; $all_themes = $qsm_admin_dd['themes']; - $dashboard_pages = [- [+ $dashboard_pages = array(+ array( 'page_no' => 1, 'callback' => 'qsm_dashboard_display_quizoptions_section',- 'params' => [ $quizoptions_boxes ],- ],- [+ 'params' => array( $quizoptions_boxes ),+ ),+ array( 'page_no' => 2, 'callback' => 'qsm_dashboard_display_theme_section',- 'params' => [ $all_themes, $installer_option, $invalid_and_expired, $all_addons, $installer_activated, $installer_script ],- ],- [+ 'params' => array( $all_themes, $installer_option, $invalid_and_expired, $all_addons, $installer_activated, $installer_script ),+ ),+ array( 'page_no' => 3, 'callback' => 'qsm_dashboard_display_addons_section',- 'params' => [ $all_addons, $installer_option, $invalid_and_expired, $installer_activated, $installer_script ],- ],- [+ 'params' => array( $all_addons, $installer_option, $invalid_and_expired, $installer_activated, $installer_script ),+ ),+ array( 'page_no' => 4, 'callback' => 'qsm_dashboard_display_quizform_section',- 'params' => [],- ],- ];+ 'params' => array(),+ ),+ ); foreach ( $dashboard_pages as $page ) { echo '<div class="qsm-dashboard-container-pages" data-page-no="' . esc_attr($page['page_no']) . '" style="display: none;">';@@ -490,5 +490,4 @@ </div><!-- qsm-new-quiz-wrapper --> </div> <?php- }\ No newline at end of file
I'll analyze this code diff for security vulnerabilities. ``` Vulnerability Existed: no No Security Vulnerabilities Detected Explanation: This diff contains only code style changes, specifically converting PHP short array syntax ([ ]) to long array syntax (array( )). These are equivalent syntactic representations with no functional or security differences. The changes do not modify: - Input validation or sanitization logic - Permission checks - Data handling - SQL queries - Output escaping All existing security practices remain intact: - Permission checks with current_user_can() are unchanged - AJAX nonce verification with check_ajax_referer() is unchanged - Input sanitization with sanitize_text_field() and wp_unslash() is unchanged - Database queries use prepared statements with $wpdb->prepare() - Output escaping with esc_html__() and esc_attr() is unchanged The diff appears to be a code style standardization (likely for WordPress coding standards compliance), not a security patch. ```
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/functions.php 2026-01-08 00:36:12.845985505 +0000+++ cache/quiz-master-next_10.3.2/php/admin/functions.php 2026-01-08 00:38:09.961087940 +0000@@ -1101,7 +1101,7 @@ "id" => 'modal-advanced-question-type', "title" => __('Go Beyond Standard Questions', 'quiz-master-next'), "description" => __('Make your quizzes more engaging with the Advanced Question Types Addon.', 'quiz-master-next'),- "chart_image" => plugins_url('', dirname(__FILE__)) . '/images/advanced_question_type.png',+ "chart_image" => plugins_url('', __DIR__) . '/images/advanced_question_type.png', "information" => __('QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today OR you can buy Advanced Question Addon separately.', 'quiz-master-next'), "buy_btn_text" => __('Buy Advanced Questions Addon', 'quiz-master-next'), "doc_link" => qsm_get_plugin_link( 'docs/question-types', 'qsm_list', 'advance-question_type', 'advance-question-upsell_read_documentation', 'qsm_plugin_upsell' ),@@ -1233,8 +1233,6 @@ } /**- * Generates theme setting feilds- * * @since 8.0.5 * @param string $type input type * @return string $label input label@@ -1422,12 +1420,11 @@ 'selected' => array(), ), );- echo sprintf(+ printf( '<select name="%1$s" class="qsm-theme-option-unit"> %2$s </select>', esc_attr( $param['name'] ), wp_kses( $options, $allowed_tags ) );- } function qsm_get_input_label_selected( $param ) {@@ -1459,7 +1456,7 @@ 'selected' => array(), ), );- echo sprintf(+ printf( '<select name="%1$s"> %2$s </select>', esc_attr( $param['name'] ), wp_kses( $options ,$allowed_tags)@@ -1476,7 +1473,7 @@ "id" => 'advanced-assessment', "title" => __( 'Advanced Assessment, Smarter Results', 'quiz-master-next' ), "description" => __( 'Unlock Personalized Quiz Experiences with the Advanced Assessment Addon.', 'quiz-master-next' ),- "chart_image" => plugins_url( '', dirname( __FILE__ ) ) . '/images/advance-assessment-chart.png',+ "chart_image" => plugins_url( '', __DIR__ ) . '/images/advance-assessment-chart.png', "warning" => __( 'Missing Feature - Advanced Assessment Add-on required', 'quiz-master-next' ), "information" => __( 'Get all our add-ons at a discounted rate with the QSM Addon Bundle and save up to 95% today! Alternatively, you can also purchase the Advanced Assessment Addon separately.', 'quiz-master-next' ), "buy_btn_text" => __( 'Buy Quiz Advanced Assessment', 'quiz-master-next' ),@@ -1501,7 +1498,7 @@ "id" => 'modal-extra-shortcodes', "title" => __('Unlock More Customization with Extra Shortcodes', 'quiz-master-next'), "description" => __('Enhance quiz display and functionality with the Extra Shortcodes Addon.', 'quiz-master-next'),- "chart_image" => plugins_url('', dirname(__FILE__)) . '/images/extra-shortcodes.png',+ "chart_image" => plugins_url('', __DIR__) . '/images/extra-shortcodes.png', "information" => __('QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today OR you can buy QSM Extra Shortodes Addon separately.', 'quiz-master-next'), "buy_btn_text" => __('Buy QSM Extra Shortodes Addon', 'quiz-master-next'), "doc_link" => qsm_get_plugin_link( 'docs/add-ons/extra-shortcodes/', 'qsm_list', 'extrashortcodea_button', 'extra-shortcodes-upsell_read_documentation', 'qsm_plugin_upsell' ),@@ -1528,7 +1525,7 @@ "id" => 'modal-qsm-webhooks', "title" => __( 'Automate Your Workflow with QSM Webhooks', 'quiz-master-next' ), "description" => __( 'Enhance your quizzes with seamless integrations using the QSM Webhooks Addon.', 'quiz-master-next' ),- "chart_image" => plugins_url( '', dirname( __FILE__ ) ) . '/images/proctor_quiz_chart.png',+ "chart_image" => plugins_url( '', __DIR__ ) . '/images/proctor_quiz_chart.png', "warning" => __( 'Missing Feature - webhook Add-On required', 'quiz-master-next' ), "information" => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Webhooks Addon separately.', 'quiz-master-next' ), "buy_btn_text" => __( 'Buy Webhooks Addon', 'quiz-master-next' ),@@ -1626,7 +1623,7 @@ } } } else {- wp_send_json_error( [ 'message' => __( 'Invalid nonce. Busted.', 'quiz-master-next' ) ] );+ wp_send_json_error( array( 'message' => __( 'Invalid nonce. Busted.', 'quiz-master-next' ) ) ); wp_die(); } }@@ -1643,22 +1640,22 @@ if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'qsm_remove_template' ) ) {- wp_send_json_error( [ 'message' => __( 'Invalid nonce. Action not authorized.', 'quiz-master-next' ) ] );+ wp_send_json_error( array( 'message' => __( 'Invalid nonce. Action not authorized.', 'quiz-master-next' ) ) ); wp_die(); } if ( ! isset( $_POST['id'] ) || ! absint( wp_unslash( $_POST['id'] ) ) ) {- wp_send_json_error( [ 'message' => __( 'Invalid template ID.', 'quiz-master-next' ) ] );+ wp_send_json_error( array( 'message' => __( 'Invalid template ID.', 'quiz-master-next' ) ) ); wp_die(); } $template_id = absint( wp_unslash( $_POST['id'] ) ); $table_name = $wpdb->prefix . 'mlw_quiz_output_templates';- $result = $wpdb->delete( $table_name, [ 'id' => $template_id ], [ '%d' ] );+ $result = $wpdb->delete( $table_name, array( 'id' => $template_id ), array( '%d' ) ); if ( $result ) {- wp_send_json_success( [ 'message' => __( 'Template removed successfully.', 'quiz-master-next' ) ] );+ wp_send_json_success( array( 'message' => __( 'Template removed successfully.', 'quiz-master-next' ) ) ); } else {- wp_send_json_error( [ 'message' => __( 'Failed to remove the template.', 'quiz-master-next' ) ] );+ wp_send_json_error( array( 'message' => __( 'Failed to remove the template.', 'quiz-master-next' ) ) ); } wp_die(); }@@ -1714,7 +1711,7 @@ </div> <div class="qsm-<?php echo esc_attr( $type ); ?>-page-template-card-buttons"> <button class="qsm-<?php echo esc_attr( $type ); ?>-page-template-preview-button button button-secondary" data-indexid="<?php echo esc_html($key); ?>"><?php esc_html_e( 'Preview', 'quiz-master-next' ); ?></button>- <button class="qsm-<?php echo esc_attr( $type ); ?>-page-template-use-button button button-secondary" data-structure="default" data-indexid="<?php echo esc_html($key); ?>"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/download-line-blue.svg'); ?>" alt="download-line-blue.svg" /><?php esc_html_e( 'Insert', 'quiz-master-next' ); ?></button>+ <button class="qsm-<?php echo esc_attr( $type ); ?>-page-template-use-button" data-structure="default" data-indexid="<?php echo esc_html($key); ?>"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/download-line-blue.svg'); ?>" alt="download-line-blue.svg" /><?php esc_html_e( 'Insert', 'quiz-master-next' ); ?></button> </div> </div> <?php@@ -1781,9 +1778,9 @@ } function qsm_get_plugin_status_by_path( $path ) {- if ( is_plugin_active($path) ) {+ if ( is_plugin_active( $path ) ) { return 'activated';- } elseif ( '' != $path && file_exists(WP_PLUGIN_DIR . '/' . $path) ) {+ } elseif ( ! empty( $path ) && file_exists( WP_PLUGIN_DIR . '/' . $path ) ) { return 'installed'; } else { return 'not_installed';@@ -1798,39 +1795,39 @@ */ function qsm_get_dependency_plugin_list() { $qsm_admin_dd = qsm_get_parsing_script_data();- $all_addons = isset( $qsm_admin_dd['all_addons'] ) ? $qsm_admin_dd['all_addons'] : array();+ $all_addons = isset( $qsm_admin_dd['all_addons'] ) ? $qsm_admin_dd['all_addons'] : array(); $dependency_array = array(); foreach ( $all_addons as $key => $addon ) {- $path = $addon['path'] ?? '';- $addon_link = qsm_get_utm_link( $addon['link'], 'result_or_email', 'templates', 'template_preview_' . sanitize_title( $addon['name'] ) );- $dependency_array[] = [+ $path = isset( $addon['path'] ) ? $addon['path'] : '';+ $addon_link = qsm_get_utm_link( $addon['link'], 'result_or_email', 'templates', 'template_preview_' . sanitize_title( $addon['name'] ) );+ $dependency_array[] = array( 'id' => $addon['id'], 'name' => $addon['name'], 'link' => $addon_link,- 'status' => qsm_get_plugin_status_by_path($path), // Use the common function- ];+ 'status' => qsm_get_plugin_status_by_path( $path ), // Use the common function+ ); } return $dependency_array; } function qsm_create_theme_defaults_tab() { global $mlwQuizMasterNext, $wpdb;- $themes = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_themes", ARRAY_A );+ $themes = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_themes", ARRAY_A ); if ( empty( $themes ) ) { return; } $active_themes = $mlwQuizMasterNext->theme_settings->get_active_themes(); - if ( empty($active_themes) ) {+ if ( empty( $active_themes ) ) { return; } $pro_themes = array( 'Fortune', 'Sigma', 'Pixel', 'Sapience', 'Breeze', 'Fragrance', 'Pool', 'Ivory' ); $has_pro_theme = false; foreach ( $active_themes as $theme ) {- if ( in_array($theme['theme_name'], $pro_themes, true) ) {+ if ( in_array( $theme['theme_name'], $pro_themes, true ) ) { $has_pro_theme = true; break; }
# Security Analysis - PatchLeaks Diff Report
## Vulnerability 1
**Vulnerability Existed:** no
**Path Traversal / Directory Traversal - CWE-22 - php/admin/functions.php [1104, 1479, 1504, 1531]**
Old Code:
```php
"chart_image" => plugins_url('', dirname(__FILE__)) . '/images/advanced_question_type.png',
```
Fixed Code:
```php
"chart_image" => plugins_url('', __DIR__) . '/images/advanced_question_type.png',
```
Explanation:
This is not a security fix but a code quality improvement. Both `dirname(__FILE__)` and `__DIR__` produce identical results and are equally safe. The change modernizes PHP syntax (introduced in PHP 5.3.0) but does not address or prevent any vulnerability. The `plugins_url()` function properly handles the directory path regardless of which method is used.
---
## Vulnerability 2
**Vulnerability Existed:** no
**Code Quality / Syntax Change - No CWE - php/admin/functions.php [1425-1426, 1459-1460]**
Old Code:
```php
echo sprintf(
'<select name="%1$s" class="qsm-theme-option-unit"> %2$s </select>',
esc_attr( $param['name'] ),
wp_kses( $options, $allowed_tags )
);
```
Fixed Code:
```php
printf(
'<select name="%1$s" class="qsm-theme-option-unit"> %2$s </select>',
esc_attr( $param['name'] ),
wp_kses( $options, $allowed_tags )
);
```
Explanation:
This is a performance optimization, not a security fix. Using `printf()` directly is more efficient than `echo sprintf()` as it eliminates an intermediate string. Both approaches properly escape output via `esc_attr()` and `wp_kses()`, so there is no security improvement.
---
## Vulnerability 3
**Vulnerability Existed:** no
**Code Style / Array Syntax - No CWE - php/admin/functions.php [1626-1659]**
Old Code:
```php
wp_send_json_error( [ 'message' => __( 'Invalid nonce. Busted.', 'quiz-master-next' ) ] );
```
Fixed Code:
```php
wp_send_json_error( array( 'message' => __( 'Invalid nonce. Busted.', 'quiz-master-next' ) ) );
```
Explanation:
This is a PHP coding standard change (PSR-2/WordPress Coding Standards) converting short array syntax `[]` to long array syntax `array()`. This is not a security fix. Both syntaxes are functionally identical and equally secure. The change improves compatibility with older PHP versions but addresses no vulnerability.
---
## Vulnerability 4
**Vulnerability Existed:** no
**HTML Attribute Removal - No CWE - php/admin/functions.php [1714]**
Old Code:
```php
<button class="qsm-<?php echo esc_attr( $type ); ?>-page-template-use-button button button-secondary" ...>
```
Fixed Code:
```php
<button class="qsm-<?php echo esc_attr( $type ); ?>-page-template-use-button" ...>
```
Explanation:
This removes CSS class attributes (`button button-secondary`) from the button element. This is a UI/styling change, not a security fix. The output escaping remains intact with `esc_attr()`.
---
## Vulnerability 5
**Vulnerability Existed:** not sure
**Null Coalescing vs isset() - Potential Type Inconsistency - CWE-476 - php/admin/functions.php [1803-1804]**
Old Code:
```php
$path = $addon['path'] ?? '';
```
Fixed Code:
```php
$path = isset( $addon['path'] ) ? $addon['path'] : '';
```
Explanation:
The change from null coalescing operator (`??`) to `isset()` ternary is functionally equivalent, so not a security fix. However, there is a subtle behavioral difference: `??` checks for null/undefined, while `isset()` returns false for null values. This could mask security issues if `$addon['path']` is intentionally null versus undefined. Without knowing the data source and intent, it's uncertain if this represents a security improvement or regression.
---
## Summary
**Total Vulnerabilities Found:** 0 (confirmed)
**Code Quality Changes:** 5
This diff primarily contains code modernization and style improvements following WordPress and PHP coding standards. No actual security vulnerabilities were fixed in this patch.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/options-page-questions-tab.php 2026-01-08 00:36:12.853985989 +0000+++ cache/quiz-master-next_10.3.2/php/admin/options-page-questions-tab.php 2026-01-08 00:38:09.969088426 +0000@@ -30,7 +30,7 @@ */ function qsm_options_questions_tab_content() { global $wpdb, $mlwQuizMasterNext;- $quiz_data = $wpdb->get_results( "SELECT quiz_id, quiz_name FROM " . $wpdb->prefix . "mlw_quizzes WHERE deleted=0 ORDER BY quiz_id DESC" );+ $quiz_data = $wpdb->get_results( 'SELECT quiz_id, quiz_name FROM ' . $wpdb->prefix . 'mlw_quizzes WHERE deleted=0 ORDER BY quiz_id DESC' ); $question_categories = $wpdb->get_results( "SELECT DISTINCT category FROM {$wpdb->prefix}mlw_questions", 'ARRAY_A' ); $enabled = get_option( 'qsm_multiple_category_enabled' ); @@ -66,26 +66,26 @@ 'questions' => array(), ); foreach ( $pages as $k => $val ) {- $qpage = isset( $db_qpages[ $k ] ) ? $db_qpages[ $k ] : $defaultQPage;- $qpage['id'] = $k + 1;- $qpage['pagekey'] = ( isset( $qpage['pagekey'] ) && ! empty( $qpage['pagekey'] ) ) ? $qpage['pagekey'] : uniqid();- $qpage['hide_prevbtn'] = ( isset( $qpage['hide_prevbtn'] ) && ! empty( $qpage['hide_prevbtn'] ) ) ? $qpage['hide_prevbtn'] : 0;+ $qpage = isset( $db_qpages[ $k ] ) ? $db_qpages[ $k ] : $defaultQPage;+ $qpage['id'] = $k + 1;+ $qpage['pagekey'] = ( isset( $qpage['pagekey'] ) && ! empty( $qpage['pagekey'] ) ) ? $qpage['pagekey'] : uniqid();+ $qpage['hide_prevbtn'] = ( isset( $qpage['hide_prevbtn'] ) && ! empty( $qpage['hide_prevbtn'] ) ) ? $qpage['hide_prevbtn'] : 0; $pages[ $k ] = array_values( $val );- $qpage['questions'] = array_values( $val );- $qpages[] = $qpage;+ $qpage['questions'] = array_values( $val );+ $qpages[] = $qpage; } } else {- $defaultQPage = array(+ $defaultQPage = array( 'id' => 1, 'quizID' => $quiz_id, 'pagekey' => uniqid(), 'hide_prevbtn' => 0, 'questions' => array(), );- $qpages[] = $defaultQPage;+ $qpages[] = $defaultQPage; }- $qpages = apply_filters( 'qsm_filter_quiz_page_attributes', $qpages, $pages );- $json_data = array(+ $qpages = apply_filters( 'qsm_filter_quiz_page_attributes', $qpages, $pages );+ $json_data = array( 'quizID' => $quiz_id, 'answerText' => __( 'Answer', 'quiz-master-next' ), 'linked_view' => __( 'View', 'quiz-master-next' ),@@ -107,8 +107,8 @@ wp_localize_script( 'qsm_admin_js', 'qsmQuestionSettings', $json_data ); // Load Question Types.- $question_types = $mlwQuizMasterNext->pluginHelper->get_question_type_options();- $question_types_categorized = $mlwQuizMasterNext->pluginHelper->categorize_question_types();+ $question_types = $mlwQuizMasterNext->pluginHelper->get_question_type_options();+ $question_types_categorized = $mlwQuizMasterNext->pluginHelper->categorize_question_types(); // Display warning if using competing options. $pagination = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_options', 'pagination' );@@ -133,9 +133,9 @@ /** * Check for invalid Questions. */- $q_types = array();- $invalid_types = array();- $question_types_new = $wpdb->get_results( "SELECT `question_type_new` as type FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" . implode( ',', $question_ids ) . ")" );+ $q_types = array();+ $invalid_types = array();+ $question_types_new = $wpdb->get_results( "SELECT `question_type_new` as type FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" . implode( ',', $question_ids ) . ')' ); if ( ! empty( $question_types_new ) ) { foreach ( $question_types_new as $data ) { $q_types[] = $data->type;@@ -158,46 +158,46 @@ <?php } }- $read_only = "";- $disable_class = "";- $background = "#FFFFFF";- $display_advance = "yes";- if ( ! class_exists ( 'QSM_AdvancedTimer' ) ) {- $read_only = 'readonly';+ $read_only = '';+ $disable_class = '';+ $background = '#FFFFFF';+ $display_advance = 'yes';+ if ( ! class_exists( 'QSM_AdvancedTimer' ) ) {+ $read_only = 'readonly'; $disable_class = 'qsm-disabled-td';- $background = "#F0F0F0";+ $background = '#F0F0F0'; } else {- $date_now = gmdate("d-m-Y");- $settings_data = get_option('qsm_addon_advanced_timer_settings', '');- $license = isset( $settings_data['license_key'] ) ? trim( $settings_data['license_key'] ) : '';- if ( version_compare( $mlwQuizMasterNext->version, '8.1.6', '<' ) && (isset($settings_data['expiry_date']) && "" != $settings_data['expiry_date']) && (isset($settings_data['last_validate']) && "" != $settings_data['last_validate']) && strtotime($date_now) > strtotime($settings_data['expiry_date']) && strtotime($date_now) >= strtotime($settings_data['last_validate']) ) {- $item_url = 'https://quizandsurveymaster.com/checkout/?edd_license_key='.$license.'&download_id=109654';- $target_text = __('License Key Expired. ', 'quiz-master-next');- $target_link = sprintf( '<div class="notice notice-error notice-advance-timer"><strong>'.__('Error! ', 'quiz-master-next').'</strong>'.$target_text.'<a style="font-weight: bolder;" href="%s" target="_blank">%s</a></div>', esc_url( $item_url ), __( 'Click here to renew', 'quiz-master-next' ) );- echo wp_kses_post($target_link);+ $date_now = gmdate( 'd-m-Y' );+ $settings_data = get_option( 'qsm_addon_advanced_timer_settings', '' );+ $license = isset( $settings_data['license_key'] ) ? trim( $settings_data['license_key'] ) : '';+ if ( version_compare( $mlwQuizMasterNext->version, '8.1.6', '<' ) && ( isset( $settings_data['expiry_date'] ) && '' != $settings_data['expiry_date'] ) && ( isset( $settings_data['last_validate'] ) && '' != $settings_data['last_validate'] ) && strtotime( $date_now ) > strtotime( $settings_data['expiry_date'] ) && strtotime( $date_now ) >= strtotime( $settings_data['last_validate'] ) ) {+ $item_url = 'https://quizandsurveymaster.com/checkout/?edd_license_key=' . $license . '&download_id=109654';+ $target_text = __( 'License Key Expired. ', 'quiz-master-next' );+ $target_link = sprintf( '<div class="notice notice-error notice-advance-timer"><strong>' . __( 'Error! ', 'quiz-master-next' ) . '</strong>' . $target_text . '<a style="font-weight: bolder;" href="%s" target="_blank">%s</a></div>', esc_url( $item_url ), __( 'Click here to renew', 'quiz-master-next' ) );+ echo wp_kses_post( $target_link ); }- if ( ( isset($settings_data['last_validate']) && "invalid" == $settings_data['last_validate'] ) || empty($settings_data) ) {- $read_only = 'readonly';- $disable_class = 'qsm-disabled-td';- $background = "#F0F0F0";- $admin_page_url = esc_url(admin_url('admin.php?page=qmn_addons&tab=advanced-timer'));- $error_message = sprintf(+ if ( ( isset( $settings_data['last_validate'] ) && 'invalid' == $settings_data['last_validate'] ) || empty( $settings_data ) ) {+ $read_only = 'readonly';+ $disable_class = 'qsm-disabled-td';+ $background = '#F0F0F0';+ $admin_page_url = esc_url( admin_url( 'admin.php?page=qmn_addons&tab=advanced-timer' ) );+ $error_message = sprintf( '<div class="notice notice-error notice-advance-timer"> <strong>%s</strong> %s <a href="%s" target="_blank">%s</a> %s </div>',- __('Error! ', 'quiz-master-next'),- __('Your Advanced Timer Settings are not saved successfully. ', 'quiz-master-next'),+ __( 'Error! ', 'quiz-master-next' ),+ __( 'Your Advanced Timer Settings are not saved successfully. ', 'quiz-master-next' ), $admin_page_url,- __('Validate license', 'quiz-master-next'),- __('to save the settings. ', 'quiz-master-next')+ __( 'Validate license', 'quiz-master-next' ),+ __( 'to save the settings. ', 'quiz-master-next' ) );- echo wp_kses_post($error_message);+ echo wp_kses_post( $error_message ); }- $advancetimer = 'qsm-advanced-timer/qsm-advanced-timer.php';- $plugin_data = get_plugin_data(WP_PLUGIN_DIR . '/'. $advancetimer);+ $advancetimer = 'qsm-advanced-timer/qsm-advanced-timer.php';+ $plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $advancetimer ); $version_number = $plugin_data['Version'];- if ( version_compare($version_number, '2.0.0', '<') ) {- $display_advance = "no";+ if ( version_compare( $version_number, '2.0.0', '<' ) ) {+ $display_advance = 'no'; } } ?>@@ -206,7 +206,7 @@ <p class="search-box"> <label class="screen-reader-text" for="question_search"><?php esc_html_e( 'Search Questions:', 'quiz-master-next' ); ?></label> <input type="search" id="question_search" name="question_search" value="" placeholder="<?php esc_html_e( 'Search Questions', 'quiz-master-next' ); ?>">- <?php do_action('qsm_question_controls_head'); ?>+ <?php do_action( 'qsm_question_controls_head' ); ?> </p> </div> <div class="qsm-admin-bulk-actions">@@ -236,7 +236,7 @@ <a class="qsm-popup__close" aria-label="Close modal" data-micromodal-close></a> </header> <main class="qsm-popup__content" id="modal-2-content">- <?php do_action('qsm-question-categories-setting')?>+ <?php do_action( 'qsm-question-categories-setting' ); ?> <input type="hidden" name="add-question-bank-page" id="add-question-bank-page" value=""> <div class="qsm-question-bank-filters"> <div class="qsm-question-bank-search">@@ -325,14 +325,14 @@ } // disabling polar for form type quiz and system correct/incorrect if ( 0 === intval( $form_type ) && 0 === intval( $quiz_system ) ) {- $polar_class = $polar_question_use = '';- $description_arr[] = array(+ $polar_class = $polar_question_use = '';+ $description_arr[] = array( 'question_type_id' => '13', 'description' => __( 'Use points based grading system for Polar questions.', 'quiz-master-next' ), ); } else {- $polar_class = 'qsm_show_question_type_13';- $polar_question_use = ',13';+ $polar_class = 'qsm_show_question_type_13';+ $polar_question_use = ',13'; } $show_answer_option = '';@@ -346,7 +346,9 @@ if ( $description_arr ) { foreach ( $description_arr as $value ) { $question_type_id = $value['question_type_id'];- ?><p id="question_type_<?php echo esc_attr( $question_type_id ); ?>_description" class="question-type-description"><?php echo esc_attr( $value['description'] ); ?></p><?php+ ?>+ <p id="question_type_<?php echo esc_attr( $question_type_id ); ?>_description" class="question-type-description"><?php echo esc_attr( $value['description'] ); ?></p>+ <?php } } ?>@@ -366,14 +368,14 @@ </div> <div class="qsm-question-misc-options advanced-content"> <?php- $show_correct_answer_info = '';- $show_autofill = '';- $show_case_sensitive = '';- $show_limit_text = '';- $show_limit_multiple_response = '';- $show_file_upload_type = '';- $show_file_upload_limit = '';- $placeholder_text = '';+ $show_correct_answer_info = '';+ $show_autofill = '';+ $show_case_sensitive = '';+ $show_limit_text = '';+ $show_limit_multiple_response = '';+ $show_file_upload_type = '';+ $show_file_upload_limit = '';+ $placeholder_text = ''; foreach ( $question_types as $type ) { if ( isset( $type['options']['show_correct_answer_info'] ) && $type['options']['show_correct_answer_info'] ) { $show_correct_answer_info .= ',' . $type['slug'];@@ -400,7 +402,7 @@ $placeholder_text .= ',' . $type['slug']; } }- $advanced_question_option = array(+ $advanced_question_option = array( 'correct_answer_info' => array( 'heading' => __( 'Correct Answer Info', 'quiz-master-next' ), 'type' => 'textarea',@@ -533,8 +535,8 @@ 'show' => '3, 5, 7' . $placeholder_text, ), );- $advanced_question_option = apply_filters( 'qsm_question_advanced_option', $advanced_question_option );- $keys = array_column( $advanced_question_option, 'priority' );+ $advanced_question_option = apply_filters( 'qsm_question_advanced_option', $advanced_question_option );+ $keys = array_column( $advanced_question_option, 'priority' ); array_multisort( $keys, SORT_ASC, $advanced_question_option ); foreach ( $advanced_question_option as $qo_key => $single_option ) { qsm_generate_question_option( $qo_key, $single_option );@@ -570,7 +572,7 @@ <?php foreach ( $question_types_categorized as $category_name => $category_items ) { ?>- <optgroup label="<?php echo esc_attr( $category_name ) ?>">+ <optgroup label="<?php echo esc_attr( $category_name ); ?>"> <?php foreach ( $category_items as $type ) { if ( isset( $type['disabled'] ) && true === $type['disabled'] ) {@@ -600,7 +602,7 @@ $show_match_answer .= ',' . $type['slug']; } }- $simple_question_option = array(+ $simple_question_option = array( 'change-answer-editor' => array( 'label' => __( 'Answers Type', 'quiz-master-next' ), 'type' => 'select',@@ -636,8 +638,8 @@ 'default' => '0', ), );- $simple_question_option = apply_filters( 'qsm_question_format_option', $simple_question_option );- $keys = array_column( $simple_question_option, 'priority' );+ $simple_question_option = apply_filters( 'qsm_question_format_option', $simple_question_option );+ $keys = array_column( $simple_question_option, 'priority' ); array_multisort( $keys, SORT_ASC, $simple_question_option ); foreach ( $simple_question_option as $qo_key => $single_option ) { qsm_display_question_option( $qo_key, $single_option );@@ -683,8 +685,8 @@ ), ); }- $category_question_option = apply_filters( 'qsm_question_category_option', $category_question_option );- $keys = array_column( $category_question_option, 'priority' );+ $category_question_option = apply_filters( 'qsm_question_category_option', $category_question_option );+ $keys = array_column( $category_question_option, 'priority' ); array_multisort( $keys, SORT_ASC, $category_question_option ); foreach ( $category_question_option as $qo_key => $single_cat_option ) { qsm_display_question_option( $qo_key, $single_cat_option );@@ -736,29 +738,35 @@ <input name="hide_prevbtn" id="hide_prevbtn" type="checkbox" value="" /> <span class="qsm-page-setting-span"><?php esc_html_e( 'Hide Previous button', 'quiz-master-next' ); ?></span> </div>- <?php if ( "yes" == $display_advance ) { ?>- <div class="qsm-page-setting-container" style="background-color:<?php echo esc_attr($background); ?>">+ <?php if ( 'yes' == $display_advance ) { ?>+ <div class="qsm-page-setting-container" style="background-color:<?php echo esc_attr( $background ); ?>"> <div class="qsm-page-setting-top "> <div class="qsm-page-setting-left"> <span class="qsm-page-setting-label"><?php esc_html_e( 'Page Timer', 'quiz-master-next' ); ?></span> </div> <div class="qsm-page-setting-right">- <div class="qsm-row <?php echo esc_attr($disable_class); ?>">+ <div class="qsm-row <?php echo esc_attr( $disable_class ); ?>"> <label><?php esc_html_e( 'How many minutes does the user have to finish the page?', 'quiz-master-next' ); ?></label>- <span><?php esc_html_e( 'Set a time limit to complete this page in ', 'quiz-master-next' ); ?></span><input <?php echo esc_html($read_only); ?> type="number" step="1" class="small-text" min="0" id="pagetimer" name="pagetimer" value="0" placeholder="<?php esc_attr_e( 'MM', 'quiz-master-next' ); ?>"> : <input type="number" <?php echo esc_html($read_only); ?> step="1" class="small-text" min="0" id="pagetimer_second" name="pagetimer_second" value="0" placeholder="<?php esc_attr_e( 'SS', 'quiz-master-next' ); ?>">+ <span><?php esc_html_e( 'Set a time limit to complete this page in ', 'quiz-master-next' ); ?></span><input <?php echo esc_html( $read_only ); ?> type="number" step="1" class="small-text" min="0" id="pagetimer" name="pagetimer" value="0" placeholder="<?php esc_attr_e( 'MM', 'quiz-master-next' ); ?>"> : <input type="number" <?php echo esc_html( $read_only ); ?> step="1" class="small-text" min="0" id="pagetimer_second" name="pagetimer_second" value="0" placeholder="<?php esc_attr_e( 'SS', 'quiz-master-next' ); ?>"> </div>- <div class="qsm-row <?php echo esc_attr($disable_class); ?>">- <input <?php echo esc_html($read_only); ?> name="warning_checkbox" type="checkbox" value="" /><span><?php esc_html_e( 'Show warning at', 'quiz-master-next' ); ?></span>- <input <?php echo esc_html($read_only); ?> type="number" step="1" class="small-text" min="0" placeholder="<?php esc_html_e( 'MM', 'quiz-master-next' ); ?>" id="pagetimer_warning" name="pagetimer_warning" value="0"> :- <input <?php echo esc_html($read_only); ?> type="number" step="1" class="small-text" min="0" placeholder="<?php esc_html_e( 'SS', 'quiz-master-next' ); ?>" id="pagetimer_warning_second" name="pagetimer_warning_second" value="0">+ <div class="qsm-row <?php echo esc_attr( $disable_class ); ?>">+ <input <?php echo esc_html( $read_only ); ?> name="warning_checkbox" type="checkbox" value="" /><span><?php esc_html_e( 'Show warning at', 'quiz-master-next' ); ?></span>+ <input <?php echo esc_html( $read_only ); ?> type="number" step="1" class="small-text" min="0" placeholder="<?php esc_html_e( 'MM', 'quiz-master-next' ); ?>" id="pagetimer_warning" name="pagetimer_warning" value="0"> :+ <input <?php echo esc_html( $read_only ); ?> type="number" step="1" class="small-text" min="0" placeholder="<?php esc_html_e( 'SS', 'quiz-master-next' ); ?>" id="pagetimer_warning_second" name="pagetimer_warning_second" value="0"> </div> </div> </div> <div class="qsm-page-setting-bottom ">- <?php if ( ! class_exists ( 'QSM_AdvancedTimer' ) ) { ?>+ <?php if ( ! class_exists( 'QSM_AdvancedTimer' ) ) { ?> <div class="qsm-popup-upgrade-warning"> <img src="<?php echo esc_url( QSM_PLUGIN_URL . 'php/images/info-yellow.png' ); ?>" alt="information">- <span><?php esc_html_e( 'You can set timer in each page using Advanced Timer Add-on. ', 'quiz-master-next'); echo sprintf( '<a style="margin-right: 5px;font-weight: bolder;" href="%s" target="_blank">%s</a>', esc_url( qsm_get_plugin_link( 'downloads/wordpress-quiz-timer-advanced', 'advanced-timer-popup', 'quiz_editor', 'get_addon', 'qsm_plugin_upsell' ) ), esc_html__( 'Get this add-on ', 'quiz-master-next' ) ); esc_html_e( 'and extend your quiz features.', 'quiz-master-next' ); ?></span>+ <span>+ <?php+ esc_html_e( 'You can set timer in each page using Advanced Timer Add-on. ', 'quiz-master-next' );+ printf( '<a style="margin-right: 5px;font-weight: bolder;" href="%s" target="_blank">%s</a>', esc_url( qsm_get_plugin_link( 'downloads/wordpress-quiz-timer-advanced', 'advanced-timer-popup', 'quiz_editor', 'get_addon', 'qsm_plugin_upsell' ) ), esc_html__( 'Get this add-on ', 'quiz-master-next' ) );+ esc_html_e( 'and extend your quiz features.', 'quiz-master-next' );+ ?>+ </span> </div> <?php } ?> </div>@@ -918,22 +926,28 @@ * @return void */ function qsm_ajax_unlink_question_from_list() {- if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'ajax-nonce-unlink-question' ) ) {- wp_send_json_error( array(- 'message' => __( 'Nonce verification failed.', 'quiz-master-next'),- ));- }- $question_id = isset( $_POST['question_id'] ) ? intval( $_POST['question_id'] ) : 0;- if ( $question_id > 0 ) {- qsm_process_unlink_question_from_list_by_question_id($question_id);- wp_send_json_success( array(- 'message' => __( 'Question is unlinked from all quizzes.', 'quiz-master-next' ),- ));- } else {- wp_send_json_error( array(- 'message' => __( 'Invalid question ID.', 'quiz-master-next' ),- ));- }+ if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'ajax-nonce-unlink-question' ) ) {+ wp_send_json_error(+ array(+ 'message' => __( 'Nonce verification failed.', 'quiz-master-next' ),+ )+ );+ }+ $question_id = isset( $_POST['question_id'] ) ? intval( $_POST['question_id'] ) : 0;+ if ( $question_id > 0 ) {+ qsm_process_unlink_question_from_list_by_question_id( $question_id );+ wp_send_json_success(+ array(+ 'message' => __( 'Question is unlinked from all quizzes.', 'quiz-master-next' ),+ )+ );+ } else {+ wp_send_json_error(+ array(+ 'message' => __( 'Invalid question ID.', 'quiz-master-next' ),+ )+ );+ } } add_action( 'wp_ajax_qsm_unlink_question_from_list', 'qsm_ajax_unlink_question_from_list' ); @@ -944,23 +958,25 @@ * @return void */ function qsm_process_unlink_question_from_list_by_question_id( $question_id ) {- global $wpdb;- $current_linked_questions = $wpdb->get_var( $wpdb->prepare(- "SELECT linked_question FROM {$wpdb->prefix}mlw_questions WHERE question_id = %d",- $question_id- ) );+ global $wpdb;+ $current_linked_questions = $wpdb->get_var(+ $wpdb->prepare(+ "SELECT linked_question FROM {$wpdb->prefix}mlw_questions WHERE question_id = %d",+ $question_id+ )+ ); if ( $current_linked_questions ) {- $current_links = explode(',', $current_linked_questions);- $current_links = array_map('trim', $current_links);- $current_links = array_diff($current_links, [ $question_id ]);- $updated_linked_list = implode(',', array_filter($current_links));- $linked_ids = explode(',', $updated_linked_list);+ $current_links = explode( ',', $current_linked_questions );+ $current_links = array_map( 'trim', $current_links );+ $current_links = array_diff( $current_links, array( $question_id ) );+ $updated_linked_list = implode( ',', array_filter( $current_links ) );+ $linked_ids = explode( ',', $updated_linked_list ); foreach ( $linked_ids as $linked_id ) { $wpdb->update( $wpdb->prefix . 'mlw_questions', array( 'linked_question' => $updated_linked_list ),- array( 'question_id' => intval($linked_id) ),+ array( 'question_id' => intval( $linked_id ) ), array( '%s' ), array( '%d' ) );@@ -968,7 +984,7 @@ $wpdb->update( $wpdb->prefix . 'mlw_questions', array( 'linked_question' => '' ),- array( 'question_id' => intval($question_id) ),+ array( 'question_id' => intval( $question_id ) ), array( '%s' ), array( '%d' ) );@@ -988,26 +1004,26 @@ } global $mlwQuizMasterNext;- $json = array(+ $json = array( 'status' => 'error', );- $quiz_id = isset( $_POST['quiz_id'] ) ? intval( $_POST['quiz_id'] ) : 0;- $post_id = isset( $_POST['post_id'] ) ? intval( $_POST['post_id'] ) : 0;+ $quiz_id = isset( $_POST['quiz_id'] ) ? intval( $_POST['quiz_id'] ) : 0;+ $post_id = isset( $_POST['post_id'] ) ? intval( $_POST['post_id'] ) : 0; $mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz_id );- $pages = isset( $_POST['pages'] ) ? qsm_sanitize_rec_array( wp_unslash( $_POST['pages'] ) ) : array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized- $qpages = isset( $_POST['qpages'] ) ? qsm_sanitize_rec_array( wp_unslash( $_POST['qpages'] ) ) : array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized- $all_questions = array();+ $pages = isset( $_POST['pages'] ) ? qsm_sanitize_rec_array( wp_unslash( $_POST['pages'] ) ) : array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized+ $qpages = isset( $_POST['qpages'] ) ? qsm_sanitize_rec_array( wp_unslash( $_POST['qpages'] ) ) : array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized+ $all_questions = array(); //merge duplicate questions foreach ( $pages as $page_key => $questions ) {- $page_questions = array();- $questions = array_unique( $questions );+ $page_questions = array();+ $questions = array_unique( $questions ); foreach ( $questions as $id ) { if ( ! in_array( $id, $all_questions, true ) ) { $page_questions[] = $id; } }- $all_questions = array_merge( $all_questions, $questions );- $pages[ $page_key ] = $page_questions;+ $all_questions = array_merge( $all_questions, $questions );+ $pages[ $page_key ] = $page_questions; if ( isset( $qpages[ $page_key ] ) ) { $qpages[ $page_key ]['questions'] = $page_questions; }@@ -1018,8 +1034,8 @@ if ( $response ) { $json['status'] = 'success'; // update post_modified- $datetime = current_time( 'Y-m-d H:i:s', 0 );- $update = array(+ $datetime = current_time( 'Y-m-d H:i:s', 0 );+ $update = array( 'ID' => $post_id, 'post_modified' => $datetime, );@@ -1116,7 +1132,7 @@ add_action( 'wp_ajax_qsm_dashboard_delete_result', 'qsm_dashboard_delete_result' ); function qsm_dashboard_delete_result() { $result_id = isset( $_POST['result_id'] ) ? intval( $_POST['result_id'] ) : 0;- if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'wp_rest' ) && $result_id ) {+ if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'wp_rest' ) && $result_id && current_user_can( 'administrator' ) ) { global $wpdb; $wpdb->update( $wpdb->prefix . 'mlw_results',@@ -1197,16 +1213,16 @@ global $wpdb, $mlwQuizMasterNext; $update_qpages_after_delete = array();- $connected_question_ids = qsm_get_unique_linked_question_ids_to_remove( [ $question_id ] );- $question_ids_to_delete = array_merge($connected_question_ids, [ $question_id ]);- $question_ids_to_delete = array_unique( $question_ids_to_delete );- $placeholders = array_fill( 0, count( $question_ids_to_delete ), '%d' );-- do_action('qsm_question_deleted',$question_id);-- if ( ! empty($connected_question_ids) ) {- $connected_question_ids = array_diff($connected_question_ids, [ $base_question_id ] );- $update_qpages_after_delete = qsm_process_to_update_qpages_after_unlink($connected_question_ids);+ $connected_question_ids = qsm_get_unique_linked_question_ids_to_remove( array( $question_id ) );+ $question_ids_to_delete = array_merge( $connected_question_ids, array( $question_id ) );+ $question_ids_to_delete = array_unique( $question_ids_to_delete );+ $placeholders = array_fill( 0, count( $question_ids_to_delete ), '%d' );++ do_action( 'qsm_question_deleted', $question_id );++ if ( ! empty( $connected_question_ids ) ) {+ $connected_question_ids = array_diff( $connected_question_ids, array( $base_question_id ) );+ $update_qpages_after_delete = qsm_process_to_update_qpages_after_unlink( $connected_question_ids ); } // Construct the query with placeholders@@ -1216,10 +1232,10 @@ ); // Prepare the query- $query = $wpdb->prepare( $query, $question_ids_to_delete );+ $query = $wpdb->prepare( $query, $question_ids_to_delete ); $results = $wpdb->query( $query ); if ( $results ) {- if ( ! empty($update_qpages_after_delete) ) {+ if ( ! empty( $update_qpages_after_delete ) ) { foreach ( $update_qpages_after_delete as $quiz_id => $aftervalue ) { $mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz_id ); $mlwQuizMasterNext->pluginHelper->update_quiz_setting( 'qpages', $aftervalue['qpages'] );@@ -1227,9 +1243,9 @@ } } wp_send_json_success( __( 'Question removed Successfully.', 'quiz-master-next' ) );- }else {+ } else { wp_send_json_error( __( 'Question delete failed!', 'quiz-master-next' ) );- $mlwQuizMasterNext->log_manager->add( __('Error 0001 delete questions failed - question ID:', 'quiz-master-next') . $question_id, '<br><b>Error:</b>' . $wpdb->last_error . ' from ' . $wpdb->last_query, 0, 'error' );+ $mlwQuizMasterNext->log_manager->add( __( 'Error 0001 delete questions failed - question ID:', 'quiz-master-next' ) . $question_id, '<br><b>Error:</b>' . $wpdb->last_error . ' from ' . $wpdb->last_query, 0, 'error' ); } } }@@ -1259,9 +1275,12 @@ $question_id = explode( ',', $question_id ); // filter question ids- $question_id = array_filter( $question_id, function( $questionID ) {- return is_numeric( $questionID ) && 0 < intval( $questionID );- } );+ $question_id = array_filter(+ $question_id,+ function ( $questionID ) {+ return is_numeric( $questionID ) && 0 < intval( $questionID );+ }+ ); // Sanitize and validate the IDs $base_question_ids = $question_id = array_map( 'intval', $question_id );@@ -1269,16 +1288,16 @@ if ( ! empty( $question_id ) ) { $update_qpages_after_delete = array();- $connected_question_ids = qsm_get_unique_linked_question_ids_to_remove($question_id);- $question_ids_to_delete = array_merge($connected_question_ids, $question_id);- $question_ids_to_delete = array_unique( $question_ids_to_delete );- $placeholders = array_fill( 0, count( $question_ids_to_delete ), '%d' );-- do_action('qsm_question_deleted',$question_id);-- if ( ! empty($connected_question_ids) ) {- $connected_question_ids = array_diff($connected_question_ids, $base_question_ids );- $update_qpages_after_delete = qsm_process_to_update_qpages_after_unlink($connected_question_ids);+ $connected_question_ids = qsm_get_unique_linked_question_ids_to_remove( $question_id );+ $question_ids_to_delete = array_merge( $connected_question_ids, $question_id );+ $question_ids_to_delete = array_unique( $question_ids_to_delete );+ $placeholders = array_fill( 0, count( $question_ids_to_delete ), '%d' );++ do_action( 'qsm_question_deleted', $question_id );++ if ( ! empty( $connected_question_ids ) ) {+ $connected_question_ids = array_diff( $connected_question_ids, $base_question_ids );+ $update_qpages_after_delete = qsm_process_to_update_qpages_after_unlink( $connected_question_ids ); } // Construct the query with placeholders@@ -1292,7 +1311,7 @@ $results = $wpdb->query( $query ); if ( $results ) {- if ( ! empty($update_qpages_after_delete) ) {+ if ( ! empty( $update_qpages_after_delete ) ) { foreach ( $update_qpages_after_delete as $quiz_id => $aftervalue ) { $mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz_id ); $mlwQuizMasterNext->pluginHelper->update_quiz_setting( 'qpages', $aftervalue['qpages'] );@@ -1300,8 +1319,8 @@ } } wp_send_json_success( __( 'Questions removed Successfully.', 'quiz-master-next' ) );- }else {- $mlwQuizMasterNext->log_manager->add( __('Error 0001 delete questions failed - question IDs:', 'quiz-master-next') . $question_id, '<br><b>Error:</b>' . $wpdb->last_error . ' from ' . $wpdb->last_query, 0, 'error' );+ } else {+ $mlwQuizMasterNext->log_manager->add( __( 'Error 0001 delete questions failed - question IDs:', 'quiz-master-next' ) . $question_id, '<br><b>Error:</b>' . $wpdb->last_error . ' from ' . $wpdb->last_query, 0, 'error' ); wp_send_json_error( __( 'Question delete failed!', 'quiz-master-next' ) ); } } else {@@ -1317,38 +1336,38 @@ * @since 9.1.3 */ function qsm_process_to_update_qpages_after_unlink( $connected_question_ids ) {- $comma_seprated_ids = implode( ',', array_unique($connected_question_ids) );- $qpages_array = array();- if ( ! empty($comma_seprated_ids) ) {+ $comma_seprated_ids = implode( ',', array_unique( $connected_question_ids ) );+ $qpages_array = array();+ if ( ! empty( $comma_seprated_ids ) ) { global $wpdb, $mlwQuizMasterNext;- $quiz_results = $wpdb->get_results( "SELECT `quiz_id`, `question_id` FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" .$comma_seprated_ids. ")" );- if ( ! empty($quiz_results) ) {+ $quiz_results = $wpdb->get_results( "SELECT `quiz_id`, `question_id` FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" . $comma_seprated_ids . ')' );+ if ( ! empty( $quiz_results ) ) { foreach ( $quiz_results as $single_quiz ) {- $quiz_id = $single_quiz->quiz_id;+ $quiz_id = $single_quiz->quiz_id; $mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz_id );- $pages = $mlwQuizMasterNext->pluginHelper->get_quiz_setting( 'pages', array() );+ $pages = $mlwQuizMasterNext->pluginHelper->get_quiz_setting( 'pages', array() ); $clone_qpages = $qpages = $mlwQuizMasterNext->pluginHelper->get_quiz_setting( 'qpages', array() );- if ( ! empty($clone_qpages) ) {+ if ( ! empty( $clone_qpages ) ) { foreach ( $clone_qpages as $clonekey => $clonevalue ) {- if ( ! empty($clonevalue['questions']) && in_array($single_quiz->question_id, $clonevalue['questions'], true) ) {- $clone_qpages[ $clonekey ]['questions'] = array_diff($clonevalue['questions'], [ $single_quiz->question_id ]);- $pages[ $clonekey ] = array_diff($pages[ $clonekey ], [ $single_quiz->question_id ]);+ if ( ! empty( $clonevalue['questions'] ) && in_array( $single_quiz->question_id, $clonevalue['questions'], true ) ) {+ $clone_qpages[ $clonekey ]['questions'] = array_diff( $clonevalue['questions'], array( $single_quiz->question_id ) );+ $pages[ $clonekey ] = array_diff( $pages[ $clonekey ], array( $single_quiz->question_id ) ); } } $qpages = $clone_qpages; } //merge duplicate questions- $all_questions = array();+ $all_questions = array(); foreach ( $pages as $page_key => $questions ) {- $page_questions = array();- $questions = array_unique( $questions );+ $page_questions = array();+ $questions = array_unique( $questions ); foreach ( $questions as $id ) { if ( ! in_array( $id, $all_questions, true ) ) { $page_questions[] = $id; } }- $all_questions = array_merge( $all_questions, $questions );- $pages[ $page_key ] = $page_questions;+ $all_questions = array_merge( $all_questions, $questions );+ $pages[ $page_key ] = $page_questions; if ( isset( $qpages[ $page_key ] ) ) { $qpages[ $page_key ]['questions'] = $page_questions; }@@ -1371,26 +1390,26 @@ * @since 9.1.3 */ function qsm_get_unique_linked_question_ids_to_remove( $question_ids ) {- global $wpdb;+ global $wpdb; $all_ids = array();- foreach ( $question_ids as $id ) {- $sql = $wpdb->prepare(- "SELECT linked_question FROM {$wpdb->prefix}mlw_questions WHERE question_id = %d",- $id- );- $linked_question = $wpdb->get_var($sql);- if ( ! empty($linked_question) ) {- $all_ids = array_merge($all_ids, explode(',', $linked_question));- }- }- return $all_ids;+ foreach ( $question_ids as $id ) {+ $sql = $wpdb->prepare(+ "SELECT linked_question FROM {$wpdb->prefix}mlw_questions WHERE question_id = %d",+ $id+ );+ $linked_question = $wpdb->get_var( $sql );+ if ( ! empty( $linked_question ) ) {+ $all_ids = array_merge( $all_ids, explode( ',', $linked_question ) );+ }+ }+ return $all_ids; } add_action( 'wp_ajax_save_new_category', 'qsm_save_new_category' ); function qsm_save_new_category() {- $category = isset( $_POST['name'] ) ? sanitize_text_field( wp_unslash( $_POST['name'] ) ) : '';- $parent = isset( $_POST['parent'] ) ? intval( $_POST['parent'] ) : '';- $parent = ( -1 == $parent ) ? 0 : $parent;+ $category = isset( $_POST['name'] ) ? sanitize_text_field( wp_unslash( $_POST['name'] ) ) : '';+ $parent = isset( $_POST['parent'] ) ? intval( $_POST['parent'] ) : '';+ $parent = ( -1 == $parent ) ? 0 : $parent; if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'ajax-nonce-sandy-page' ) ) { $term_array = wp_insert_term( $category,@@ -1418,8 +1437,8 @@ <div><span class="dashicons dashicons-move"></span> <span class="page-number"></span></div> <div class="page-header-buttons"> <div class="page-header-icons">- <a href="javascript:void(0)" class="qsm-admin-randomize-page-questions" title="Shuffle Questions" id="qsm-admin-randomize-page-question-{{data.id}}" data-page-id="{{data.id}}"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/randomize.svg'); ?>" alt="randomize.svg"/></a>- <a href="javascript:void(0)" class="edit-page-button" title="Edit Page"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/gear.svg'); ?>" alt="gear.svg"/></a>+ <a href="javascript:void(0)" class="qsm-admin-randomize-page-questions" title="Shuffle Questions" id="qsm-admin-randomize-page-question-{{data.id}}" data-page-id="{{data.id}}"><img class="qsm-common-svg-image-class" src="<?php echo esc_url( QSM_PLUGIN_URL . 'assets/randomize.svg' ); ?>" alt="randomize.svg"/></a>+ <a href="javascript:void(0)" class="edit-page-button" title="Edit Page"><img class="qsm-common-svg-image-class" src="<?php echo esc_url( QSM_PLUGIN_URL . 'assets/gear.svg' ); ?>" alt="gear.svg"/></a> </div> <a href="javascript:void(0)" class="add-question-bank-button button button-primary qsm-common-button-styles"><?php esc_html_e( 'Import', 'quiz-master-next' ); ?></a> <a href="javascript:void(0)" class="new-question-button button button-primary qsm-common-button-styles"><?php esc_html_e( 'Add Question', 'quiz-master-next' ); ?></a>@@ -1450,10 +1469,10 @@ </div> <div class="form-actions"> <div class="qsm-actions-link-box">- <a href="#" title="Edit Question" class="edit-question-button"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/edit-pencil.svg'); ?>" alt="edit-pencil.svg"/></a>- <a href="#" title="Clone Question" class="duplicate-question-button"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/copy.svg'); ?>" alt="copy.svg"/></a>- <a href="javascript:void(0)" title="Move Question" class="move-question-button"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/arrow-up-down-fill.svg'); ?>" alt="arrow-up-down-fill.svg"/></a>- <a href="#" title="Delete Question" class="delete-question-button" data-question-iid="{{data.id }}"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/trash.svg'); ?>" alt="trash.svg"/></a>+ <a href="#" title="Edit Question" class="edit-question-button"><img class="qsm-common-svg-image-class" src="<?php echo esc_url( QSM_PLUGIN_URL . 'assets/edit-pencil.svg' ); ?>" alt="edit-pencil.svg"/></a>+ <a href="#" title="Clone Question" class="duplicate-question-button"><img class="qsm-common-svg-image-class" src="<?php echo esc_url( QSM_PLUGIN_URL . 'assets/copy.svg' ); ?>" alt="copy.svg"/></a>+ <a href="javascript:void(0)" title="Move Question" class="move-question-button"><img class="qsm-common-svg-image-class" src="<?php echo esc_url( QSM_PLUGIN_URL . 'assets/arrow-up-down-fill.svg' ); ?>" alt="arrow-up-down-fill.svg"/></a>+ <a href="#" title="Delete Question" class="delete-question-button" data-question-iid="{{data.id }}"><img class="qsm-common-svg-image-class" src="<?php echo esc_url( QSM_PLUGIN_URL . 'assets/trash.svg' ); ?>" alt="trash.svg"/></a> </div> </div> </div>
I'll analyze this code diff for security vulnerabilities following the specified format.
Vulnerability Existed: yes
TRUE POSITIVE
Authorization Check Missing - CWE-862 - php/admin/options-page-questions-tab.php - Line 1135
Old Code:
```php
if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'wp_rest' ) && $result_id ) {
```
Fixed Code:
```php
if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'wp_rest' ) && $result_id && current_user_can( 'administrator' ) ) {
```
Explanation:
The original code only verified a nonce but failed to check user capabilities/permissions before allowing deletion of quiz results. Any authenticated user could delete results if they knew the nonce. The fix adds `current_user_can( 'administrator' )` to ensure only administrators can delete results, properly implementing authorization control.
---
Vulnerability Existed: no
Code Formatting Changes - N/A - php/admin/options-page-questions-tab.php - Multiple Lines
Old Code:
Various spacing and alignment inconsistencies throughout the file
Fixed Code:
Properly aligned and consistently formatted code with correct spacing
Explanation:
The majority of the diff consists of code style and formatting improvements (spacing, alignment, quote consistency). These changes do not introduce or fix security vulnerabilities—they are purely cosmetic/maintainability improvements that make the code more readable and consistent with coding standards.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/options-page-style-tab.php 2026-01-08 00:36:12.857986232 +0000+++ cache/quiz-master-next_10.3.2/php/admin/options-page-style-tab.php 2026-01-08 00:38:09.969088426 +0000@@ -229,7 +229,7 @@ "id" => 'qsm-ultimate', "title" => __( 'Go Beyond Standard Quizzes', 'quiz-master-next' ), "description" => __( 'Take full control over quiz customization and User Experience with QSM Ultimate Add-On.', 'quiz-master-next' ),- "chart_image" => plugins_url( '', dirname( __FILE__ ) ) . '/images/Ultimate.png',+ "chart_image" => plugins_url( '', __DIR__ ) . '/images/Ultimate.png', "warning" => __( 'Ultimate Addon required', 'quiz-master-next' ), "information" => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Ultimate Addon separately.', 'quiz-master-next' ), "buy_btn_text" => __( 'Buy Ultimate Addon', 'quiz-master-next' ),
Vulnerability Existed: no No Security Vulnerability Identified - File: php/admin/options-page-style-tab.php [Line 232] Old Code: ```php "chart_image" => plugins_url( '', dirname( __FILE__ ) ) . '/images/Ultimate.png', ``` Fixed Code: ```php "chart_image" => plugins_url( '', __DIR__ ) . '/images/Ultimate.png', ``` Explanation: This change replaces `dirname( __FILE__ )` with `__DIR__`, which is a modernization of PHP code rather than a security fix. Both approaches are functionally equivalent and secure. `__DIR__` is the PHP 5.3+ magic constant equivalent to `dirname( __FILE__ )`. The change improves code clarity and performance slightly, but does not address any security vulnerabilities. The `plugins_url()` function is a WordPress API that safely constructs plugin URLs, and the image path appended is a static string literal with no user input, so there are no path traversal, directory traversal, or injection vulnerabilities present in either version.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/quiz-options-page.php 2026-01-08 00:36:12.861986474 +0000+++ cache/quiz-master-next_10.3.2/php/admin/quiz-options-page.php 2026-01-08 00:38:09.969088426 +0000@@ -176,7 +176,7 @@ <a href="?page=mlw_quiz_options&quiz_id=<?php echo esc_attr( $quiz_id ); ?>&tab=<?php echo esc_attr( $tab['slug'] ); ?>" class="nav-tab <?php echo esc_attr( $active_class ); ?>"><?php echo wp_kses_post( $tab['title'] ); ?></a> <?php } else {- $addon_tabs++;+ ++$addon_tabs; } } if ( 0 < $addon_tabs ) {@@ -302,7 +302,7 @@ "id" => 'modal-advanced-assessment', "title" => __('Advanced Assessment, Smarter Results', 'quiz-master-next'), "description" => __('Unlock Personalized Quiz Experiences with the Advanced Assessment Addon.', 'quiz-master-next'),- "chart_image" => plugins_url('', dirname(__FILE__)) . '/images/advance-assessment-chart.png',+ "chart_image" => plugins_url('', __DIR__) . '/images/advance-assessment-chart.png', "information" => __( 'Get all our add-ons at a discounted rate with the QSM Addon Bundle and save up to 95% today! Alternatively, you can also purchase the Advanced Assessment Addon separately.', 'quiz-master-next' ), "buy_btn_text" => __( 'Buy Quiz Advanced Assessment', 'quiz-master-next' ), "doc_link" => qsm_get_plugin_link( 'docs/add-ons/advanced-assessment', 'quiz-documentation', 'plugin', 'advanced-assessment', 'qsm_plugin_upsell' ),
I'll analyze the provided code diff for security fixes.
Vulnerability Existed: no
PHP Magic Constant Usage - CWE-480 - php/admin/quiz-options-page.php Line 305
Old Code:
```php
"chart_image" => plugins_url('', dirname(__FILE__)) . '/images/advance-assessment-chart.png',
```
Fixed Code:
```php
"chart_image" => plugins_url('', __DIR__) . '/images/advance-assessment-chart.png',
```
Explanation:
This change replaces `dirname(__FILE__)` with `__DIR__`, which is a modern PHP best practice improvement rather than a security fix. Both achieve the same result - getting the current directory path. `__DIR__` is clearer, more efficient, and is the recommended approach in modern PHP (5.3+). There is no security vulnerability in either version; this is a code quality improvement.
---
Vulnerability Existed: no
Code Style - CWE-N/A - php/admin/quiz-options-page.php Line 179
Old Code:
```php
$addon_tabs++;
```
Fixed Code:
```php
++$addon_tabs;
```
Explanation:
This change converts post-increment (`$addon_tabs++`) to pre-increment (`++$addon_tabs`). This is a code style/performance improvement, not a security fix. Both are functionally equivalent in this context since the return value is not used. Pre-increment is marginally more efficient as it doesn't create a temporary variable, and it's considered better practice. There is no security vulnerability in either version.
---
**Summary:** This diff contains no security vulnerabilities. Both changes are code quality improvements: modernizing PHP magic constants and applying better increment practices.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/quizzes-page.php 2026-01-08 00:36:12.865986716 +0000+++ cache/quiz-master-next_10.3.2/php/admin/quizzes-page.php 2026-01-08 00:38:09.969088426 +0000@@ -484,7 +484,7 @@ "id" => 'modal-export-import', "title" => __( 'Easily Export Quiz Data', 'quiz-master-next' ), "description" => __( 'Move quizzes effortlessly with the Export & Import Addon.', 'quiz-master-next' ),- "chart_image" => plugins_url('', dirname(__FILE__)) . '/images/export_import_chart.png',+ "chart_image" => plugins_url('', __DIR__) . '/images/export_import_chart.png', "information" => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today OR you can buy Export & Import Addon separately.', 'quiz-master-next' ), "buy_btn_text" => __( 'Buy Export & Import Addon', 'quiz-master-next' ), "doc_link" => qsm_get_plugin_link( 'docs/add-ons/export-import/', 'qsm_list', 'importexport_button', 'import-export-upsell_read_documentation', 'qsm_plugin_upsell' ),@@ -547,9 +547,6 @@ <?php } }--- } }
Vulnerability Existed: no
Path Traversal / Directory Traversal - CWE-22 - php/admin/quizzes-page.php Line 487
Old Code:
```php
"chart_image" => plugins_url('', dirname(__FILE__)) . '/images/export_import_chart.png',
```
Fixed Code:
```php
"chart_image" => plugins_url('', __DIR__) . '/images/export_import_chart.png',
```
Explanation:
This change is a code modernization, not a security fix. Both `dirname(__FILE__)` and `__DIR__` are functionally equivalent in PHP 5.3+. `__DIR__` is the magic constant that directly represents the current directory, while `dirname(__FILE__)` achieves the same result through function calls. Neither approach introduces or prevents a vulnerability—both safely pass the plugin directory to `plugins_url()`, which handles the path securely. This is a refactoring for code clarity and performance, not a security-related change.
---
Vulnerability Existed: no
Code Quality Issue - N/A - php/admin/quizzes-page.php Lines 550-552
Old Code:
```php
}
}
```
Fixed Code:
```php
}
}
```
Explanation:
The removal of three blank lines is a whitespace/formatting change with no security implications. This is code cleanup to follow better formatting standards, not a security fix.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/settings-page.php 2026-01-08 00:36:12.869986958 +0000+++ cache/quiz-master-next_10.3.2/php/admin/settings-page.php 2026-01-08 00:38:09.973088669 +0000@@ -275,7 +275,7 @@ <?php esc_html_e( 'We need to upgrade your database so that you can enjoy the latest features.', 'quiz-master-next' ); ?><br/> <?php /* translators: %s: HTML tag */- echo sprintf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' );+ printf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' ); ?> </p> <p class="category-action">@@ -856,7 +856,7 @@ <div class="qsm-mb-1"><?php esc_html_e( 'Correct Answer Logic', 'quiz-master-next' ); ?>: <br/><small><?php /* translators: %s: HTML tag */- echo sprintf( esc_html__( 'Works with %1$sMultiple Response, Horizontal Multiple Response%2$s and %3$sFill in the Blanks%4$s Question Types.', 'quiz-master-next' ), '<b>', '</b>', '<b>', '</b>' ); ?></small>+ printf( esc_html__( 'Works with %1$sMultiple Response, Horizontal Multiple Response%2$s and %3$sFill in the Blanks%4$s Question Types.', 'quiz-master-next' ), '<b>', '</b>', '<b>', '</b>' ); ?></small> </div> <label for="qsm-correct-answer-logic-1"> <input type="radio" id="qsm-correct-answer-logic-1" name="qsm-quiz-settings[correct_answer_logic]" value="1" <?php checked( $qsm_all_correct_selected, 1 ); ?>>
``` Vulnerability Existed: yes FALSE POSITIVE Cross-Site Scripting (XSS) - CWE-79 - php/admin/settings-page.php - Line 278 [Old Code] echo sprintf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' ); [Fixed Code] printf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' ); Explanation: The vulnerability existed in the original code. Using `echo sprintf()` with `esc_html__()` causes double-escaping issues. The `esc_html__()` function escapes the HTML tags `<b>` and `</b>` to `<b>` and `</b>`, but then `echo` outputs the already-escaped string as-is. While this doesn't directly result in XSS in this case, it creates semantic issues and doesn't achieve the intended formatting. The fix uses `printf()` instead of `echo sprintf()`. However, to properly output unescaped HTML tags inline with escaped text, the correct approach would be to use `wp_kses_post()` or concatenate escaped and unescaped parts appropriately. The current fix with `printf()` still has the same issue - the HTML tags passed as arguments will be escaped by `esc_html__()`, rendering them as literal text rather than HTML formatting. A proper fix would require: `printf( __( 'Please note that this action %1$s can not be %2$s rolled back...', 'quiz-master-next' ), '<b>', '</b>' );` without `esc_html__()` on the string, or using `wp_kses_post()` to allow specific HTML tags. --- Vulnerability Existed: yes FALSE POSITIVE Cross-Site Scripting (XSS) - CWE-79 - php/admin/settings-page.php - Line 859 [Old Code] echo sprintf( esc_html__( 'Works with %1$sMultiple Response, Horizontal Multiple Response%2$s and %3$sFill in the Blanks%4$s Question Types.', 'quiz-master-next' ), '<b>', '</b>', '<b>', '</b>' ); [Fixed Code] printf( esc_html__( 'Works with %1$sMultiple Response, Horizontal Multiple Response%2$s and %3$sFill in the Blanks%4$s Question Types.', 'quiz-master-next' ), '<b>', '</b>', '<b>', '</b>' ); Explanation: Same vulnerability as above. The original code uses `echo sprintf()` with `esc_html__()`, which causes the HTML tags to be escaped rather than rendered. The fix changes to `printf()`, but this still doesn't resolve the underlying issue that `esc_html__()` will escape the `<b>` tags, preventing proper HTML formatting. The fix is incomplete - it should either remove `esc_html__()` in favor of `__()` or use `wp_kses_post()` to selectively allow HTML tags. ```
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/admin/tools-page.php 2026-01-08 00:36:12.873987200 +0000+++ cache/quiz-master-next_10.3.2/php/admin/tools-page.php 2026-01-08 00:38:09.973088669 +0000@@ -190,7 +190,7 @@ <a class="button" id="prev_page" href="?page=qsm_quiz_tools&&audit_page=<?php echo esc_attr( $previous ); ?>"> <?php /* translators: %s: table limit */- echo sprintf( esc_html__( 'Previous %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) );+ printf( esc_html__( 'Previous %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) ); ?> </a> <?php@@ -199,7 +199,7 @@ <a class="button" id="next_page" href="?page=qsm_quiz_tools&&audit_page=<?php echo esc_attr( $page ); ?>"> <?php /* translators: %s: table limit */- echo sprintf( esc_html__( 'Next %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) );+ printf( esc_html__( 'Next %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) ); ?> </a> <?php@@ -210,7 +210,7 @@ <a class="button" id="next_page" href="?page=qsm_quiz_tools&&audit_page=<?php echo esc_attr( $page ); ?>"> <?php /* translators: %s: table limit */- echo sprintf( esc_html__( 'Next %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) );+ printf( esc_html__( 'Next %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) ); ?> </a> <?php@@ -221,7 +221,7 @@ <a class="button" id="prev_page" href="?page=qsm_quiz_tools&&audit_page=<?php echo esc_attr( $previous ); ?>"> <?php /* translators: %s: table limit */- echo sprintf( esc_html__( 'Previous %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) );+ printf( esc_html__( 'Previous %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) ); ?> </a> <?php
Vulnerability Existed: no Output Escaping - CWE-79 (Cross-site Scripting) - php/admin/tools-page.php Lines 193, 202, 213, 224 Old Code: ```php echo sprintf( esc_html__( 'Previous %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) ); ``` Fixed Code: ```php printf( esc_html__( 'Previous %s Audits', 'quiz-master-next' ), esc_html( $table_limit ) ); ``` Explanation: This change replaces `echo sprintf()` with `printf()`. Since `sprintf()` returns a string and the result was being echoed, the output was already properly escaped via `esc_html__()` and `esc_html()` functions. The new code using `printf()` directly outputs the formatted string, which also maintains the same escaping—the `esc_html__()` function (which translates and escapes) and `esc_html()` function still apply their escaping to the string before it's output. Both approaches are equally secure; this is a code style improvement rather than a security fix. No vulnerability existed in the old code, and the fix does not address a security issue.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qmn-alert-manager.php 2026-01-08 00:36:12.877987442 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qmn-alert-manager.php 2026-01-08 00:38:09.977088912 +0000@@ -51,6 +51,5 @@ } echo apply_filters( 'qsm_warning_messages', $alert_list ); }- }
I'll analyze this code diff for security vulnerabilities. **Analysis Results:** Vulnerability Existed: **no** This diff only contains a whitespace change (removal of an empty line before the closing brace). There are no security vulnerabilities present in this modification. **Explanation:** The change removes trailing whitespace between line 53 and 54. This is purely a formatting/style adjustment with no functional code changes. The security-relevant code (`apply_filters()` call on line 52) remains unchanged, and there are no modifications to: - Input validation - Output escaping - Authentication/authorization logic - Data handling - Dependencies or includes The `apply_filters()` function call that applies the 'qsm_warning_messages' filter was already in place before this change and remains unchanged, so any security posture related to that code is unaffected by this whitespace-only modification.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qmn-background-process.php 2026-01-08 00:36:12.877987442 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qmn-background-process.php 2026-01-08 00:38:09.981089155 +0000@@ -55,5 +55,4 @@ public function really_long_running_task() { return sleep(5); }- }\ No newline at end of file
# Security Analysis of Code Diff
Vulnerability Existed: no
[No Vulnerability Identified] - [N/A] - php/classes/class-qmn-background-process.php [55-58]
Old Code:
```php
public function really_long_running_task() {
return sleep(5);
}
}
```
Fixed Code:
```php
public function really_long_running_task() {
return sleep(5);
}
}
```
Explanation:
The diff shows a whitespace-only change—removal of a blank line before the closing brace. This is a formatting/style modification with no security implications. The code itself remains functionally identical, and there are no security vulnerabilities being introduced or fixed. The `sleep()` function call is not a security concern in this context as it's a legitimate timing control in a background process handler.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qmn-plugin-helper.php 2026-01-08 00:36:12.877987442 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qmn-plugin-helper.php 2026-01-08 00:38:09.985089399 +0000@@ -1,8 +1,8 @@ <?php-if (! defined('ABSPATH')) {- exit;+if ( ! defined( 'ABSPATH' ) ) {+ exit; }-include_once ABSPATH . 'wp-admin/includes/plugin.php';+require_once ABSPATH . 'wp-admin/includes/plugin.php'; /** * This class is a helper class to be used for extending the plugin@@ -11,1421 +11,1369 @@ * * @since 4.0.0 */-class QMNPluginHelper-{+class QMNPluginHelper { - /**- * Addon Page tabs array- *- * @var array- * @since 4.0.0- */- public $addon_tabs = [];-- /**- * Stats Page tabs array- *- * @var array- * @since 4.0.0- */- public $stats_tabs = [];-- /**- * Admin Results Page tabs array- *- * @var array- * @since 5.0.0- */- public $admin_results_tabs = [];-- /**- * Results Details Page tabs array- *- * @var array- * @since 4.1.0- */- public $results_tabs = [];-- /**- * Settings Page tabs array- *- * @var array- * @since 4.0.0- */- public $settings_tabs = [];-- /**- * Question types array- *- * @var array- * @since 4.0.0- */- public $question_types = [];-- /**- * Template array- *- * @var array- * @since 4.5.0- */- public $quiz_templates = [];-- /**- * Main Construct Function- *- * Call functions within class- *- * @since 4.0.0- * @return void- */- public function __construct()- {- add_action('wp_ajax_qmn_question_type_change', [ $this, 'get_question_type_edit_content' ]);- add_action('admin_init', [ $this, 'qsm_add_default_translations' ], 9999);- add_action('qsm_saved_question', [ $this, 'qsm_add_question_translations' ], 10, 2);- add_action('qsm_saved_text_message', [ $this, 'qsm_add_text_message_translations' ], 10, 3);- add_action('qsm_saved_quiz_settings', [ $this, 'qsm_add_quiz_settings_translations' ], 10, 3);-- add_action('qsm_register_language_support', [ $this, 'qsm_register_language_support' ], 10, 3);- add_filter('qsm_language_support', [ $this, 'qsm_language_support' ], 10, 3);- add_action('wp_ajax_qsm_validate_result_submission', [ $this, 'qsm_validate_result_submission' ], 10, 3);- add_action('wp_ajax_nopriv_qsm_validate_result_submission', [ $this, 'qsm_validate_result_submission' ], 10, 3);- }-- public function qsm_validate_result_submission()- {- global $wpdb, $mlwQuizMasterNext;-- $user_email = isset($_POST['email']) ? sanitize_email(wp_unslash($_POST['email'])) : '';- $quiz_id = isset($_POST['quiz_id']) ? intval(wp_unslash($_POST['quiz_id'])) : 0;- $total_user_tries = isset($_POST['total_user_tries']) ? intval(wp_unslash($_POST['total_user_tries'])) : 0;- $mlw_qmn_user_try_count = 0;-- if (! empty($user_email) && is_email($user_email)) {- $mlw_qmn_user_try_count = $wpdb->get_var(- $wpdb->prepare(- "SELECT COUNT(*) FROM {$wpdb->prefix}mlw_results WHERE email = %s AND deleted = 0 AND quiz_id = %d",- $user_email,- $quiz_id- )- );- }- if ($mlw_qmn_user_try_count < $total_user_tries) {- wp_send_json_success();- } else {- wp_send_json_error();- }- wp_die();- }-- /**- * Calls all class functions to check if quiz is setup properly- *- * @param int $quiz_id The ID of the quiz or survey to load.- * @return array An array which contains boolean result of has_proper_quiz, message and/or qmn_quiz_options- */- public function has_proper_quiz($quiz_id)- {- if (empty($quiz_id)) {- return [- 'res' => false,- 'message' => __('Empty Quiz ID.', 'quiz-master-next'),- ];- }-- $quiz_id = intval($quiz_id);-- // Tries to load quiz name to ensure this is a valid ID.- global $mlwQuizMasterNext, $qmn_allowed_visit, $qmn_json_data;- $qmn_json_data = [];- $qmn_allowed_visit = true;- if (false === $this->prepare_quiz($quiz_id)) {- return [- 'res' => false,- 'message' => __('It appears that this quiz is not set up correctly.', 'quiz-master-next'),- ];- }-- $has_result_id = ( ! isset($_GET['result_id']) || '' === $_GET['result_id'] );-- if ($has_result_id) {- global $mlw_qmn_quiz;- $mlw_qmn_quiz = $quiz_id;- }-- $qmn_quiz_options = $mlwQuizMasterNext->quiz_settings->get_quiz_options();-- if ($has_result_id) {- /**- * Filter Quiz Options before Quiz Display- */- $qmn_quiz_options = apply_filters('qsm_shortcode_quiz_options', $qmn_quiz_options);- }-- // If quiz options isn't found, stop function.- if (is_null($qmn_quiz_options) || ( ! empty($qmn_quiz_options->deleted) && 1 == $qmn_quiz_options->deleted )) {- return [- 'res' => false,- 'message' => __('This quiz is no longer available.', 'quiz-master-next'),- ];- }-- // If quiz options isn't found, stop function.- if (is_null($qmn_quiz_options) || empty($qmn_quiz_options->quiz_name)) {- return [- 'res' => false,- 'message' => __('It appears that this quiz is not set up correctly.', 'quiz-master-next'),- ];- }-- return [- 'res' => true,- 'message' => __('Quiz is setup properly.', 'quiz-master-next'),- 'qmn_quiz_options' => $qmn_quiz_options,- ];- }-- /**- * Calls all class functions to initialize quiz- *- * @param int $quiz_id The ID of the quiz or survey to load.- * @return bool True or False if ID is valid.- */- public function prepare_quiz($quiz_id)- {- $quiz_id = intval($quiz_id);-- // Tries to load quiz name to ensure this is a valid ID.- global $wpdb;- $quiz_name = $wpdb->get_var($wpdb->prepare("SELECT quiz_name FROM {$wpdb->prefix}mlw_quizzes WHERE quiz_id=%d LIMIT 1", $quiz_id));- if (is_null($quiz_name)) {- return false;- }-- global $mlwQuizMasterNext;- $mlwQuizMasterNext->quizCreator->set_id($quiz_id);- $mlwQuizMasterNext->quiz_settings->prepare_quiz($quiz_id);-- return true;- }-- /**- * Retrieves all quizzes.- *- * @param bool $include_deleted If set to true, returned array will include all deleted quizzes- * @param string $order_by The column the quizzes should be ordered by- * @param string $order whether the $order_by should be ordered as ascending or decending. Can be "ASC" or "DESC"- * @param arr $user_role role of current user- * @param int $user_id Get the quiz based on user id- * @return array All of the quizzes as a numerical array of objects- */- public function get_quizzes($include_deleted = false, $order_by = 'quiz_id', $order = 'DESC', $user_role = [], $user_id = '', $limit = '', $offset = '', $where = '')- {- global $wpdb;-- // Set order direction- $order_direction = 'DESC';- if ('ASC' === $order) {- $order_direction = 'ASC';- }-- // Set field to sort by- switch ($order_by) {- case 'last_activity':- $order_field = 'last_activity';- break;-- case 'quiz_views':- $order_field = 'quiz_views';- break;-- case 'quiz_taken':- $order_field = 'quiz_taken';- break;-- case 'title':- $order_field = 'quiz_name';- break;-- default:- $order_field = 'quiz_id';- break;- }-- // Should we include deleted?- $delete = 'WHERE deleted=0';- if ('' !== $where) {- $delete = $delete . ' AND ' . $where;- }- if ($include_deleted) {- $delete = '';- }- $user_str = '';- if (in_array('author', (array) $user_role, true)) {- if ($user_id && '' === $delete) {- $user_str = "WHERE quiz_author_id = '$user_id'";- } elseif ($user_id && '' !== $delete) {- $user_str = " AND quiz_author_id = '$user_id'";- }- }- if ('' !== $where && '' !== $user_str) {- $user_str = $user_str . ' AND ' . $where;- }- $where_str = '';- if ('' === $user_str && '' === $delete && '' !== $where) {- $where_str = "WHERE $where";- }- if ('' !== $limit) {- $limit = ' limit ' . $offset . ', ' . $limit;- }- // Get quizzes and return them- $delete = apply_filters('quiz_query_delete_clause', $delete);- $quizzes = $wpdb->get_results(stripslashes($wpdb->prepare("SELECT * FROM {$wpdb->prefix}mlw_quizzes %1s %2s %3s ORDER BY %4s %5s %6s", $delete, $user_str, $where_str, $order_field, $order_direction, $limit)));- return $quizzes;- }-- /**- * Registers a quiz setting- *- * @since 5.0.0- * @param array $field_array An array of the components for the settings field- */- public function register_quiz_setting($field_array, $section = 'quiz_options')- {- global $mlwQuizMasterNext;- $mlwQuizMasterNext->quiz_settings->register_setting($field_array, $section);- }-- /**- * Retrieves a setting value from a section based on name of section and setting- *- * @since 5.0.0- * @param string $section The name of the section the setting is registered in- * @param string $setting The name of the setting whose value we need to retrieve- * @param mixed $default What we need to return if no setting exists with given $setting- * @return $mixed Value set for $setting or $default if setting does not exist- */- public function get_section_setting($section, $setting, $default = false)- {- global $mlwQuizMasterNext;- return apply_filters('qsm_section_setting_text', $mlwQuizMasterNext->quiz_settings->get_section_setting($section, $setting, $default));- }-- /**- * Retrieves setting value based on name of setting- *- * @since 4.0.0- * @param string $setting The name of the setting whose value we need to retrieve- * @param mixed $default What we need to return if no setting exists with given $setting- * @return $mixed Value set for $setting or $default if setting does not exist- */- public function get_quiz_setting($setting, $default = false, $caller = '')- {- global $mlwQuizMasterNext;- if (( 'pages' == $setting || 'qpages' == $setting ) && empty($caller)) {- $pages = $mlwQuizMasterNext->quiz_settings->get_setting($setting, $default);- $temp_pages = [];- foreach ($pages as $index => $page) {- $page_should_display = [];- $page = 'qpages' == $setting ? $page['questions'] : $page;- foreach ($page as $key => $question_id) {- $isPublished = $mlwQuizMasterNext->pluginHelper->get_question_setting($question_id, 'isPublished');- if ('' == $isPublished || ( '' != $isPublished && 1 === intval($isPublished) )) {- $page_should_display[] = true;- } elseif ('' != $isPublished && 0 === intval($isPublished)) {- $page_should_display[] = false;- unset($page[ $key ]);- }- }- if (in_array(true, $page_should_display, true)) {- if ('qpages' == $setting) {- $pages[ $index ]['questions'] = $page;- $temp_pages[] = $pages[ $index ];- } else {- $temp_pages[] = $page;- }- }- }- return $temp_pages;- }- return $mlwQuizMasterNext->quiz_settings->get_setting($setting, $default);- }-- /**- * Updates a settings value, adding it if it didn't already exist- *- * @since 4.0.0- * @param string $setting The name of the setting whose value we need to retrieve- * @param mixed $value The value that needs to be stored for the setting- * @return bool True if successful or false if fails- */- public function update_quiz_setting($setting, $value)- {- global $mlwQuizMasterNext;- return $mlwQuizMasterNext->quiz_settings->update_setting($setting, $value);- }-- /**- * Outputs the section of input fields- *- * @since 5.0.0- * @since 7.0 Added new parameter settings_fields for default setting- * @param string $section The section that the settings were registered with- */- public function generate_settings_section($section = 'quiz_options', $settings_fields = [])- {- global $mlwQuizMasterNext;- if (empty($settings_fields)) {- $settings_fields = $mlwQuizMasterNext->quiz_settings->load_setting_fields($section);- }- QSM_Fields::generate_section($settings_fields, $section);- }-- /**- * Registers Quiz Templates- *- * @since 4.5.0- * @param $name String of the name of the template- * @param $file_path String of the path to the css file- */- public function register_quiz_template($name, $file_path)- {- $slug = strtolower(str_replace(' ', '-', $name));- $this->quiz_templates[ $slug ] = [- 'name' => $name,- 'path' => $file_path,- ];- }-- /**- * Returns Template Array- *- * @since 4.5.0- * @param $name String of the name of the template. If left empty, will return all templates- * @return array The array of quiz templates- */- public function get_quiz_templates($slug = null)- {- if (is_null($slug)) {- return $this->quiz_templates;- } elseif (isset($this->quiz_templates[ $slug ])) {- return $this->quiz_templates[ $slug ];- } else {- return false;- }- }-- /**- * Register Question Types- *- * Adds a question type to the question type array using the parameters given- *- * @since 4.0.0- * @param string $name The name of the Question Type which will be shown when selecting type- * @param string $display_function The name of the function to call when displaying the question- * @param bool $graded Tells the plugin if this question is graded or not. This will affect scoring.- * @param string $review_function The name of the function to call when scoring the question- * @param string $slug The slug of the question type to be stored with question in database- * @param array $options The options for show and hide question validation settings and answer types- * @return void- */- public function register_question_type($name, $display_function, $graded, $review_function = null, $edit_args = null, $save_edit_function = null, $slug = null, $options = [])- {- if (is_null($slug)) {- $slug = strtolower(str_replace(' ', '-', $name));- } else {- $slug = strtolower(str_replace(' ', '-', $slug));- }- if (is_null($edit_args) || ! is_array($edit_args)) {- $validated_edit_function = [- 'inputs' => [- 'question',- 'answer',- 'hint',- 'correct_info',- 'comments',- 'category',- 'required',- ],- 'information' => '',- 'extra_inputs' => [],- 'function' => '',- ];- } else {- $validated_edit_function = [- 'inputs' => $edit_args['inputs'],- 'information' => $edit_args['information'],- 'extra_inputs' => $edit_args['extra_inputs'],- 'function' => $edit_args['function'],- ];- }- if (is_null($save_edit_function)) {- $save_edit_function = '';- }- $new_type = [- 'name' => $name,- 'display' => $display_function,- 'review' => $review_function,- 'graded' => $graded,- 'edit' => $validated_edit_function,- 'save' => $save_edit_function,- 'slug' => $slug,- 'options' => $options,- ];- $new_type = apply_filters('register_question_type_new_type', $new_type);- $this->question_types[ $slug ] = $new_type;- }-- /**- * Retrieves List Of Question Types- *- * retrieves a list of the slugs and names of the question types- *- * @since 4.0.0- * @return array An array which contains the slug and name of question types that have been registered- */- public function get_question_type_options()- {- $type_array = [];- foreach ($this->question_types as $type) {- $type_array[] = [- 'slug' => $type['slug'],- 'name' => $type['name'],- 'options' => $type['options'],- ];- }- return $type_array;- }-- /**- *- */- public function set_question_type_meta($type_id, $meta_key, $meta_value)- {-- $this->question_types[ $type_id ][ $meta_key ] = $meta_value;- }-- public function get_question_type_edit_fields()- {- $type_array = [];- foreach ($this->question_types as $type) {- $type_array[ $type['slug'] ] = $type['edit'];- }- return $type_array;- }-- /**- * Displays A Question- *- * Retrieves the question types display function and creates the HTML for the question- *- * @since 4.0.0- * @param string $slug The slug of the question type that the question is- * @param int $question_id The id of the question- * @param array $quiz_options An array of the columns of the quiz row from the database- * @return string The HTML for the question- */- public function display_question($slug, $question_id, $quiz_options)- {- global $wpdb;- global $qmn_total_questions, $qmn_all_questions_count;- $randomness_order = $this->qsm_get_randomization_modes( $quiz_options->randomness_order );- $question = $wpdb->get_row($wpdb->prepare('SELECT * FROM ' . $wpdb->prefix . 'mlw_questions WHERE question_id=%d', intval($question_id)));- $answers = [];- if (is_serialized($question->answer_array) && is_array(maybe_unserialize($question->answer_array))) {- $answers = maybe_unserialize($question->answer_array);- } else {- $mlw_answer_array_correct = [ 0, 0, 0, 0, 0, 0 ];- $mlw_answer_array_correct[ $question->correct_answer - 1 ] = 1;- $answers = [- [ $question->answer_one, $question->answer_one_points, $mlw_answer_array_correct[0] ],- [ $question->answer_two, $question->answer_two_points, $mlw_answer_array_correct[1] ],- [ $question->answer_three, $question->answer_three_points, $mlw_answer_array_correct[2] ],- [ $question->answer_four, $question->answer_four_points, $mlw_answer_array_correct[3] ],- [ $question->answer_five, $question->answer_five_points, $mlw_answer_array_correct[4] ],- [ $question->answer_six, $question->answer_six_points, $mlw_answer_array_correct[5] ],- ];- }- $answers_original = $answers;- if (in_array( 'answers', $randomness_order )) {- $answers = self::qsm_shuffle_assoc($answers);- global $quiz_answer_random_ids;- $answer_ids = array_keys($answers);- $quiz_answer_random_ids[ $question_id ] = $answer_ids;- }-- // convert answer array into key value pair- $answers_kvpair = [];- foreach ($answers as $answer_item) {- $key = array_search($answer_item, $answers_original, true);- $answers_kvpair[ $key ] = $answer_item;- }- unset($answer_item);- $answers = $answers_kvpair;-- /**- * Filter Answers of specific question before display- */- $answers = apply_filters('qsm_single_question_answers', $answers, $question, $quiz_options);- foreach ($this->question_types as $type) {- if (strtolower(str_replace(' ', '-', $slug)) === $type['slug'] && ! empty($type['display']) && function_exists($type['display'])) {- $qmn_all_questions_count += 1;- if ($type['graded']) {- $qmn_total_questions += 1;- if (1 === intval($quiz_options->question_numbering)) { ?>- <span class='mlw_qmn_question_number'><?php echo esc_html($qmn_total_questions); ?>. </span>- <?php- }- }- if ($quiz_options->show_category_on_front) {- $categories = QSM_Questions::get_question_categories($question_id);- if (! empty($categories['category_name'])) {- $cat_name = implode(',', $categories['category_name']);- ?>- <div class="quiz-cat"><?php echo esc_html($cat_name); ?></div>- <?php- }- }-- call_user_func($type['display'], intval($question_id), $question->question_name, $answers);- do_action('qsm_after_question', $question);- }- }- }-- public function get_questions_count($quiz_id = 0)- {- global $wpdb;- $quiz_id = intval($quiz_id);- $count = 0;- if (empty($quiz_id) || 0 == $quiz_id) {- return $count;- }-- $quiz_settings = $wpdb->get_var($wpdb->prepare("SELECT `quiz_settings` FROM `{$wpdb->prefix}mlw_quizzes` WHERE `quiz_id`=%d", $quiz_id));- if (! empty($quiz_settings)) {- $settings = maybe_unserialize($quiz_settings);- $pages = isset($settings['pages']) ? maybe_unserialize($settings['pages']) : [];- if (! empty($pages)) {- foreach ($pages as $page) {- $count += count($page);- }- }- }- return $count;- }-- public function get_questions_ids($quiz_id = 0)- {- global $wpdb;- $quiz_id = intval($quiz_id);- $ids = [];- if (empty($quiz_id) || 0 == $quiz_id) {- return $ids;- }-- $quiz_settings = $wpdb->get_var($wpdb->prepare("SELECT `quiz_settings` FROM `{$wpdb->prefix}mlw_quizzes` WHERE `quiz_id`=%d", $quiz_id));- if (! empty($quiz_settings)) {- $settings = maybe_unserialize($quiz_settings);- $pages = isset($settings['pages']) ? maybe_unserialize($settings['pages']) : [];- if (! empty($pages)) {- foreach ($pages as $page) {- $ids = array_merge($ids, $page);- }- }- }- return $ids;- }-- /**- * Shuffle assoc array- *- * @since 7.3.11- * @param array $list An array- * @return array- */- public static function qsm_shuffle_assoc($list)- {- if (! is_array($list)) {- return $list;- }- $keys = array_keys($list);- shuffle($keys);- $random = [];- foreach ($keys as $key) {- $random[ $key ] = $list[ $key ];- }- return $random;- }-- /**- * Find the key of the first occurrence of a substring in an array- */- public static function qsm_stripos_array($str, array $arr)- {- if (is_array($arr)) {- foreach ($arr as $a) {- if (stripos($str, $a) !== false) {- return $a;- }- }- }- return false;- }-- /**- * Default strings- * Translation not added in empty string due to warning ( WordPress.WP.I18n.NoEmptyStrings )- */- public static function get_default_texts()- {- $defaults = [- 'message_before' => __('Welcome to your %QUIZ_NAME%', 'quiz-master-next'),- 'message_comment' => __('Please fill in the comment box below.', 'quiz-master-next'),- 'message_end_template' => '',- 'question_answer_template' => __('%QUESTION%<br />%USER_ANSWERS_DEFAULT%<br/>%CORRECT_ANSWER_INFO%', 'quiz-master-next'),- 'question_answer_email_template' => __('%QUESTION%<br />Answer Provided: %USER_ANSWER%<br/>Correct Answer: %CORRECT_ANSWER%<br/>Comments Entered: %USER_COMMENTS%', 'quiz-master-next'),- 'total_user_tries_text' => __('You have utilized all of your attempts to pass this quiz.', 'quiz-master-next'),- 'require_log_in_text' => __('This quiz is for logged in users only.', 'quiz-master-next'),- 'limit_total_entries_text' => __('Unfortunately, this quiz has a limited amount of entries it can recieve and has already reached that limit.', 'quiz-master-next'),- 'scheduled_timeframe_text' => '',- 'twitter_sharing_text' => __('I just scored %CORRECT_SCORE%% on %QUIZ_NAME%!', 'quiz-master-next'),- 'facebook_sharing_text' => __('I just scored %CORRECT_SCORE%% on %QUIZ_NAME%!', 'quiz-master-next'),- 'linkedin_sharing_text' => __('I just scored %CORRECT_SCORE%% on %QUIZ_NAME%!', 'quiz-master-next'),- 'submit_button_text' => __('Submit', 'quiz-master-next'),- 'retake_quiz_button_text' => __('Retake Quiz', 'quiz-master-next'),- 'previous_button_text' => __('Previous', 'quiz-master-next'),- 'next_button_text' => __('Next', 'quiz-master-next'),- 'deselect_answer_text' => __('Deselect Answer', 'quiz-master-next'),- 'empty_error_text' => __('Please complete all required fields!', 'quiz-master-next'),- 'email_error_text' => __('Not a valid e-mail address!', 'quiz-master-next'),- 'number_error_text' => __('This field must be a number!', 'quiz-master-next'),- 'incorrect_error_text' => __('The entered text is not correct!', 'quiz-master-next'),- 'url_error_text' => __('The entered URL is not valid!', 'quiz-master-next'),- 'minlength_error_text' => __('Required atleast %minlength% characters.', 'quiz-master-next'),- 'maxlength_error_text' => __('Minimum %maxlength% characters allowed.', 'quiz-master-next'),- 'comment_field_text' => __('Comments', 'quiz-master-next'),- 'hint_text' => __('Hint', 'quiz-master-next'),- 'quick_result_correct_answer_text' => __('Correct! You have selected correct answer.', 'quiz-master-next'),- 'quick_result_wrong_answer_text' => __('Wrong! You have selected wrong answer.', 'quiz-master-next'),- 'quiz_processing_message' => '',- 'quiz_limit_choice' => __('Limit of choice is reached.', 'quiz-master-next'),- 'name_field_text' => __('Name', 'quiz-master-next'),- 'business_field_text' => __('Business', 'quiz-master-next'),- 'email_field_text' => __('Email', 'quiz-master-next'),- 'phone_field_text' => __('Phone Number', 'quiz-master-next'),- 'start_quiz_text' => __('Start Quiz', 'quiz-master-next'),- 'start_survey_text' => __('Start Survey', 'quiz-master-next'),- ];- return apply_filters('qsm_default_texts', $defaults);- }-- /**- * Register string in WPML for translation- */- public static function qsm_register_language_support($translation_text = '', $translation_slug = '', $domain = 'QSM Meta')- {- if (! empty($translation_text) && is_plugin_active('wpml-string-translation/plugin.php')) {- $translation_slug = sanitize_title($translation_slug);- /**- * Register the string for translation- */- do_action('wpml_register_single_string', $domain, $translation_slug, $translation_text);- }- }-- /**- * Translate string before display- */- public static function qsm_language_support($translation_text = '', $translation_slug = '', $domain = 'QSM Meta')- {-- /**- * Check if WPML String Translation plugin is activated.- */- if (! empty($translation_text) && is_plugin_active('wpml-string-translation/plugin.php')) {- /**- * Decode HTML Special characters.- */- $translation_text = wp_kses_post(htmlspecialchars_decode($translation_text, ENT_QUOTES));- $translation_slug = sanitize_title($translation_slug);- $new_text = apply_filters('wpml_translate_single_string', $translation_text, $domain, $translation_slug);- if ('QSM Answers' === $domain && $new_text == $translation_text) {- if (0 === strpos($translation_slug, 'caption-')) {- $translation_slug = sanitize_title('caption-' . $translation_text);- } else {- $translation_slug = sanitize_title('answer-' . $translation_text);- }- $new_text = apply_filters('wpml_translate_single_string', $translation_text, $domain, $translation_slug);- }- $new_text = wp_kses_post(htmlspecialchars_decode($new_text, ENT_QUOTES));- /**- * Return translation for non-default strings.- */- if ("QSM Meta" != $domain) {- return $new_text;- }- /**- * Check if translation exist.- */- if (0 !== strcasecmp($translation_text, $new_text)) {- return $new_text;- }- /**- * Check if translation exist for default string.- */- $default_texts = self::get_default_texts();- $default_key = self::qsm_stripos_array($translation_slug, array_keys($default_texts));- if (false !== $default_key && 0 === strcasecmp($translation_text, $default_texts[ $default_key ])) {- return apply_filters('wpml_translate_single_string', $translation_text, 'QSM Defaults', 'quiz_' . $default_key);- }- } elseif (! empty($translation_text)) {- $translation_text = wp_kses_post($translation_text);- }-- return $translation_text;- }-- public function qsm_add_default_translations()- {- $default_texts = self::get_default_texts();- if (empty($default_texts)) {- return;- }- if (is_plugin_active('wpml-string-translation/plugin.php')) {- foreach ($default_texts as $key => $text) {- if (! empty($text)) {- $translation_slug = sanitize_title('quiz_' . $key);- /**- * Register the string for translation- */- do_action('wpml_register_single_string', 'QSM Defaults', $translation_slug, $text);- }- }- }- }-- public function qsm_add_question_translations($question_id, $question_data)- {- $settings = isset($question_data['question_settings']) ? maybe_unserialize($question_data['question_settings']) : [];- $hints = isset($question_data['hints']) ? $question_data['hints'] : '';- $answer_info = isset($question_data['question_answer_info']) ? html_entity_decode($question_data['question_answer_info']) : '';-- $this->qsm_register_language_support(htmlspecialchars_decode(isset($settings['question_title']) ? $settings['question_title'] : '', ENT_QUOTES), "Question-{$question_id}", "QSM Questions");- $this->qsm_register_language_support(htmlspecialchars_decode($question_data['question_name'], ENT_QUOTES), "question-description-{$question_id}", "QSM Questions");- $this->qsm_register_language_support($hints, "hint-{$question_id}");- $this->qsm_register_language_support($answer_info, "correctanswerinfo-{$question_id}");-- $answers = isset($question_data['answer_array']) ? maybe_unserialize($question_data['answer_array']) : [];- if (! empty($answers)) {- $answerEditor = isset($settings['answerEditor']) ? $settings['answerEditor'] : 'text';- foreach ($answers as $key => $ans) {- if ('image' === $answerEditor) {- $caption_text = trim(htmlspecialchars_decode($ans[3], ENT_QUOTES));- $this->qsm_register_language_support($caption_text, 'caption-' . $question_id . '-' . $key, 'QSM Answers');- } else {- $answer_text = isset($ans[0]) ? trim(htmlspecialchars_decode($ans[0], ENT_QUOTES)) : '';- $this->qsm_register_language_support($answer_text, 'answer-' . $question_id . '-' . $key, 'QSM Answers');- }- }- }- }-- public function qsm_add_text_message_translations($quiz_id, $text_id, $message)- {- $message = htmlspecialchars_decode($message, ENT_QUOTES);- $this->qsm_register_language_support($message, "quiz_{$text_id}-{$quiz_id}");- }-- public function qsm_add_quiz_settings_translations($quiz_id, $section, $settings_array)- {- if ('quiz_text' == $section && ! empty($settings_array)) {- foreach ($settings_array as $key => $val) {- if (! empty($val)) {- $this->qsm_register_language_support(htmlspecialchars_decode($val, ENT_QUOTES), "quiz_{$key}-{$quiz_id}");- }- }- }- }-- /**- * Calculates Score For Question- *- * Calculates the score for the question based on the question type- *- * @since 4.0.0- * @param string $slug The slug of the question type that the question is- * @param int $question_id The id of the question- * @return array An array of the user's score from the question- */- public function display_review($slug, $question_id)- {- $results_array = [];- global $wpdb;- $question = $wpdb->get_row($wpdb->prepare('SELECT * FROM ' . $wpdb->prefix . 'mlw_questions WHERE question_id=%d', intval($question_id)));- $answers = maybe_unserialize($question->answer_array);- if (empty($answers) || ! is_array($answers)) {- $mlw_answer_array_correct = [ 0, 0, 0, 0, 0, 0 ];- $mlw_answer_array_correct[ $question->correct_answer - 1 ] = 1;- $answers = [- [ $question->answer_one, $question->answer_one_points, $mlw_answer_array_correct[0] ],- [ $question->answer_two, $question->answer_two_points, $mlw_answer_array_correct[1] ],- [ $question->answer_three, $question->answer_three_points, $mlw_answer_array_correct[2] ],- [ $question->answer_four, $question->answer_four_points, $mlw_answer_array_correct[3] ],- [ $question->answer_five, $question->answer_five_points, $mlw_answer_array_correct[4] ],- [ $question->answer_six, $question->answer_six_points, $mlw_answer_array_correct[5] ],- ];- }- foreach ($this->question_types as $type) {- if (strtolower(str_replace(' ', '-', $slug)) === $type['slug']) {- if (! is_null($type['review'])) {- $results_array = call_user_func($type['review'], intval($question_id), $question->question_name, $answers);- } else {- $results_array = [ 'null_review' => true ];- }- }- }- return $results_array;- }-- /**- * Retrieves A Question Setting- *- * Retrieves a setting stored in the question settings array- *- * @since 4.0.0- * @param int $question_id The id of the question- * @param string $setting The name of the setting- * @return string The value stored for the setting- */- public function get_question_setting($question_id, $setting)- {- global $wpdb;- $settings = $wpdb->get_var($wpdb->prepare('SELECT question_settings FROM ' . $wpdb->prefix . 'mlw_questions WHERE question_id=%d', $question_id));- $qmn_settings_array = maybe_unserialize($settings);-- if (is_array($qmn_settings_array) && isset($qmn_settings_array[ $setting ])) {- return $qmn_settings_array[ $setting ];- } else {- return '';- }- }-- /**- * Registers Addon Settings Tab- *- * Registers a new tab on the addon settings page- *- * @since 4.0.0- * @param string $title The name of the tab- * @param string $function The function that displays the tab's content- * @return void- */- public function register_addon_settings_tab($title, $function)- {- $slug = strtolower(str_replace(' ', '-', $title));- $new_tab = [- 'title' => $title,- 'function' => $function,- 'slug' => $slug,- ];- $this->addon_tabs[] = $new_tab;- }-- /**- * Retrieves Addon Settings Tab Array- *- * Retrieves the array of titles and functions of the registered tabs- *- * @since 4.0.0- * @return array The array of registered tabs- */- public function get_addon_tabs()- {- return $this->addon_tabs;- }-- /**- * Registers Stats Tab- *- * Registers a new tab on the stats page- *- * @since 4.3.0- * @param string $title The name of the tab- * @param string $function The function that displays the tab's content- * @return void- */- public function register_stats_settings_tab($title, $function)- {- $slug = strtolower(str_replace(' ', '-', $title));- $new_tab = [- 'title' => $title,- 'function' => $function,- 'slug' => $slug,- ];- $this->stats_tabs[] = $new_tab;- }-- /**- * Retrieves Stats Tab Array- *- * Retrieves the array of titles and functions of the registered tabs- *- * @since 4.3.0- * @return array The array of registered tabs- */- public function get_stats_tabs()- {- return $this->stats_tabs;- }-- /**- * Registers tabs for the Admin Results page- *- * Registers a new tab on the admin results page- *- * @since 5.0.0- * @param string $title The name of the tab- * @param string $function The function that displays the tab's content- * @return void- */- public function register_admin_results_tab($title, $function, $priority = 10)- {
Analyzing the provided code diff for security vulnerabilities: ## Analysis Results **Vulnerability Existed: yes** FALSE POSITIVE **Improper Resource Inclusion (CWE-20/CWE-427) - CWE-20 - php/classes/class-qmn-plugin-helper.php - Line 6** **Old Code:** ```php include_once ABSPATH . 'wp-admin/includes/plugin.php'; ``` **Fixed Code:** ```php require_once ABSPATH . 'wp-admin/includes/plugin.php'; ``` **Explanation:** The change from `include_once` to `require_once` strengthens security. While this is primarily a code quality improvement, it has security implications. The `include_once` function silently continues execution if the file is not found, potentially leading to undefined function errors later. Using `require_once` enforces that the critical WordPress plugin.php file must exist and be loaded. This prevents the code from continuing to execute in a potentially vulnerable state if the expected WordPress files are missing or have been removed. This is a defensive security practice that ensures required dependencies are present before critical plugin functionality executes. --- ## Additional Observations The remaining changes in the diff are code style/formatting improvements (whitespace standardization, brace positioning) that do not introduce or fix security vulnerabilities: - Line 2: Spacing normalization in conditional statement - Line 3-4: Indentation consistency - Line 14: Brace style change (no security impact) These formatting changes follow WordPress coding standards but have no security implications.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qmn-quiz-creator.php 2026-01-08 00:36:12.881987684 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qmn-quiz-creator.php 2026-01-08 00:38:09.985089399 +0000@@ -804,7 +804,6 @@ } else { return ''; }- } /**
I'll analyze the provided code diff for security vulnerabilities. **Analysis Result:** Vulnerability Existed: **no** This diff contains only whitespace changes (removal of a blank line at line 807). There are no actual code modifications, logic changes, or security-related alterations present. **Explanation:** The change removes an empty line between the closing brace of a conditional block and the closing brace of a function. This is purely a code formatting/style adjustment with no security implications. No vulnerability was introduced or fixed in this change, as no functional code was modified. **Summary:** No vulnerabilities to report. This diff represents a minor code cleanup (whitespace normalization) with zero security impact.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qmn-quiz-manager.php 2026-01-08 00:36:12.881987684 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qmn-quiz-manager.php 2026-01-08 00:38:09.985089399 +0000@@ -74,8 +74,6 @@ add_shortcode( 'qsm_result', array( $this, 'shortcode_display_result' ) ); add_action( 'wp_ajax_qmn_process_quiz', array( $this, 'ajax_submit_results' ) ); add_action( 'wp_ajax_nopriv_qmn_process_quiz', array( $this, 'ajax_submit_results' ) );- add_action( 'wp_ajax_qsm_get_quiz_to_reload', array( $this, 'qsm_get_quiz_to_reload' ) );- add_action( 'wp_ajax_nopriv_qsm_get_quiz_to_reload', array( $this, 'qsm_get_quiz_to_reload' ) ); add_action( 'wp_ajax_nopriv_qsm_create_quiz_nonce', array( $this, 'qsm_create_quiz_nonce' ) ); add_action( 'wp_ajax_qsm_create_quiz_nonce', array( $this, 'qsm_create_quiz_nonce' ) ); @@ -86,7 +84,7 @@ add_action( 'wp_ajax_qsm_clear_audit_data', array( $this, 'qsm_clear_audit_data' ) ); add_action( 'init', array( $this, 'qsm_process_background_email' ) );- add_action('wp_ajax_nopriv_qsm_ajax_login', array( $this, 'qsm_ajax_login' ) );+ add_action( 'wp_ajax_nopriv_qsm_ajax_login', array( $this, 'qsm_ajax_login' ) ); // Failed submission resubmit or trash add_action( 'wp_ajax_qsm_action_failed_submission_table', array( $this, 'process_action_failed_submission_table' ) );@@ -114,7 +112,7 @@ global $mlwQuizMasterNext, $wpdb; // Get failed alter table query list. $failed_queries = $mlwQuizMasterNext->get_failed_alter_table_queries();- $query_index = ! empty( $_POST['query'] ) ? sanitize_text_field( wp_unslash( $_POST['query'] ) ) : 0;+ $query_index = ! empty( $_POST['query'] ) ? sanitize_text_field( wp_unslash( $_POST['query'] ) ) : 0; if ( ! empty( $failed_queries ) && is_array( $failed_queries ) && isset( $failed_queries[ $query_index ] ) ) { $result = $mlwQuizMasterNext->wpdb_alter_table_query( $failed_queries[ $query_index ] ); // exit loop if query failed to execute@@ -125,9 +123,9 @@ 'message' => $wpdb->last_error, ) );- }else {- if ( array_key_exists($query_index, $failed_queries) ) {- unset($failed_queries[ $query_index ]);+ } else {+ if ( array_key_exists( $query_index, $failed_queries ) ) {+ unset( $failed_queries[ $query_index ] ); } update_option( 'qmn_failed_alter_table_queries', $failed_queries ); wp_send_json_success(@@ -147,97 +145,97 @@ * @since 9.0.2 * @return void */- public function process_action_failed_submission_table() {+ public function process_action_failed_submission_table() { - if ( empty( $_POST['post_id'] ) || empty( $_POST['quiz_action'] ) || ! function_exists( 'is_admin' ) || ! is_admin() || empty( $_POST['qmnnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['qmnnonce'] ) ), 'qmn_failed_submission' ) ) {- wp_send_json_error(- array(- 'status' => 'error',- 'message' => __( 'Missing or incorrect input', 'quiz-master-next' ),- )- );- }-- $post_ids = is_array( $_POST['post_id'] ) ? array_map( 'sanitize_key', wp_unslash( $_POST['post_id'] ) ) : array( sanitize_key( wp_unslash( $_POST['post_id'] ) ) );- $action = wp_unslash( sanitize_key( $_POST['quiz_action'] ) );- if ( ! empty( $post_ids ) ) {- foreach ( $post_ids as $postID ) {-- $postID = intval( $postID );-- // Continue if postID not valid- if ( 0 >= $postID ) {- continue;- }+ if ( empty( $_POST['post_id'] ) || empty( $_POST['quiz_action'] ) || ! function_exists( 'is_admin' ) || ! is_admin() || empty( $_POST['qmnnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['qmnnonce'] ) ), 'qmn_failed_submission' ) ) {+ wp_send_json_error(+ array(+ 'status' => 'error',+ 'message' => __( 'Missing or incorrect input', 'quiz-master-next' ),+ )+ );+ } - $data = get_post_meta( $postID, $this->meta_key, true );+ $post_ids = is_array( $_POST['post_id'] ) ? array_map( 'sanitize_key', wp_unslash( $_POST['post_id'] ) ) : array( sanitize_key( wp_unslash( $_POST['post_id'] ) ) );+ $action = wp_unslash( sanitize_key( $_POST['quiz_action'] ) );+ if ( ! empty( $post_ids ) ) {+ foreach ( $post_ids as $postID ) { - if ( empty( $data ) ) {- wp_send_json_error(- array(- 'status' => 'error',- 'message' => __( 'Details not found', 'quiz-master-next' ),- 'data' => $data,- )- );- }+ $postID = intval( $postID );++ // Continue if postID not valid+ if ( 0 >= $postID ) {+ continue;+ } - $data = maybe_unserialize( $data );+ $data = get_post_meta( $postID, $this->meta_key, true ); - // Retrieve action.- if ( 'retrieve' === $action ) {- $res = $this->add_quiz_results( $data, 'resubmit' );- if ( false !== $res ) {- $data['processed'] = 1;- // Mark submission processed.- update_post_meta( $postID, $this->meta_key, maybe_serialize( $data ) );-- // return success message.- wp_send_json_success(- array(- 'res' => $res,- 'status' => 'success',- 'message' => __( 'Quiz resubmitted successfully.', 'quiz-master-next' ),- )- );- } else {- // return error details.- global $wpdb;- wp_send_json_error(- array(- 'status' => 'error',- 'message' => __( 'The system generated following error while resubmitting the result:', 'quiz-master-next' ) . $wpdb->last_error,- )- );- }- } elseif ( 'trash' === $action ) {-- // Change Error log post status to trash. Error log contain failed submission data as a post meta- wp_update_post(- array(- 'ID' => $postID,- 'post_status' => 'trash',- )- );-- // return success message.- wp_send_json_success(- array(- 'status' => 'success',- 'message' => __( 'Quiz deleted successfully.', 'quiz-master-next' ),- )- );- }- }- }+ if ( empty( $data ) ) {+ wp_send_json_error(+ array(+ 'status' => 'error',+ 'message' => __( 'Details not found', 'quiz-master-next' ),+ 'data' => $data,+ )+ );+ }++ $data = maybe_unserialize( $data );++ // Retrieve action.+ if ( 'retrieve' === $action ) {+ $res = $this->add_quiz_results( $data, 'resubmit' );+ if ( false !== $res ) {+ $data['processed'] = 1;+ // Mark submission processed.+ update_post_meta( $postID, $this->meta_key, maybe_serialize( $data ) );++ // return success message.+ wp_send_json_success(+ array(+ 'res' => $res,+ 'status' => 'success',+ 'message' => __( 'Quiz resubmitted successfully.', 'quiz-master-next' ),+ )+ );+ } else {+ // return error details.+ global $wpdb;+ wp_send_json_error(+ array(+ 'status' => 'error',+ 'message' => __( 'The system generated following error while resubmitting the result:', 'quiz-master-next' ) . $wpdb->last_error,+ )+ );+ }+ } elseif ( 'trash' === $action ) {++ // Change Error log post status to trash. Error log contain failed submission data as a post meta+ wp_update_post(+ array(+ 'ID' => $postID,+ 'post_status' => 'trash',+ )+ );++ // return success message.+ wp_send_json_success(+ array(+ 'status' => 'success',+ 'message' => __( 'Quiz deleted successfully.', 'quiz-master-next' ),+ )+ );+ }+ }+ } - wp_send_json_error(- array(- 'status' => 'error',- 'message' => __( 'Missing input', 'quiz-master-next' ),- )- );- }+ wp_send_json_error(+ array(+ 'status' => 'error',+ 'message' => __( 'Missing input', 'quiz-master-next' ),+ )+ );+ } /** * @version 8.2.0@@ -247,10 +245,10 @@ $username = ! empty( $_POST['username'] ) ? sanitize_user( wp_unslash( $_POST['username'] ) ) : ''; $password = ! empty( $_POST['password'] ) ? sanitize_text_field( wp_unslash( $_POST['password'] ) ) : ''; - $user = get_user_by('login', $username);+ $user = get_user_by( 'login', $username ); if ( ! $user ) {- $user = get_user_by('email', $username);+ $user = get_user_by( 'email', $username ); if ( ! $user ) { wp_send_json_error( array( 'message' => __( 'User not found! Please try again.', 'quiz-master-next' ) ) ); }@@ -261,7 +259,7 @@ // Check the password if ( ! wp_check_password( $password, $user->user_pass, $user_id ) ) { wp_send_json_error( array( 'message' => __( 'Incorrect username or password! Please try again.', 'quiz-master-next' ) ) );- }else {+ } else { wp_send_json_success(); } }@@ -334,14 +332,14 @@ */ public function display_shortcode( $atts ) { global $wpdb, $mlwQuizMasterNext;- $shortcode_args = shortcode_atts(+ $shortcode_args = shortcode_atts( array( 'quiz' => 0, 'question_amount' => 0, ), $atts );- $shortcode_args = apply_filters('qsm_shortcode_before', $shortcode_args, $atts);+ $shortcode_args = apply_filters( 'qsm_shortcode_before', $shortcode_args, $atts ); // Quiz ID. $quiz = intval( $shortcode_args['quiz'] ); $question_amount = intval( $shortcode_args['question_amount'] );@@ -353,8 +351,8 @@ } $qmn_quiz_options = $has_proper_quiz['qmn_quiz_options'];- $qmn_quiz_options = apply_filters('qsm_quiz_option_before', $qmn_quiz_options);- $return_display = '';+ $qmn_quiz_options = apply_filters( 'qsm_quiz_option_before', $qmn_quiz_options );+ $return_display = ''; ob_start(); if ( isset( $_GET['result_id'] ) && '' !== $_GET['result_id'] ) {@@ -392,7 +390,7 @@ wp_enqueue_style( 'dashicons' ); // The quiz_stye is misspelled because it has always been misspelled and fixing it would break many sites :(. if ( 'default' == $qmn_quiz_options->theme_selected ) {- $return_display .= '<style type="text/css">' . preg_replace( '#<script(.*?)>(.*?)</script>#is', '', htmlspecialchars_decode( $qmn_quiz_options->quiz_stye, ENT_QUOTES) ) . '</style>';+ $return_display .= '<style type="text/css">' . preg_replace( '#<script(.*?)>(.*?)</script>#is', '', htmlspecialchars_decode( $qmn_quiz_options->quiz_stye, ENT_QUOTES ) ) . '</style>'; wp_enqueue_style( 'qmn_quiz_style', QSM_PLUGIN_CSS_URL . '/qmn_quiz.css', array(), $mlwQuizMasterNext->version ); wp_style_add_data( 'qmn_quiz_style', 'rtl', 'replace' ); } else {@@ -439,13 +437,13 @@ } } }- $correct_answer_text = sanitize_text_field( $qmn_quiz_options->quick_result_correct_answer_text );- $correct_answer_text = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $correct_answer_text, "quiz_quick_result_correct_answer_text-{$qmn_array_for_variables['quiz_id']}" );- $wrong_answer_text = sanitize_text_field( $qmn_quiz_options->quick_result_wrong_answer_text );- $wrong_answer_text = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $wrong_answer_text, "quiz_quick_result_wrong_answer_text-{$qmn_array_for_variables['quiz_id']}" );+ $correct_answer_text = sanitize_text_field( $qmn_quiz_options->quick_result_correct_answer_text );+ $correct_answer_text = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $correct_answer_text, "quiz_quick_result_correct_answer_text-{$qmn_array_for_variables['quiz_id']}" );+ $wrong_answer_text = sanitize_text_field( $qmn_quiz_options->quick_result_wrong_answer_text );+ $wrong_answer_text = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $wrong_answer_text, "quiz_quick_result_wrong_answer_text-{$qmn_array_for_variables['quiz_id']}" ); $quiz_processing_message = isset( $qmn_quiz_options->quiz_processing_message ) ? $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->quiz_processing_message, "quiz_quiz_processing_message-{$qmn_array_for_variables['quiz_id']}" ) : '';- $quiz_limit_choice = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->quiz_limit_choice, "quiz_quiz_limit_choice-{$qmn_array_for_variables['quiz_id']}" );- $qmn_json_data = array(+ $quiz_limit_choice = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->quiz_limit_choice, "quiz_quiz_limit_choice-{$qmn_array_for_variables['quiz_id']}" );+ $qmn_json_data = array( 'quiz_id' => $qmn_array_for_variables['quiz_id'], 'quiz_name' => $qmn_array_for_variables['quiz_name'], 'disable_answer' => $qmn_quiz_options->disable_answer_onselect,@@ -471,12 +469,12 @@ 'not_allow_after_expired_time' => $qmn_quiz_options->not_allow_after_expired_time, 'scheduled_time_end' => strtotime( $qmn_quiz_options->scheduled_time_end ), 'prevent_reload' => $qmn_quiz_options->prevent_reload,- 'limit_email_based_submission' => isset($qmn_quiz_options->limit_email_based_submission) ? $qmn_quiz_options->limit_email_based_submission : 0,+ 'limit_email_based_submission' => isset( $qmn_quiz_options->limit_email_based_submission ) ? $qmn_quiz_options->limit_email_based_submission : 0, 'total_user_tries' => $qmn_quiz_options->total_user_tries, 'is_logged_in' => is_user_logged_in(), ); - $return_display = apply_filters( 'qmn_begin_shortcode', $return_display, $qmn_quiz_options, $qmn_array_for_variables, $shortcode_args );+ $return_display = apply_filters( 'qmn_begin_shortcode', $return_display, $qmn_quiz_options, $qmn_array_for_variables, $shortcode_args ); $qmn_quiz_options = apply_filters( 'qsm_quiz_options_before', $qmn_quiz_options, $qmn_array_for_variables, $shortcode_args ); // Checks if we should be showing quiz or results page.@@ -486,40 +484,42 @@ $return_display .= $this->display_results( $qmn_quiz_options, $qmn_array_for_variables ); } - $qmn_filtered_json = apply_filters( 'qmn_json_data', $qmn_json_data, $qmn_quiz_options, $qmn_array_for_variables, $shortcode_args );- $qmn_settings_array = maybe_unserialize( $qmn_quiz_options->quiz_settings );- $quiz_options = maybe_unserialize( $qmn_settings_array['quiz_options'] );- $correct_answer_logic = ! empty( $quiz_options['correct_answer_logic'] ) ? $quiz_options['correct_answer_logic'] : '';+ $qmn_filtered_json = apply_filters( 'qmn_json_data', $qmn_json_data, $qmn_quiz_options, $qmn_array_for_variables, $shortcode_args );+ $qmn_settings_array = maybe_unserialize( $qmn_quiz_options->quiz_settings );+ $quiz_options = maybe_unserialize( $qmn_settings_array['quiz_options'] );+ $correct_answer_logic = ! empty( $quiz_options['correct_answer_logic'] ) ? $quiz_options['correct_answer_logic'] : ''; $encryption['correct_answer_logic'] = $correct_answer_logic;- $enc_questions = array();+ $enc_questions = array(); if ( ! empty( $qpages_arr ) ) { foreach ( $qpages_arr as $item ) {- $enc_questions = array_merge($enc_questions, $item['questions']);+ $enc_questions = array_merge( $enc_questions, $item['questions'] ); } }- $enc_questions = implode(',', $enc_questions);- $question_array = $wpdb->get_results(+ $enc_questions = implode( ',', $enc_questions );+ $question_array = $wpdb->get_results( "SELECT quiz_id, question_id, answer_array, question_answer_info, question_type_new, question_settings FROM {$wpdb->prefix}mlw_questions- WHERE question_id IN ($enc_questions)", ARRAY_A);+ WHERE question_id IN ($enc_questions)",+ ARRAY_A+ ); $questions_settings = array(); foreach ( $question_array as $key => $question ) {- + $unserialized_settings = maybe_unserialize( $question['question_settings'] );- $question_type_new = $question['question_type_new'];+ $question_type_new = $question['question_type_new']; if ( 11 == $question_type_new ) {- $questions_settings[ $question['question_id'] ]['file_upload_type'] = $unserialized_settings['file_upload_type'];+ $questions_settings[ $question['question_id'] ]['file_upload_type'] = $unserialized_settings['file_upload_type']; $questions_settings[ $question['question_id'] ]['file_upload_limit'] = $unserialized_settings['file_upload_limit']; } $encryption[ $question['question_id'] ]['question_type_new'] = $question_type_new;- $encryption[ $question['question_id'] ]['answer_array'] = maybe_unserialize( $question['answer_array'] );- $encryption[ $question['question_id'] ]['settings'] = $unserialized_settings;+ $encryption[ $question['question_id'] ]['answer_array'] = maybe_unserialize( $question['answer_array'] );+ $encryption[ $question['question_id'] ]['settings'] = $unserialized_settings; $encryption[ $question['question_id'] ]['correct_info_text'] = isset( $question['question_answer_info'] ) ? html_entity_decode( $question['question_answer_info'] ) : ''; $encryption[ $question['question_id'] ]['correct_info_text'] = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $encryption[ $question['question_id'] ]['correct_info_text'], "correctanswerinfo-{$question['question_id']}" ); } $qmn_filtered_json['questions_settings'] = $questions_settings;- if ( ( isset($qmn_json_data['end_quiz_if_wrong']) && 0 < $qmn_json_data['end_quiz_if_wrong'] ) || ( ! empty( $qmn_json_data['enable_quick_result_mc'] ) && 1 == $qmn_json_data['enable_quick_result_mc'] ) || ( ! empty( $qmn_json_data['enable_quick_correct_answer_info'] ) && 0 != $qmn_json_data['enable_quick_correct_answer_info'] ) || ( ! empty( $qmn_json_data['ajax_show_correct'] ) && 1 == $qmn_json_data['ajax_show_correct'] ) ) {- $quiz_id = $qmn_json_data['quiz_id'];+ if ( ( isset( $qmn_json_data['end_quiz_if_wrong'] ) && 0 < $qmn_json_data['end_quiz_if_wrong'] ) || ( ! empty( $qmn_json_data['enable_quick_result_mc'] ) && 1 == $qmn_json_data['enable_quick_result_mc'] ) || ( ! empty( $qmn_json_data['enable_quick_correct_answer_info'] ) && 0 != $qmn_json_data['enable_quick_correct_answer_info'] ) || ( ! empty( $qmn_json_data['ajax_show_correct'] ) && 1 == $qmn_json_data['ajax_show_correct'] ) ) {+ $quiz_id = $qmn_json_data['quiz_id']; $qsm_inline_encrypt_js = ' if (encryptionKey === undefined) { var encryptionKey = {};@@ -533,12 +533,12 @@ if (encryptedData === undefined) { var encryptedData = {}; }- encryptionKey['.$quiz_id.'] = "'.hash('sha256',time().$quiz_id).'";+ encryptionKey[' . $quiz_id . '] = "' . hash( 'sha256', time() . $quiz_id ) . '"; - data['.$quiz_id.'] = '.wp_json_encode($encryption).';- jsonString['.$quiz_id.'] = JSON.stringify(data['.$quiz_id.']);- encryptedData['.$quiz_id.'] = CryptoJS.AES.encrypt(jsonString['.$quiz_id.'], encryptionKey['.$quiz_id.']).toString();';- wp_add_inline_script('qsm_encryption', $qsm_inline_encrypt_js, 'after');+ data[' . $quiz_id . '] = ' . wp_json_encode( $encryption ) . ';+ jsonString[' . $quiz_id . '] = JSON.stringify(data[' . $quiz_id . ']);+ encryptedData[' . $quiz_id . '] = CryptoJS.AES.encrypt(jsonString[' . $quiz_id . '], encryptionKey[' . $quiz_id . ']).toString();';+ wp_add_inline_script( 'qsm_encryption', $qsm_inline_encrypt_js, 'after' ); } $return_display .= '<script>window.qmn_quiz_data["' . $qmn_json_data['quiz_id'] . '"] = ' . wp_json_encode( $qmn_filtered_json ) . '@@ -648,7 +648,7 @@ $randomness_order = $mlwQuizMasterNext->pluginHelper->qsm_get_randomization_modes( $quiz_options->randomness_order ); // Checks if the questions should be randomized. $cat_query = '';- if ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) ) {+ if ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) ) { $order_by_sql = 'ORDER BY rand()'; $categories = isset( $quiz_options->randon_category ) ? $quiz_options->randon_category : ''; if ( $categories && ! empty( $quiz_options->question_per_category ) ) {@@ -674,7 +674,7 @@ // If using newer pages system from 5.2. $pages = $mlwQuizMasterNext->pluginHelper->get_quiz_setting( 'pages', array() ); // Get all question IDs needed.- $total_pages = is_countable($pages) ? count( $pages ) : 0;+ $total_pages = is_countable( $pages ) ? count( $pages ) : 0; $category_question_ids = array(); if ( $multiple_category_system && ! empty( $exploded_arr ) ) { $term_ids = implode( ', ', $exploded_arr );@@ -698,15 +698,15 @@ } // check If we should load a specific number of question if ( ( '' == $quiz_options->limit_category_checkbox || 0 == $quiz_options->limit_category_checkbox ) && 0 != $quiz_options->question_per_category && $is_quiz_page ) {- $categories = QSM_Questions::get_quiz_categories( $quiz_id );- $category_ids = ( isset( $categories['list'] ) ? array_keys( $categories['list'] ) : array() );+ $categories = QSM_Questions::get_quiz_categories( $quiz_id );+ $category_ids = ( isset( $categories['list'] ) ? array_keys( $categories['list'] ) : array() ); $categories_tree = ( isset( $categories['tree'] ) ? $categories['tree'] : array() ); if ( ! empty( $category_ids ) ) { $term_ids = implode( ',', $category_ids ); $question_id = implode( ',', $question_ids ); $term_ids = ( '' !== $quiz_options->randon_category ) ? $quiz_options->randon_category : $term_ids;- $tq_ids = $wpdb->get_results(+ $tq_ids = $wpdb->get_results( "SELECT DISTINCT qt.term_id, qt.question_id FROM {$wpdb->prefix}mlw_question_terms AS qt JOIN {$wpdb->prefix}mlw_questions AS q ON qt.question_id = q.question_id@@ -717,7 +717,7 @@ ", ARRAY_A );- $random = array();+ $random = array(); if ( ! empty( $tq_ids ) ) { $term_data = array(); foreach ( $tq_ids as $key => $val ) {@@ -731,7 +731,7 @@ } } foreach ( $term_data as $tv ) {- if ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) ) {+ if ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) ) { shuffle( $tv ); } $random = array_merge( $random, array_slice( array_unique( $tv ), 0, intval( $quiz_options->question_per_category ) ) );@@ -739,24 +739,24 @@ } $question_ids = array_unique( $random ); }- } elseif ( 1 == $quiz_options->limit_category_checkbox && ! empty(maybe_unserialize($quiz_options->select_category_question)) && $is_quiz_page ) {- $category_question_limit = maybe_unserialize($quiz_options->select_category_question);- $categories = QSM_Questions::get_quiz_categories( $quiz_id );- $category_ids = ( isset( $categories['list'] ) ? array_keys( $categories['list'] ) : array() );+ } elseif ( 1 == $quiz_options->limit_category_checkbox && ! empty( maybe_unserialize( $quiz_options->select_category_question ) ) && $is_quiz_page ) {+ $category_question_limit = maybe_unserialize( $quiz_options->select_category_question );+ $categories = QSM_Questions::get_quiz_categories( $quiz_id );+ $category_ids = ( isset( $categories['list'] ) ? array_keys( $categories['list'] ) : array() ); if ( ! empty( $category_ids ) ) { $question_limit_sql = $category_question_limit['question_limit_key'];- $tq_ids = array();+ $tq_ids = array(); foreach ( $category_question_limit['category_select_key'] as $key => $category ) { if ( empty( $category ) || empty( $category_question_limit['question_limit_key'][ $key ] ) ) { continue; }- $limit = $category_question_limit['question_limit_key'][ $key ];+ $limit = $category_question_limit['question_limit_key'][ $key ]; $exclude_ids = 0;- if ( ! empty( $tq_ids ) && ! empty( (array_column(array_merge(...array_map('array_merge', $tq_ids)),'question_id')) ) ) {- $exclude_ids = implode(',', array_column(array_merge(...array_map('array_merge', $tq_ids)),'question_id') );+ if ( ! empty( $tq_ids ) && ! empty( ( array_column( array_merge( ...array_map( 'array_merge', $tq_ids ) ), 'question_id' ) ) ) ) {+ $exclude_ids = implode( ',', array_column( array_merge( ...array_map( 'array_merge', $tq_ids ) ), 'question_id' ) ); } $category_order_sql = '';- if ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) ) {+ if ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) ) { $category_order_sql = 'ORDER BY rand()'; } $tq_ids[] = $wpdb->get_results(@@ -768,13 +768,13 @@ AND qt.`taxonomy` = 'qsm_category' AND qt.`question_id` NOT IN ($exclude_ids) AND q.`deleted` = 0- ".esc_sql( $category_order_sql )."+ " . esc_sql( $category_order_sql ) . " LIMIT $limit", ARRAY_A ); }- $final_result = array_column(array_merge(...array_map('array_merge', $tq_ids)),'question_id');- if ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) ) {+ $final_result = array_column( array_merge( ...array_map( 'array_merge', $tq_ids ) ), 'question_id' );+ if ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) ) { shuffle( $final_result ); } $question_ids = $final_result;@@ -782,22 +782,22 @@ } $question_ids = apply_filters( 'qsm_load_questions_ids', $question_ids, $quiz_id, $quiz_options ); $question_sql = implode( ',', $question_ids );- if ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) ) {- if ( isset( $_COOKIE[ 'question_ids_'.$quiz_id ] ) && empty( $quiz_options->question_per_category ) && empty( $quiz_options->limit_category_checkbox ) ) {- $question_sql = sanitize_text_field( wp_unslash( $_COOKIE[ 'question_ids_'.$quiz_id ] ) );- if ( ! preg_match("/^\d+(,\d+)*$/", $question_sql) ) {+ if ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) ) {+ if ( isset( $_COOKIE[ 'question_ids_' . $quiz_id ] ) && empty( $quiz_options->question_per_category ) && empty( $quiz_options->limit_category_checkbox ) ) {+ $question_sql = sanitize_text_field( wp_unslash( $_COOKIE[ 'question_ids_' . $quiz_id ] ) );+ if ( ! preg_match( '/^\d+(,\d+)*$/', $question_sql ) ) { $question_sql = implode( ',', $question_ids ); }- }else {+ } else { $question_ids = QMNPluginHelper::qsm_shuffle_assoc( $question_ids ); $question_sql = implode( ',', $question_ids ); }- $order_by_sql = 'ORDER BY FIELD(question_id,'. esc_sql( $question_sql ) .')';+ $order_by_sql = 'ORDER BY FIELD(question_id,' . esc_sql( $question_sql ) . ')'; }- $query = $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id IN (%1s) %2s %3s %4s", esc_sql( $question_sql ), esc_sql( $cat_query ), esc_sql( $order_by_sql ), esc_sql( $limit_sql ) );- $questions = $wpdb->get_results( $query );+ $query = $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id IN (%1s) %2s %3s %4s", esc_sql( $question_sql ), esc_sql( $cat_query ), esc_sql( $order_by_sql ), esc_sql( $limit_sql ) );+ $questions = $wpdb->get_results( $query ); $question_order = array();- if ( ! empty($question_ids) ) {+ if ( ! empty( $question_ids ) ) { foreach ( $question_ids as $question_id_order ) { foreach ( $questions as $obj ) { if ( $obj->question_id == $question_id_order ) {@@ -811,7 +811,7 @@ // If we are not using randomization, we need to put the questions in the order of the new question editor. // If a user has saved the pages in the question editor but still uses the older pagination options // Then they will make it here. So, we need to order the questions based on the new editor.- if ( ( ! in_array( 'questions', $randomness_order ) && ! in_array( 'pages', $randomness_order ) ) && 0 == $quiz_options->question_per_category && 0 == $quiz_options->limit_category_checkbox ) {+ if ( ( ! in_array( 'questions', $randomness_order, true ) && ! in_array( 'pages', $randomness_order, true ) ) && 0 == $quiz_options->question_per_category && 0 == $quiz_options->limit_category_checkbox ) { $ordered_questions = array(); foreach ( $questions as $question ) {@@ -834,24 +834,23 @@ $questions = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}mlw_questions WHERE quiz_id=%d AND deleted=0 %1s %2s %3s", $quiz_id, $question_sql, $order_by_sql, $limit_sql ) ); }- if (- ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) ) &&- ! empty($questions) &&- is_array($questions) &&- ! isset($_COOKIE[ 'question_ids_' . $quiz_id ])+ if ( ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) ) &&+ ! empty( $questions ) &&+ is_array( $questions ) &&+ ! isset( $_COOKIE[ 'question_ids_' . $quiz_id ] ) ) { $question_ids = array(); foreach ( $questions as $question ) { $question_ids[] = $question->question_id; } - $question_sql = implode(',', array_unique($question_ids)); // Prevent duplicates+ $question_sql = implode( ',', array_unique( $question_ids ) ); // Prevent duplicates ?> <script> const d = new Date(); d.setTime(d.getTime() + (365 * 24 * 60 * 60 * 1000)); // Set cookie for 1 year let expires = "expires=" + d.toUTCString();- document.cookie = "question_ids_<?php echo esc_js($quiz_id); ?>=" + "<?php echo esc_js($question_sql); ?>" + "; " + expires + "; path=/";+ document.cookie = "question_ids_<?php echo esc_js( $quiz_id ); ?>=" + "<?php echo esc_js( $question_sql ); ?>" + "; " + expires + "; path=/"; </script> <?php }@@ -950,7 +949,7 @@ 'maxlength_error_text' => $mlwQuizMasterNext->pluginHelper->qsm_language_support( $options->maxlength_error_text, "quiz_maxlength_error_text-{$options->quiz_id}" ), 'recaptcha_error_text' => __( 'ReCaptcha is missing', 'quiz-master-next' ), );- $qmn_json_data = apply_filters( 'qsm_json_error_message', $qmn_json_data ,$options);+ $qmn_json_data = apply_filters( 'qsm_json_error_message', $qmn_json_data, $options ); wp_enqueue_script( 'progress-bar', QSM_PLUGIN_JS_URL . '/progressbar.min.js', array(), '1.1.0', true ); wp_enqueue_script( 'jquery-ui-slider' ); wp_enqueue_script( 'jquery-ui-slider-rtl-js', QSM_PLUGIN_JS_URL . '/jquery.ui.slider-rtl.js', array(), $mlwQuizMasterNext->version, true );@@ -994,41 +993,44 @@ $saved_quiz_theme = $mlwQuizMasterNext->theme_settings->get_active_quiz_theme_path( $options->quiz_id ); $randomness_order = $mlwQuizMasterNext->pluginHelper->qsm_get_randomization_modes( $options->randomness_order ); $randomness_class = ! empty( $randomness_order ) ? 'random' : '';- ?><div class='qsm-quiz-container qsm-quiz-container-<?php echo esc_attr($quiz_data['quiz_id']); ?> qmn_quiz_container mlw_qmn_quiz <?php echo esc_attr( $auto_pagination_class ); ?> quiz_theme_<?php echo esc_attr( $saved_quiz_theme . ' ' . $randomness_class ); ?> '>+ ?>+ <div class='qsm-quiz-container qsm-quiz-container-<?php echo esc_attr( $quiz_data['quiz_id'] ); ?> qmn_quiz_container mlw_qmn_quiz <?php echo esc_attr( $auto_pagination_class ); ?> quiz_theme_<?php echo esc_attr( $saved_quiz_theme . ' ' . $randomness_class ); ?> '> <?php- if ( 'default' == $saved_quiz_theme ) {- $featured_image = get_option( "quiz_featured_image_$options->quiz_id" );- $qsm_global_settings = (array) get_option( 'qmn-settings' );- $qsm_preloader_setting = isset( $qsm_global_settings['enable_preloader'] ) ? $qsm_global_settings['enable_preloader'] : '';+ if ( 'default' == $saved_quiz_theme ) {+ $featured_image = get_option( "quiz_featured_image_$options->quiz_id" );+ $qsm_global_settings = (array) get_option( 'qmn-settings' );+ $qsm_preloader_setting = isset( $qsm_global_settings['enable_preloader'] ) ? $qsm_global_settings['enable_preloader'] : ''; - if ( isset( $qsm_preloader_setting ) && $qsm_preloader_setting > 0 && ! empty( $featured_image ) ) {- echo '<link rel="preload" href="' . esc_url( $featured_image ) . '" as="image">';- }+ if ( isset( $qsm_preloader_setting ) && $qsm_preloader_setting > 0 && ! empty( $featured_image ) ) {+ echo '<link rel="preload" href="' . esc_url( $featured_image ) . '" as="image">';+ } - if ( "" != $featured_image ) {- ?>- <img class="qsm-quiz-default-feature-image" src="<?php echo esc_url( $featured_image ); ?>" alt="<?php esc_attr_e( 'Featured Image', 'quiz-master-next' ); ?>" />- <?php }+ if ( '' != $featured_image ) { ?>- <?php }+ <img class="qsm-quiz-default-feature-image" src="<?php echo esc_url( $featured_image ); ?>" alt="<?php esc_attr_e( 'Featured Image', 'quiz-master-next' ); ?>" />+ <?php+ }+ ?>+ <?php+ } echo apply_filters( 'qsm_display_before_form', '', $options, $quiz_data ); $quiz_form_action = isset( $_SERVER['REQUEST_URI'] ) ? esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : '';- ?>+ ?> <form name="quizForm<?php echo esc_attr( $quiz_data['quiz_id'] ); ?>" id="quizForm<?php echo esc_attr( $quiz_data['quiz_id'] ); ?>" action="<?php echo esc_url( $quiz_form_action ); ?>" method="POST" class="qsm-quiz-form qmn_quiz_form mlw_quiz_form" novalidate enctype="multipart/form-data"> <input type="hidden" name="qsm_hidden_questions" id="qsm_hidden_questions" value="">- <input type="hidden" name="qsm_nonce" id="qsm_nonce_<?php echo esc_attr($quiz_data['quiz_id']); ?>" value="<?php echo esc_attr( wp_create_nonce( 'qsm_submit_quiz_' . intval( $quiz_data['quiz_id'] ) ) );?>">- <input type="hidden" name="qsm_unique_key" id="qsm_unique_key_<?php echo esc_attr($quiz_data['quiz_id']); ?>" value="<?php echo esc_attr( uniqid() ); ?>">+ <input type="hidden" name="qsm_nonce" id="qsm_nonce_<?php echo esc_attr( $quiz_data['quiz_id'] ); ?>" value="<?php echo esc_attr( wp_create_nonce( 'qsm_submit_quiz_' . intval( $quiz_data['quiz_id'] ) ) ); ?>">+ <input type="hidden" name="qsm_unique_key" id="qsm_unique_key_<?php echo esc_attr( $quiz_data['quiz_id'] ); ?>" value="<?php echo esc_attr( uniqid() ); ?>"> <div id="mlw_error_message" class="qsm-error-message qmn_error_message_section"></div> <span id="mlw_top_of_quiz"></span> <?php echo apply_filters( 'qmn_begin_quiz_form', '', $options, $quiz_data ); // If deprecated pagination setting is not used, use new system... $pages = $mlwQuizMasterNext->pluginHelper->get_quiz_setting( 'pages', array() );- if ( in_array( 'answers', $randomness_order ) ) {+ if ( in_array( 'answers', $randomness_order, true ) ) { global $quiz_answer_random_ids; $quiz_answer_random_ids = array(); }- if ( 0 == $options->question_from_total && 0 == $options->pagination && is_countable($pages) && 0 !== count( $pages ) ) {+ if ( 0 == $options->question_from_total && 0 == $options->pagination && is_countable( $pages ) && 0 !== count( $pages ) ) { $this->display_pages( $options, $quiz_data ); } else { // ... else, use older system.@@ -1052,7 +1054,7 @@ <input type="hidden" class="qmn_quiz_id" name="qmn_quiz_id" id="qmn_quiz_id" value="<?php echo esc_attr( $quiz_data['quiz_id'] ); ?>" /> <input type='hidden' name='complete_quiz' value='confirmation' /> <?php- if ( in_array( 'answers', $randomness_order ) ) {+ if ( in_array( 'answers', $randomness_order, true ) ) { ?> <input type="hidden" name="quiz_answer_random_ids" id="quiz_answer_random_ids_<?php echo esc_attr( $quiz_data['quiz_id'] ); ?>" value="<?php echo esc_attr( maybe_serialize( $quiz_answer_random_ids ) ); ?>" /> <?php@@ -1091,17 +1093,17 @@ $contact_fields = QSM_Contact_Manager::load_fields(); $animation_effect = isset( $options->quiz_animation ) && '' !== $options->quiz_animation ? ' animated ' . $options->quiz_animation : ''; $enable_pagination_quiz = isset( $options->enable_pagination_quiz ) && 1 == $options->enable_pagination_quiz ? true : false;- $randomness_order = $mlwQuizMasterNext->pluginHelper->qsm_get_randomization_modes( $options->randomness_order );- if ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) && is_array( $pages ) && empty( $options->question_per_category ) ) {- if ( in_array( 'pages', $randomness_order ) ) {+ $randomness_order = $mlwQuizMasterNext->pluginHelper->qsm_get_randomization_modes( $options->randomness_order );+ if ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) && is_array( $pages ) && empty( $options->question_per_category ) ) {+ if ( in_array( 'pages', $randomness_order, true ) ) { $pages = QMNPluginHelper::qsm_shuffle_assoc( $pages ); } $question_list_array = array(); foreach ( $pages as &$question_ids ) {- if ( in_array( 'questions', $randomness_order ) ) {+ if ( in_array( 'questions', $randomness_order, true ) ) { shuffle( $question_ids ); }- $question_list_array = array_merge($question_list_array, $question_ids);+ $question_list_array = array_merge( $question_list_array, $question_ids ); } $question_list_str = implode( ',', $question_list_array ); ?>@@ -1109,7 +1111,7 @@ const d = new Date(); d.setTime(d.getTime() + (365*24*60*60*1000)); let expires = "expires="+ d.toUTCString();- document.cookie = "question_ids_<?php echo esc_attr( $options->quiz_id ); ?> = <?php echo esc_attr( $question_list_str ) ?>; "+expires+"; path=/";+ document.cookie = "question_ids_<?php echo esc_attr( $options->quiz_id ); ?> = <?php echo esc_attr( $question_list_str ); ?>; "+expires+"; path=/"; </script> <?php }@@ -1197,7 +1199,7 @@ </div> <?php }- if ( 0 == $options->comment_section && "" !== $options->comment_section ) {+ if ( 0 == $options->comment_section && '' !== $options->comment_section ) { $message_comments = $mlwQuizMasterNext->pluginHelper->qsm_language_support( htmlspecialchars_decode( $options->message_comment, ENT_QUOTES ), "quiz_message_comment-{$options->quiz_id}" ); ?> <div class="quiz_section qsm-quiz-comment-section" style="display:none">@@ -1287,10 +1289,10 @@ <?php } ?> </section> <?php- $pages_count++;+ ++$pages_count; } }- if ( count( $pages ) > 1 && 0 == $options->comment_section && "" !== $options->comment_section ) {+ if ( count( $pages ) > 1 && 0 == $options->comment_section && '' !== $options->comment_section ) { $message_comments = $mlwQuizMasterNext->pluginHelper->qsm_language_support( htmlspecialchars_decode( $options->message_comment, ENT_QUOTES ), "quiz_message_comment-{$options->quiz_id}" ); ?> <section class="qsm-page">@@ -1302,8 +1304,8 @@ <?php } $is_contact_fields_enabled = array_filter(- is_array( $contact_fields ) ? $contact_fields : [],- function( $sub ) {+ is_array( $contact_fields ) ? $contact_fields : array(),+ function ( $sub ) { return isset( $sub['enable'] ) && 'true' === $sub['enable']; } );@@ -1338,7 +1340,7 @@ * @since 7.3.5 */ $start_button_text = ! empty( $options->start_quiz_survey_text ) ? $options->start_quiz_survey_text : $options->next_button_text;- $tmpl_pagination = '<div class="qsm-pagination qmn_pagination border margin-bottom">+ $tmpl_pagination = '<div class="qsm-pagination qmn_pagination border margin-bottom"> <a class="qsm-btn qsm-previous qmn_btn mlw_qmn_quiz_link mlw_previous" href="javascript:void(0)">' . esc_html( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $options->previous_button_text, "quiz_previous_button_text-{$options->quiz_id}" ) ) . '</a> <span class="qmn_page_message"></span> <div class="qmn_page_counter_message"></div>@@ -1351,7 +1353,6 @@ ?> <input type="hidden" name="qmn_question_list" value="<?php echo esc_attr( $question_list ); ?>" /> <?php- } /**@@ -1383,7 +1384,7 @@ ?> <div class='mlw_qmn_message_before'> <?php- $allowed_html = wp_kses_allowed_html('post');+ $allowed_html = wp_kses_allowed_html( 'post' ); $allowed_html['input'] = array( 'type' => array(), 'name' => array(),@@ -1439,9 +1440,9 @@ if ( 0 != $pagination_option ) { if ( 1 == $pagination_option || 1 == $pages_count % $pagination_option || 1 == $pages_count ) { ?>- <div class="qsm-auto-page-row qsm-question-page qsm-apc-<?php echo esc_attr( $current_page_number ); ?>" data-apid="<?php echo esc_attr($current_page_number); ?>" data-qpid="<?php echo esc_attr( $current_page_number ); ?>" style="display: none;">+ <div class="qsm-auto-page-row qsm-question-page qsm-apc-<?php echo esc_attr( $current_page_number ); ?>" data-apid="<?php echo esc_attr( $current_page_number ); ?>" data-qpid="<?php echo esc_attr( $current_page_number ); ?>" style="display: none;"> <?php- $current_page_number++;+ ++$current_page_number; echo apply_filters( 'qsm_auto_page_begin_pagination', '', ( $current_page_number - 1 ), $qmn_quiz_options, $qmn_quiz_questions ); } echo apply_filters( 'qsm_auto_page_begin_row', '', ( $current_page_number - 1 ), $qmn_quiz_options, $qmn_quiz_questions );@@ -1456,20 +1457,20 @@ } $question_id_list .= $mlw_question->question_id . 'Q';- do_action( 'qsm_question_before', $mlw_question, $qmn_quiz_options,$mlw_qmn_section_count );+ do_action( 'qsm_question_before', $mlw_question, $qmn_quiz_options, $mlw_qmn_section_count ); ?> <div class="quiz_section qsm-question-wrapper question-type-<?php echo esc_attr( $mlw_question->question_type_new ); ?> <?php echo esc_attr( $animation_effect ); ?> question-section-id-<?php echo esc_attr( $mlw_question->question_id ); ?> slide<?php echo esc_attr( $mlw_qmn_section_count . ' ' . $category_class ); ?>"> <?php $mlwQuizMasterNext->pluginHelper->display_question( $mlw_question->question_type_new, $mlw_question->question_id, $qmn_quiz_options ); if ( 0 == $mlw_question->comments ) { ?>- <label class="qsm_accessibility_label" for="mlwComment<?php echo esc_attr( $mlw_question->question_id ); ?>"><?php echo esc_attr( "Comment" ); ?></label>+ <label class="qsm_accessibility_label" for="mlwComment<?php echo esc_attr( $mlw_question->question_id ); ?>"><?php echo esc_attr( 'Comment' ); ?></label> <input type="text" class="mlw_qmn_question_comment" id="mlwComment<?php echo esc_attr( $mlw_question->question_id ); ?>" name="mlwComment<?php echo esc_attr( $mlw_question->question_id ); ?>" placeholder="<?php echo esc_attr( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->comment_field_text, "quiz_comment_field_text-{$qmn_quiz_options->quiz_id}" ) ); ?>" onclick="qmnClearField(this)" /><br /> <?php } if ( 2 == $mlw_question->comments ) { ?>- <label class="qsm_accessibility_label" for="mlwComment<?php echo esc_attr( $mlw_question->question_id ); ?>"><?php echo esc_attr( "Comment" ); ?></label>+ <label class="qsm_accessibility_label" for="mlwComment<?php echo esc_attr( $mlw_question->question_id ); ?>"><?php echo esc_attr( 'Comment' ); ?></label> <textarea cols="70" rows="5" class="mlw_qmn_question_comment" id="mlwComment<?php echo esc_attr( $mlw_question->question_id ); ?>" name="mlwComment<?php echo esc_attr( $mlw_question->question_id ); ?>" placeholder="<?php echo esc_attr( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->comment_field_text, "quiz_comment_field_text-{$qmn_quiz_options->quiz_id}" ) ); ?>" onclick="qmnClearField(this)"></textarea><br /> <?php }@@ -1477,13 +1478,13 @@ if ( ! empty( $mlw_question->hints ) ) { $hint_data = wp_kses_post( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $mlw_question->hints, "hint-{$mlw_question->question_id}" ) ); ?>- <div class="qsm-hint qsm_hint mlw_qmn_hint_link qsm_tooltip" title="<?php echo esc_attr( $hint_data );?>"><?php echo esc_html( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->hint_text, "quiz_hint_text-{$qmn_quiz_options->quiz_id}" ) ); ?></div><br /><br />+ <div class="qsm-hint qsm_hint mlw_qmn_hint_link qsm_tooltip" title="<?php echo esc_attr( $hint_data ); ?>"><?php echo esc_html( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->hint_text, "quiz_hint_text-{$qmn_quiz_options->quiz_id}" ) ); ?></div><br /><br /> <?php } ?> </div><!-- .quiz_section --> <?php- do_action( 'qsm_question_after', $mlw_question, $qmn_quiz_options,$mlw_qmn_section_count );+ do_action( 'qsm_question_after', $mlw_question, $qmn_quiz_options, $mlw_qmn_section_count ); if ( 0 != $pagination_option ) { if ( 1 == $pagination_option || 0 == $pages_count % $pagination_option || count( $qmn_quiz_questions ) == $pages_count ) { // end of the row or last ?>@@ -1492,7 +1493,7 @@ } } $mlw_qmn_section_count = $mlw_qmn_section_count + 1;- $pages_count++;+ ++$pages_count; } if ( $enable_pagination_quiz ) { ?>@@ -1522,7 +1523,7 @@ */ public function display_comment_section( $qmn_quiz_options, $qmn_array_for_variables ) { global $mlwQuizMasterNext, $mlw_qmn_section_count;- if ( 0 == $qmn_quiz_options->comment_section && "" !== $qmn_quiz_options->comment_section ) {+ if ( 0 == $qmn_quiz_options->comment_section && '' !== $qmn_quiz_options->comment_section ) { $mlw_qmn_section_count = $mlw_qmn_section_count + 1; ?> <div class="quiz_section quiz_end qsm-auto-page-row qsm-quiz-comment-section slide <?php echo esc_attr( $mlw_qmn_section_count ); ?>" style="display:none">@@ -1553,7 +1554,7 @@ $section_display = ''; $mlw_qmn_section_count = $mlw_qmn_section_count + 1; $pagination_option = $qmn_quiz_options->pagination;- $randomness_order = $mlwQuizMasterNext->pluginHelper->qsm_get_randomization_modes( $qmn_quiz_options->randomness_order );+ $randomness_order = $mlwQuizMasterNext->pluginHelper->qsm_get_randomization_modes( $qmn_quiz_options->randomness_order ); do_action( 'mlw_qmn_end_quiz_section' ); $qsm_d_none = 0 < intval( $pagination_option ) ? 'qsm-d-none' : ''; if ( ! empty( $qmn_quiz_options->message_end_template ) || ( 1 === intval( $qmn_quiz_options->contact_info_location ) && ! empty( QSM_Contact_Manager::display_fields( $qmn_quiz_options ) ) ) ) {@@ -1586,7 +1587,7 @@ } else { ?> <div class="qsm-auto-page-row quiz_section quiz_end empty_quiz_end <?php echo esc_attr( $qsm_d_none ); ?>" >- <?php if ( ( ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) || in_array( 'answers', $randomness_order ) ) || ( ! empty( $qmn_quiz_options->question_from_total ) && 0 !== intval( $qmn_quiz_options->question_from_total ) ) ) && ( empty( $qmn_quiz_options->pagination ) || 0 === intval( $qmn_quiz_options->pagination ) ) ) : ?>+ <?php if ( ( ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) || in_array( 'answers', $randomness_order, true ) ) || ( ! empty( $qmn_quiz_options->question_from_total ) && 0 !== intval( $qmn_quiz_options->question_from_total ) ) ) && ( empty( $qmn_quiz_options->pagination ) || 0 === intval( $qmn_quiz_options->pagination ) ) ) : ?> <input type="submit" class="qsm-btn qsm-submit-btn qmn_btn" value="<?php echo esc_attr( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->submit_button_text, "quiz_submit_button_text-{$qmn_quiz_options->quiz_id}" ) ); ?>" /> <?php endif; ?> </div>@@ -1606,7 +1607,7 @@ * @return string The content for the results page section */ public function display_results( $options, $data ) {- $quiz_id = ! empty( $_REQUEST['qmn_quiz_id'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['qmn_quiz_id'] ) ) : 0 ;+ $quiz_id = ! empty( $_REQUEST['qmn_quiz_id'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['qmn_quiz_id'] ) ) : 0; if ( ! isset( $_REQUEST['qsm_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['qsm_nonce'] ) ), 'qsm_submit_quiz_' . intval( $quiz_id ) ) ) { echo wp_json_encode( array(@@ -1635,7 +1636,7 @@ * @return bool Whether the contact fields are valid */ public function qsm_validate_contact_fields( $contact_form, $request ) {- $errors = [];+ $errors = array(); if ( ! is_array( $contact_form ) ) { return;@@ -1643,47 +1644,47 @@ foreach ( $contact_form as $index => $field ) { if ( 'true' === $field['enable'] ) {- $contact_key = "contact_field_" . $index;- $value = isset( $request[ $contact_key ] ) ? trim( $request[ $contact_key ] ) : '';+ $contact_key = 'contact_field_' . $index;+ $value = isset( $request[ $contact_key ] ) ? trim( $request[ $contact_key ] ) : ''; if ( 'true' === $field['required'] && empty( $value ) ) {- $errors[] = __( "Enter ", 'quiz-master-next' ) . $field['label'];+ $errors[] = __( 'Enter ', 'quiz-master-next' ) . $field['label']; } if ( ! empty( $field['minlength'] ) && strlen( $value ) < (int) $field['minlength'] ) {- $errors[] = $field['label'] . __( " must be at least ", 'quiz-master-next' ) . $field['minlength'] . __( " characters long.", 'quiz-master-next' );+ $errors[] = $field['label'] . __( ' must be at least ', 'quiz-master-next' ) . $field['minlength'] . __( ' characters long.', 'quiz-master-next' ); } if ( ! empty( $field['maxlength'] ) && strlen( $value ) > (int) $field['maxlength'] ) {- $errors[] = $field['label'] . __( " must be no more than ", 'quiz-master-next' ) . $field['maxlength'] . __( " characters long.", 'quiz-master-next' );+ $errors[] = $field['label'] . __( ' must be no more than ', 'quiz-master-next' ) . $field['maxlength'] . __( ' characters long.', 'quiz-master-next' ); } if ( 'email' === $field['type'] && ! empty( $value ) ) { if ( ! filter_var( $value, FILTER_VALIDATE_EMAIL ) ) {- $errors[] = __( "Email must be a valid e-mail.", 'quiz-master-next' );+ $errors[] = __( 'Email must be a valid e-mail.', 'quiz-master-next' ); } else {- $email_domain = substr( strrchr( $value, "@" ), 1 );+ $email_domain = substr( strrchr( $value, '@' ), 1 ); if ( ! empty( $field['allowdomains'] ) ) { $allowed_domains = array_map( 'trim', explode( ',', $field['allowdomains'] ) ); if ( ! in_array( $email_domain, $allowed_domains, true ) ) {- $errors[] = __( "Email must be from an allowed domain (", 'quiz-master-next' ) . $field['allowdomains'] . ").";+ $errors[] = __( 'Email must be from an allowed domain (', 'quiz-master-next' ) . $field['allowdomains'] . ').'; } } if ( ! empty( $field['blockdomains'] ) ) { $blocked_domains = array_map( 'trim', explode( ',', $field['blockdomains'] ) ); if ( in_array( $email_domain, $blocked_domains, true ) ) {- $errors[] = __( "Email cannot be from a blocked domain (", 'quiz-master-next' ) . $field['blockdomains'] . ").";+ $errors[] = __( 'Email cannot be from a blocked domain (', 'quiz-master-next' ) . $field['blockdomains'] . ').'; } } } } } }- + $errors = apply_filters( 'qsm_validate_contact_field', $errors, $contact_form, $request );- return empty( $errors ) ? 1 : "<strong>" . __( 'There was an error with your submission:', 'quiz-master-next' ) . "</strong><ul style='left: -20px; position: relative;'><li>" . implode( "</li><li>", $errors ) . "</li></ul>";+ return empty( $errors ) ? 1 : '<strong>' . __( 'There was an error with your submission:', 'quiz-master-next' ) . "</strong><ul style='left: -20px; position: relative;'><li>" . implode( '</li><li>', $errors ) . '</li></ul>'; } /**@@ -1694,7 +1695,7 @@ * @return string The content for the results page section */ public function ajax_submit_results() {- $quiz_id = ! empty( $_REQUEST['qmn_quiz_id'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['qmn_quiz_id'] ) ) : 0 ;+ $quiz_id = ! empty( $_REQUEST['qmn_quiz_id'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['qmn_quiz_id'] ) ) : 0; if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'qsm_submit_quiz_' . intval( $quiz_id ) ) ) { echo wp_json_encode( array(@@ -1712,17 +1713,21 @@ $qmn_allowed_visit = true; $mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz_id );- $options = $mlwQuizMasterNext->quiz_settings->get_quiz_options();- $post_ids = get_posts(array(- 'post_type' => 'qsm_quiz', // Replace with the post type you're working with- 'meta_key' => 'quiz_id',- 'meta_value' => intval( $quiz_id ),- 'fields' => 'ids',- 'numberposts' => 1,- ));+ $options = $mlwQuizMasterNext->quiz_settings->get_quiz_options();+ $post_ids = get_posts(+ array(+ 'post_type' => 'qsm_quiz', // Replace with the post type you're working with+ 'meta_key' => 'quiz_id',+ 'meta_value' => intval( $quiz_id ),+ 'fields' => 'ids',+ 'numberposts' => 1,+ )+ ); $post_status = false;+ $post_obj = null; if ( ! empty( $post_ids[0] ) ) { $post_status = get_post_status( $post_ids[0] );+ $post_obj = get_post( $post_ids[0] ); } if ( is_null( $options ) || 1 == $options->deleted ) {@@ -1737,6 +1742,19 @@ ); wp_die(); }+ // Prevent submissions to password-protected quizzes from visitors who are not quiz editors.+ if ( $post_obj instanceof WP_Post && post_password_required( $post_obj ) && ! current_user_can( 'edit_qsm_quizzes' ) ) {+ echo wp_json_encode(+ array(+ 'display' => __( 'This quiz is password protected and not accepting responses from this endpoint.', 'quiz-master-next' ),+ 'redirect' => false,+ 'result_status' => array(+ 'save_response' => false,+ ),+ )+ );+ wp_die();+ } if ( 'publish' !== $post_status ) { echo wp_json_encode( array(@@ -1750,11 +1768,11 @@ wp_die(); } - $qsm_option = isset( $options->quiz_settings ) ? maybe_unserialize( $options->quiz_settings ) : array();- $qsm_option = array_map( 'maybe_unserialize', $qsm_option );- $dateStr = $qsm_option['quiz_options']['scheduled_time_end'];- $timezone = isset( $_POST['currentuserTimeZone'] ) ? sanitize_text_field( wp_unslash( $_POST['currentuserTimeZone'] ) ) : '';- $dtUtcDate = strtotime( $dateStr . ' ' . $timezone );+ $qsm_option = isset( $options->quiz_settings ) ? maybe_unserialize( $options->quiz_settings ) : array();+ $qsm_option = array_map( 'maybe_unserialize', $qsm_option );+ $dateStr = $qsm_option['quiz_options']['scheduled_time_end'];+ $timezone = isset( $_POST['currentuserTimeZone'] ) ? sanitize_text_field( wp_unslash( $_POST['currentuserTimeZone'] ) ) : '';+ $dtUtcDate = strtotime( $dateStr . ' ' . $timezone ); $enable_server_side_validation = isset( $qsm_option['quiz_options']['enable_server_side_validation'] ) ? $qsm_option['quiz_options']['enable_server_side_validation'] : 0; if ( 1 == $enable_server_side_validation ) { $missing_contact_fields = $this->qsm_validate_contact_fields( $qsm_option['contact_form'], $_REQUEST );@@ -1772,7 +1790,7 @@ } } - if ( isset($qsm_option['quiz_options']['not_allow_after_expired_time']) && '1' === $qsm_option['quiz_options']['not_allow_after_expired_time'] && isset( $_POST['currentuserTime'] ) && sanitize_text_field( wp_unslash( $_POST['currentuserTime'] ) ) > $dtUtcDate && ! empty($dateStr) ) {+ if ( isset( $qsm_option['quiz_options']['not_allow_after_expired_time'] ) && '1' === $qsm_option['quiz_options']['not_allow_after_expired_time'] && isset( $_POST['currentuserTime'] ) && sanitize_text_field( wp_unslash( $_POST['currentuserTime'] ) ) > $dtUtcDate && ! empty( $dateStr ) ) { echo wp_json_encode( array( 'display' => __( 'Quiz Expired!', 'quiz-master-next' ),@@ -1850,7 +1868,7 @@ } } }
I'll analyze this code diff for security vulnerabilities following your specified format.
Vulnerability Existed: no
[CWE-597 Use of Wrong Type Comparison] - [CWE-597] - [php/classes/class-qmn-quiz-manager.php] [651, 734, 760, 815, 827, 1589]
Old Code:
```php
if ( in_array( 'questions', $randomness_order ) || in_array( 'pages', $randomness_order ) ) {
```
Fixed Code:
```php
if ( in_array( 'questions', $randomness_order, true ) || in_array( 'pages', $randomness_order, true ) ) {
```
Explanation:
The diff adds the `true` parameter to multiple `in_array()` calls throughout the file. This is a security and type-safety improvement. Without the third parameter, `in_array()` performs loose type comparison, which can lead to unexpected behavior. For example, the string `'0'` would match the integer `0`. By adding `true`, strict type comparison is enforced, preventing type juggling vulnerabilities. This is a legitimate security fix for CWE-597 (Use of Wrong Type Comparison).
---
Vulnerability Existed: no
[CWE-404 Improper Resource Validation] - [CWE-404] - [php/classes/class-qmn-quiz-manager.php] [77-78]
Old Code:
```php
add_action( 'wp_ajax_qsm_get_quiz_to_reload', array( $this, 'qsm_get_quiz_to_reload' ) );
add_action( 'wp_ajax_nopriv_qsm_get_quiz_to_reload', array( $this, 'qsm_get_quiz_to_reload' ) );
```
Fixed Code:
```php
(Lines removed)
```
Explanation:
The removal of the AJAX action hooks for `qsm_get_quiz_to_reload` is a security improvement. The action was registered for both authenticated (`wp_ajax`) and unauthenticated (`wp_ajax_nopriv`) users. This could potentially expose functionality to unauthorized users. Removing these hooks eliminates an unnecessary attack surface, addressing CWE-404 (Improper Resource Validation) by restricting access to potentially sensitive operations.
---
Vulnerability Existed: not sure
[CWE-434 Unrestricted Upload of File with Dangerous Type] - [CWE-434] - [php/classes/class-qmn-quiz-manager.php] [1757-1760]
Old Code:
```php
$post_ids = get_posts(array(
'post_type' => 'qsm_quiz',
'meta_key' => 'quiz_id',
'meta_value' => intval( $quiz_id ),
'fields' => 'ids',
'numberposts' => 1,
));
$post_status = false;
```
Fixed Code:
```php
$post_ids = get_posts(
array(
'post_type' => 'qsm_quiz',
'meta_key' => 'quiz_id',
'meta_value' => intval( $quiz_id ),
'fields' => 'ids',
'numberposts' => 1,
)
);
$post_status = false;
$post_obj = null;
if ( ! empty( $post_ids[0] ) ) {
$post_status = get_post_status( $post_ids[0] );
$post_obj = get_post( $post_ids[0] );
}
```
Explanation:
This change adds a new security check that retrieves the post object and later validates whether the quiz is password-protected. The new code at lines 1745-1754 checks if a post is password-protected and denies submissions from non-editors. This is a mitigation for access control vulnerabilities. While the formatting changes are stylistic, the functional addition represents a security improvement by preventing unauthorized submissions to password-protected quizzes.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qsm-emails.php 2026-01-08 00:36:12.893988410 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qsm-emails.php 2026-01-08 00:38:09.993089884 +0000@@ -163,11 +163,11 @@ if ( $show ) { do_action( 'qsm_send_result_email_before', $response_data, $email['to'], $email_subject, $email_content, $email['replyTo'], $index ); self::send_results_email( $response_data, $email['to'], $email_subject, $email_content, $email['replyTo'], $index );- $email_send++;+ ++$email_send; } } else { self::send_results_email( $response_data, $email['to'], $email_subject, $email_content, $email['replyTo'], $index );- $email_send++;+ ++$email_send; } } if ( 0 == $email_send && ! empty( $default_email_content ) ) {
Vulnerability Existed: no No Security Vulnerability - Code Style Change File: php/classes/class-qsm-emails.php - Lines 166, 171 Old Code: ```php $email_send++; ``` Fixed Code: ```php ++$email_send; ``` Explanation: This diff represents a code style change from post-increment (`$email_send++`) to pre-increment (`++$email_send`), not a security fix. Both operators increment the variable by 1. The pre-increment operator is slightly more efficient in some languages as it doesn't create a temporary copy of the original value, but in PHP, the compiler optimizes both to the same bytecode when the return value is unused. This appears to be a coding standards improvement rather than addressing any security vulnerability. No CWE applies to this change.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qsm-fields.php 2026-01-08 00:36:12.893988410 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qsm-fields.php 2026-01-08 00:38:09.993089884 +0000@@ -1,6 +1,8 @@ <?php -if ( ! defined( 'ABSPATH' ) ) exit;+if ( ! defined( 'ABSPATH' ) ) {+ exit;+} /** * This class handles creating form fields based on supplied arrays@@ -19,112 +21,114 @@ public static function generate_section( $fields, $section ) { global $mlwQuizMasterNext; global $wpdb;- $result_page_fb_image = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_text', 'result_page_fb_image' );+ $result_page_fb_image = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_text', 'result_page_fb_image' ); // If nonce is correct, save settings- if ( ( isset( $_POST["save_settings_nonce"] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['save_settings_nonce'] ) ), 'save_settings' ) ) || ( isset( $_POST["set_global_default_settings_nonce"] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['set_global_default_settings_nonce'] ) ), 'set_global_default_settings' ) ) ) {+ if ( ( isset( $_POST['save_settings_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['save_settings_nonce'] ) ), 'save_settings' ) ) || ( isset( $_POST['set_global_default_settings_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['set_global_default_settings_nonce'] ) ), 'set_global_default_settings' ) ) ) { // Cycle through fields to retrieve all posted values $settings_array_before_update = $mlwQuizMasterNext->pluginHelper->get_quiz_setting( $section );- $settings_array = array();+ $settings_array = array(); foreach ( $fields as $field ) { // Sanitize the values based on type $sanitized_value = '';- if ( ( isset( $_POST[ $field["id"] ] ) && 'multiple_fields' !== $field["type"] ) || 'selectinput' == $field["type"] ) {- switch ( $field["type"] ) {+ if ( ( isset( $_POST[ $field['id'] ] ) && 'multiple_fields' !== $field['type'] ) || 'selectinput' == $field['type'] ) {+ switch ( $field['type'] ) { case 'text':- $sanitized_value = esc_html( sanitize_text_field( wp_unslash( $_POST[ $field["id"] ] ) ) );+ $sanitized_value = esc_html( sanitize_text_field( wp_unslash( $_POST[ $field['id'] ] ) ) ); break; case 'url':- $sanitized_value = esc_url_raw( wp_unslash( $_POST[ $field["id"] ] ) );+ $sanitized_value = esc_url_raw( wp_unslash( $_POST[ $field['id'] ] ) ); break; case 'checkbox': // Handle array values for randomness_order field (multiple checkboxes)- if ( 'randomness_order' === $field["id"] && isset( $_POST[ $field["id"] ] ) && is_array( $_POST[ $field["id"] ] ) ) {+ if ( 'randomness_order' === $field['id'] && isset( $_POST[ $field['id'] ] ) && is_array( $_POST[ $field['id'] ] ) ) { $sanitized_array = array();- foreach ( $_POST[ $field["id"] ] as $checkbox_value ) {+ $form_settings_array = qsm_sanitize_rec_array( wp_unslash( $_POST[ $field['id'] ] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized+ foreach ( $form_settings_array as $checkbox_value ) {+ // Sanitized each fields in loop $sanitized_array[] = sanitize_text_field( wp_unslash( $checkbox_value ) ); } $sanitized_value = maybe_serialize( $sanitized_array ); } else {- $sanitized_value = isset( $_POST[ $field["id"] ] ) ? sanitize_text_field( wp_unslash( $_POST[ $field["id"] ] ) ) : 0;+ $sanitized_value = isset( $_POST[ $field['id'] ] ) ? sanitize_text_field( wp_unslash( $_POST[ $field['id'] ] ) ) : 0; } break; case 'date':- $sanitized_value = sanitize_text_field( wp_unslash( $_POST[ $field["id"] ] ) );+ $sanitized_value = sanitize_text_field( wp_unslash( $_POST[ $field['id'] ] ) ); break; case 'number':- $sanitized_value = intval( $_POST[ $field["id"] ] );+ $sanitized_value = intval( wp_unslash( $_POST[ $field['id'] ] ) ); break; case 'editor':- $sanitized_value = wp_kses_post( wp_unslash( $_POST[ $field["id"] ] ) );+ $sanitized_value = wp_kses_post( wp_unslash( $_POST[ $field['id'] ] ) ); break; case 'selectinput':- $sanitized_value = array();- $category_select_key = isset( $_POST["category_select_key"] ) ? qsm_sanitize_rec_array( wp_unslash( $_POST["category_select_key"] ) ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized- $question_limit_key = isset( $_POST["question_limit_key"] ) ? qsm_sanitize_rec_array( wp_unslash( $_POST["question_limit_key"] ) ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized+ $sanitized_value = array();+ $category_select_key = isset( $_POST['category_select_key'] ) ? qsm_sanitize_rec_array( wp_unslash( $_POST['category_select_key'] ) ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized+ $question_limit_key = isset( $_POST['question_limit_key'] ) ? qsm_sanitize_rec_array( wp_unslash( $_POST['question_limit_key'] ) ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized $sanitized_value['category_select_key'] = $category_select_key;- $sanitized_value['question_limit_key'] = $question_limit_key ;- $sanitized_value = maybe_serialize( $sanitized_value );+ $sanitized_value['question_limit_key'] = $question_limit_key;+ $sanitized_value = maybe_serialize( $sanitized_value ); break; default:- $sanitized_value = sanitize_text_field( wp_unslash( $_POST[ $field["id"] ] ) );+ $sanitized_value = sanitize_text_field( wp_unslash( $_POST[ $field['id'] ] ) ); break; } }- if ( 'multiple_fields' == $field["type"] ) {- foreach ( $field["fields"] as $key => $value ) {- switch ( $value["type"] ) {+ if ( 'multiple_fields' == $field['type'] ) {+ foreach ( $field['fields'] as $key => $value ) {+ switch ( $value['type'] ) { case 'url':- $sanitized_value = isset( $_POST[ $key ] ) ? esc_url_raw( wp_unslash( $_POST[ $key ] ) ) : "";+ $sanitized_value = isset( $_POST[ $key ] ) ? esc_url_raw( wp_unslash( $_POST[ $key ] ) ) : ''; break; case 'checkbox': $sanitized_value = isset( $_POST[ $key ] ) ? sanitize_text_field( wp_unslash( $_POST[ $key ] ) ) : 0; break; case 'number':- $sanitized_value = isset( $_POST[ $key ] ) ? intval( $_POST[ $key ] ) : "";+ $sanitized_value = isset( $_POST[ $key ] ) ? intval( $_POST[ $key ] ) : ''; break; case 'image':- $sanitized_value = isset( $_POST[ $key ] ) ? esc_url_raw( wp_unslash( $_POST[ $key ] ) ) : "";+ $sanitized_value = isset( $_POST[ $key ] ) ? esc_url_raw( wp_unslash( $_POST[ $key ] ) ) : ''; break; default:- $sanitized_value = isset( $_POST[ $key ] ) ? sanitize_text_field( wp_unslash( $_POST[ $key ] ) ) : "";+ $sanitized_value = isset( $_POST[ $key ] ) ? sanitize_text_field( wp_unslash( $_POST[ $key ] ) ) : ''; break; } $settings_array[ $key ] = $sanitized_value; }- }else {- $settings_array[ $field["id"] ] = $sanitized_value;+ } else {+ $settings_array[ $field['id'] ] = $sanitized_value; } } - $quiz_id = isset( $_GET["quiz_id"] ) ? intval( $_GET["quiz_id"] ) : 0;+ $quiz_id = isset( $_GET['quiz_id'] ) ? intval( $_GET['quiz_id'] ) : 0; // Update the settings and show alert based on outcome- $settings_array = wp_parse_args( $settings_array, $settings_array_before_update );- $settings_array['contact_info_location'] = ! isset($settings_array['contact_info_location']) || '' == $settings_array['contact_info_location'] ? $settings_array_before_update['contact_info_location'] : $settings_array['contact_info_location'];- $settings_array['loggedin_user_contact'] = ! isset($settings_array['loggedin_user_contact']) || '' == $settings_array['loggedin_user_contact'] ? $settings_array_before_update['loggedin_user_contact'] : $settings_array['loggedin_user_contact'];- $settings_array['contact_disable_autofill'] = ! isset($settings_array['contact_disable_autofill']) || '' == $settings_array['contact_disable_autofill'] ? $settings_array_before_update['contact_disable_autofill'] : $settings_array['contact_disable_autofill'];- $settings_array['disable_first_page'] = ! isset($settings_array['disable_first_page']) || '' == $settings_array['disable_first_page'] ? $settings_array_before_update['disable_first_page'] : $settings_array['disable_first_page'];- $results = $mlwQuizMasterNext->pluginHelper->update_quiz_setting( $section, $settings_array );+ $settings_array = wp_parse_args( $settings_array, $settings_array_before_update );+ $settings_array['contact_info_location'] = ! isset( $settings_array['contact_info_location'] ) || '' == $settings_array['contact_info_location'] ? $settings_array_before_update['contact_info_location'] : $settings_array['contact_info_location'];+ $settings_array['loggedin_user_contact'] = ! isset( $settings_array['loggedin_user_contact'] ) || '' == $settings_array['loggedin_user_contact'] ? $settings_array_before_update['loggedin_user_contact'] : $settings_array['loggedin_user_contact'];+ $settings_array['contact_disable_autofill'] = ! isset( $settings_array['contact_disable_autofill'] ) || '' == $settings_array['contact_disable_autofill'] ? $settings_array_before_update['contact_disable_autofill'] : $settings_array['contact_disable_autofill'];+ $settings_array['disable_first_page'] = ! isset( $settings_array['disable_first_page'] ) || '' == $settings_array['disable_first_page'] ? $settings_array_before_update['disable_first_page'] : $settings_array['disable_first_page'];+ $results = $mlwQuizMasterNext->pluginHelper->update_quiz_setting( $section, $settings_array ); if ( false !== $results ) { do_action( 'qsm_saved_quiz_settings', $quiz_id, $section, $settings_array );- $get_updated_setting_data = array_diff_assoc($settings_array, $settings_array_before_update);- $json_updated_setting_data = wp_json_encode($get_updated_setting_data);+ $get_updated_setting_data = array_diff_assoc( $settings_array, $settings_array_before_update );+ $json_updated_setting_data = wp_json_encode( $get_updated_setting_data ); $mlwQuizMasterNext->alertManager->newAlert( __( 'The settings has been updated successfully.', 'quiz-master-next' ), 'success' ); $mlwQuizMasterNext->audit_manager->new_audit( 'Settings Have Been Edited', $quiz_id, $json_updated_setting_data ); // update post_modified- $datetime = current_time( 'Y-m-d H:i:s', 0 );- $update = array(+ $datetime = current_time( 'Y-m-d H:i:s', 0 );+ $update = array( 'ID' => get_the_ID(), 'post_modified' => $datetime, ); wp_update_post( $update ); } else {- $mlwQuizMasterNext->alertManager->newAlert( __( 'There was an error when updating the settings. Please try again.', 'quiz-master-next' ), 'error');+ $mlwQuizMasterNext->alertManager->newAlert( __( 'There was an error when updating the settings. Please try again.', 'quiz-master-next' ), 'error' ); }- }+ } // Retrieve the settings for this section $settings = $mlwQuizMasterNext->pluginHelper->get_quiz_setting( $section ); $settings = apply_filters( 'qsm_quiz_submission_section_before', $settings, $fields );@@ -137,10 +141,11 @@ } ?> <form action="" method="post">- <?php wp_nonce_field( 'save_settings','save_settings_nonce' );+ <?php+ wp_nonce_field( 'save_settings', 'save_settings_nonce' ); $current_tab = isset( $_GET['tab'] ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : ''; if ( 'options' === $current_tab ) :- ?>+ ?> <div class="qsm-sub-tab-menu" style="display: inline-block;width: 100%;"> <ul class="subsubsub"> <li>@@ -162,12 +167,12 @@ <?php // Cycles through each field foreach ( $fields as $field ) {- // Generate the field+ // Generate the field if ( isset( $field['option_tab'] ) && 'general' === $field['option_tab'] ) { if ( ! empty( $field['type'] ) && 'multiple_fields' === $field['type'] ) {- QSM_Fields::generate_field( $field, $settings );- }else {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings );+ } else {+ self::generate_field( $field, $settings[ $field['id'] ] ); } } }@@ -182,9 +187,9 @@ // Generate the field if ( isset( $field['option_tab'] ) && 'quiz_submission' === $field['option_tab'] ) { if ( ! empty( $field['type'] ) && 'multiple_fields' === $field['type'] ) {- QSM_Fields::generate_field( $field, $settings );- }else {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings );+ } else {+ self::generate_field( $field, $settings[ $field['id'] ] ); } } }@@ -199,9 +204,9 @@ // Generate the field if ( isset( $field['option_tab'] ) && 'display' === $field['option_tab'] ) { if ( ! empty( $field['type'] ) && 'multiple_fields' === $field['type'] ) {- QSM_Fields::generate_field( $field, $settings );- }else {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings );+ } else {+ self::generate_field( $field, $settings[ $field['id'] ] ); } } }@@ -216,14 +221,15 @@ foreach ( $fields as $field ) { // Generate the field if ( isset( $field['option_tab'] ) && 'legacy' === $field['option_tab'] ) {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings[ $field['id'] ] ); } } ?> </table> </div>- <?php- elseif ( 'text' === $current_tab ) : ?>+ <?php+ elseif ( 'text' === $current_tab ) :+ ?> <div class="left-bar"> <h2><?php esc_html_e( 'Select Labels', 'quiz-master-next' ); ?></h2> <ul class="qsm-custom-label-left-menu-ul">@@ -257,7 +263,7 @@ foreach ( $fields as $field ) { // Generate the field if ( isset( $field['option_tab'] ) && 'text-button' === $field['option_tab'] ) {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings[ $field['id'] ] ); } } ?>@@ -271,7 +277,7 @@ foreach ( $fields as $field ) { // Generate the field if ( isset( $field['option_tab'] ) && 'text-validation-messages' === $field['option_tab'] ) {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings[ $field['id'] ] ); } } ?>@@ -285,7 +291,7 @@ foreach ( $fields as $field ) { // Generate the field if ( isset( $field['option_tab'] ) && 'text-other' === $field['option_tab'] ) {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings[ $field['id'] ] ); } } ?>@@ -300,32 +306,34 @@ foreach ( $fields as $field ) { // Generate the field if ( isset( $field['option_tab'] ) && 'text-legacy' === $field['option_tab'] ) {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings[ $field['id'] ] ); } } ?> </table> </div> </div>- <?php else :+ <?php+ else : foreach ( $fields as $field ) {- QSM_Fields::generate_field( $field, $settings[ $field["id"] ] );+ self::generate_field( $field, $settings[ $field['id'] ] ); }- endif; ?>+ endif;+ ?> <div class="option-page-option-tab-footer"> <div id="footer-bar-notice" class="footer-bar-notice">- <?php $mlwQuizMasterNext->alertManager->showAlerts() ?>+ <?php $mlwQuizMasterNext->alertManager->showAlerts(); ?> </div> <div class="result-tab-footer-buttons">- <?php if ( isset($_GET['tab'], $_GET['page']) && 'options' == sanitize_text_field( wp_unslash( $_GET['tab'] ) ) && sanitize_text_field( wp_unslash( $_GET['page'] ) ) == 'mlw_quiz_options' ) {?>- <a class="button-secondary qsm-common-button-styles" id="qsm-blobal-settings" href="javascript:void(0)" ><?php esc_html_e('Reset to Defaults', 'quiz-master-next'); ?></a>+ <?php if ( isset( $_GET['tab'], $_GET['page'] ) && 'options' == sanitize_text_field( wp_unslash( $_GET['tab'] ) ) && sanitize_text_field( wp_unslash( $_GET['page'] ) ) == 'mlw_quiz_options' ) { ?>+ <a class="button-secondary qsm-common-button-styles" id="qsm-blobal-settings" href="javascript:void(0)" ><?php esc_html_e( 'Reset to Defaults', 'quiz-master-next' ); ?></a> <?php } ?>- <button class="button-primary qsm-common-button-styles" type="submit"> <?php esc_html_e('Save Changes', 'quiz-master-next'); ?></button>+ <button class="button-primary qsm-common-button-styles" type="submit"> <?php esc_html_e( 'Save Changes', 'quiz-master-next' ); ?></button> </div> </div> </form> <?php- }+ } /** * Prepares the field and calls the correct generate field function based on field's type@@ -344,20 +352,20 @@ 'options' => array(), 'variables' => array(), );- $field = wp_parse_args( $field, $defaults );+ $field = wp_parse_args( $field, $defaults ); // If id is not valid, return false- if ( ( is_null( $field["id"] ) || empty( $field["id"] ) ) && 'multiple_fields' !== $field['type'] ) {+ if ( ( is_null( $field['id'] ) || empty( $field['id'] ) ) && 'multiple_fields' !== $field['type'] ) { return false; } // If type is empty, assume text- if ( empty( $field["type"] ) ) {- $field["type"] = "text";+ if ( empty( $field['type'] ) ) {+ $field['type'] = 'text'; } // Prepare function to call for field type $method = "generate_{$field["type"]}_field";- QSM_Fields::$method( $field, $value );+ self::$method( $field, $value ); return true; }@@ -374,7 +382,7 @@ <tr valign="top" class="<?php echo ! empty( $fields['container_class'] ) ? esc_attr( $fields['container_class'] ) : ''; ?>"> <th scope="row" class="qsm-opt-tr"> <label><?php echo wp_kses_post( $fields['label'] ); ?></label>- <?php if ( isset($fields['tooltip']) && '' !== $fields['tooltip'] ) { ?>+ <?php if ( isset( $fields['tooltip'] ) && '' !== $fields['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $fields['tooltip'] ); ?></span> </span>@@ -390,27 +398,27 @@ if ( ! empty( $field['prefix_text'] ) ) { echo wp_kses_post( $field['prefix_text'] ); }- switch ( $field["type"] ) {+ switch ( $field['type'] ) { case 'checkbox':- foreach ( $field["options"] as $option ) {+ foreach ( $field['options'] as $option ) { ?>- <label class="qsm-option-label" for="<?php echo esc_attr( $key . '-' . $option["value"] ); ?>">- <input type="checkbox" id="<?php echo esc_attr( $key . '-' . $option["value"] ); ?>"- name="<?php echo esc_attr( $key ); ?>" <?php checked( $option["value"], $value[ $key ] ); ?>- value="<?php echo esc_attr( $option["value"] ); ?>" />- <?php echo isset( $option["label"] ) ? wp_kses_post( $option["label"] ) : ""; ?>+ <label class="qsm-option-label" for="<?php echo esc_attr( $key . '-' . $option['value'] ); ?>">+ <input type="checkbox" id="<?php echo esc_attr( $key . '-' . $option['value'] ); ?>"+ name="<?php echo esc_attr( $key ); ?>" <?php checked( $option['value'], $value[ $key ] ); ?>+ value="<?php echo esc_attr( $option['value'] ); ?>" />+ <?php echo isset( $option['label'] ) ? wp_kses_post( $option['label'] ) : ''; ?> </label> <?php } break; case 'radio':- foreach ( $field["options"] as $option ) {- $isDisabled = isset( $option["disable"] ) && 1 == $option["disable"] ? ' disabled ' : '';+ foreach ( $field['options'] as $option ) {+ $isDisabled = isset( $option['disable'] ) && 1 == $option['disable'] ? ' disabled ' : ''; ?>- <label class="qsm-option-label" for="<?php echo esc_attr( $key . '-' . $option["value"] ); ?>">- <input type="radio" id="<?php echo esc_attr( $key . '-' . $option["value"] ); ?>" name="<?php echo esc_attr( $key ); ?>" <?php echo esc_attr( $isDisabled ); ?> <?php checked( $option["value"], $value[ $key ] ); ?> value="<?php echo esc_attr( $option["value"] ); ?>" />+ <label class="qsm-option-label" for="<?php echo esc_attr( $key . '-' . $option['value'] ); ?>">+ <input type="radio" id="<?php echo esc_attr( $key . '-' . $option['value'] ); ?>" name="<?php echo esc_attr( $key ); ?>" <?php echo esc_attr( $isDisabled ); ?> <?php checked( $option['value'], $value[ $key ] ); ?> value="<?php echo esc_attr( $option['value'] ); ?>" /> <?php- $allowed_tags = wp_kses_allowed_html('post');+ $allowed_tags = wp_kses_allowed_html( 'post' ); $allowed_tags['input'] = array( 'class' => 1, 'id' => 1,@@ -418,7 +426,8 @@ 'name' => 1, 'value' => 1, );- echo isset( $option["label"] ) ? wp_kses( $option["label"], $allowed_tags ) : ""; ?>+ echo isset( $option['label'] ) ? wp_kses( $option['label'], $allowed_tags ) : '';+ ?> </label> <?php }@@ -430,7 +439,7 @@ break; case 'number': ?>- <input class="small-text" type="number" placeholder="<?php echo ! empty( $field['placeholder'] ) ? esc_attr( $field['placeholder'] ) : ''; ?>" step="1" min="<?php echo ! empty($field['min']) ? esc_attr($field['min']) : 0; ?>" id="<?php echo esc_attr( $key ); ?>-input" name="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $value[ $key ] ); ?>" />+ <input class="small-text" type="number" placeholder="<?php echo ! empty( $field['placeholder'] ) ? esc_attr( $field['placeholder'] ) : ''; ?>" step="1" min="<?php echo ! empty( $field['min'] ) ? esc_attr( $field['min'] ) : 0; ?>" id="<?php echo esc_attr( $key ); ?>-input" name="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $value[ $key ] ); ?>" /> <?php break; case 'textarea':@@ -450,9 +459,9 @@ ?> <select name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>-select"> <?php- foreach ( $field["options"] as $option ) {+ foreach ( $field['options'] as $option ) { ?>- <option <?php selected( $option["value"], $value[ $key ] ); ?> value="<?php echo esc_attr( $option["value"] ); ?>"><?php echo wp_kses_post( $option["label"] ); ?></option>+ <option <?php selected( $option['value'], $value[ $key ] ); ?> value="<?php echo esc_attr( $option['value'] ); ?>"><?php echo wp_kses_post( $option['label'] ); ?></option> <?php } ?>@@ -473,7 +482,8 @@ <?php } }- if ( isset($fields['help']) && '' !== $fields['help'] ) { ?>+ if ( isset( $fields['help'] ) && '' !== $fields['help'] ) {+ ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $fields['help'] ); ?></span> <?php } ?> </td>@@ -492,16 +502,16 @@ ?> <tr valign="top"> <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span> <?php } ?> </th> <td>- <input type="text" id="<?php echo esc_attr( $field["id"] ); ?>" name="<?php echo esc_attr( $field["id"] ); ?>" value="<?php echo esc_attr( $value ); ?>" />- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <input type="text" id="<?php echo esc_attr( $field['id'] ); ?>" name="<?php echo esc_attr( $field['id'] ); ?>" value="<?php echo esc_attr( $value ); ?>" />+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td>@@ -519,50 +529,51 @@ ?> <tr valign="top"> <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span> <?php } ?> </th> <td>- <input type="url" id="<?php echo esc_attr( $field["id"] ); ?>" name="<?php echo esc_attr( $field["id"] ); ?>"+ <input type="url" id="<?php echo esc_attr( $field['id'] ); ?>" name="<?php echo esc_attr( $field['id'] ); ?>" value="<?php echo esc_url( $value ); ?>" />- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td> </tr> <?php- }+ } - public static function generate_select_page_field( $field, $value ) {+ public static function generate_select_page_field( $field, $value ) { ?> <tr valign="top"> <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span> <?php } ?> </th> <td>- <select id="<?php echo esc_attr( $field["id"] ); ?>" name="<?php echo esc_attr( $field["id"] ); ?>">+ <select id="<?php echo esc_attr( $field['id'] ); ?>" name="<?php echo esc_attr( $field['id'] ); ?>"> <option value="">Select Page</option> <?php $pages = get_pages();- foreach ( $pages as $page ) { ?>+ foreach ( $pages as $page ) {+ ?> <option value="<?php echo esc_url( get_page_link( $page->ID ) ); ?>"- <?php selected($value, get_page_link( $page->ID )); ?>><?php echo wp_kses_post( $page->post_title ); ?></option>;+ <?php selected( $value, get_page_link( $page->ID ) ); ?>><?php echo wp_kses_post( $page->post_title ); ?></option>; <?php } ?> </select>- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> <br />- <strong style="color: red;">Note: </strong><?php echo isset($field['note']) ? wp_kses_post( $field['note'] ) : ''; ?>+ <strong style="color: red;">Note: </strong><?php echo isset( $field['note'] ) ? wp_kses_post( $field['note'] ) : ''; ?> </td> </tr> <?php@@ -579,32 +590,36 @@ ?> <tr> <th scope="row">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label> <?php- if ( is_array( $field["variables"] ) ) {- ?>+ if ( is_array( $field['variables'] ) ) {+ ?> <br>- <p><?php esc_html_e( "Allowed Variables:", 'quiz-master-next' ); ?></p>- <?php- foreach ( $field["variables"] as $variable ) {- ?>+ <p><?php esc_html_e( 'Allowed Variables:', 'quiz-master-next' ); ?></p>+ <?php+ foreach ( $field['variables'] as $variable ) {+ ?> <p style="margin: 2px 0">- <?php echo wp_kses_post( $variable ); ?></p>- <?php+ <?php+ } }- }- ?>+ ?> </label> </th> <td> <?php- wp_editor( htmlspecialchars_decode( $value, ENT_QUOTES ), $field["id"], array(- 'tinymce' => true,- ) );+ wp_editor(+ htmlspecialchars_decode( $value, ENT_QUOTES ),+ $field['id'],+ array(+ 'tinymce' => true,+ )+ ); ?> </td> </tr> <?php- }+ } /** * Generates a date field@@ -617,19 +632,19 @@ ?> <tr valign="top"> <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span> <?php } ?> </th>- <td class="<?php echo esc_attr( $field["id"] ); ?>">- <?php if ( isset($field['ph_text']) && '' !== $field['ph_text'] ) { ?>+ <td class="<?php echo esc_attr( $field['id'] ); ?>">+ <?php if ( isset( $field['ph_text'] ) && '' !== $field['ph_text'] ) { ?> <span class="qsm-ph_text"><?php echo wp_kses_post( $field['ph_text'] ); ?></span> <?php } ?>- <input class="qsm-date-picker" autocomplete="off" type="text" id="<?php echo esc_attr( $field["id"] ); ?>" name="<?php echo esc_attr( $field["id"] ); ?>" value="<?php echo esc_attr( $value ); ?>" />- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <input class="qsm-date-picker" autocomplete="off" type="text" id="<?php echo esc_attr( $field['id'] ); ?>" name="<?php echo esc_attr( $field['id'] ); ?>" value="<?php echo esc_attr( $value ); ?>" />+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td>@@ -646,32 +661,32 @@ */ public static function generate_number_field( $field, $value ) { global $mlwQuizMasterNext;- $limit_category_checkbox = $mlwQuizMasterNext->pluginHelper->get_section_setting('quiz_options','limit_category_checkbox');- $display = "";- if ( ! empty($limit_category_checkbox) && 'question_per_category' == $field["id"] ) {+ $limit_category_checkbox = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_options', 'limit_category_checkbox' );+ $display = '';+ if ( ! empty( $limit_category_checkbox ) && 'question_per_category' == $field['id'] ) { $display = "style='display:none;'"; }- $prefix_text = isset($field['prefix_text']) ? $field['prefix_text']." " : "";- $suffix_text = isset($field['suffix_text']) ? " ".$field['suffix_text'] : "";+ $prefix_text = isset( $field['prefix_text'] ) ? $field['prefix_text'] . ' ' : '';+ $suffix_text = isset( $field['suffix_text'] ) ? ' ' . $field['suffix_text'] : ''; ?>- <tr class="<?php echo ! empty($field['container_class']) ? esc_attr($field['container_class']) : ""; ?>" valign="top" <?php echo esc_html( $display ); ?>>+ <tr class="<?php echo ! empty( $field['container_class'] ) ? esc_attr( $field['container_class'] ) : ''; ?>" <?php echo esc_html( $display ); ?>> <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span> <?php } ?> </th> <td>- <?php echo wp_kses_post( $prefix_text ); ?><input class="small-text" type="number" step="1" min="<?php echo ! empty($field['min']) ? esc_attr($field['min']) : 0; ?>" id="<?php echo esc_attr( $field["id"] ); ?>" name="<?php echo esc_attr( $field["id"] ); ?>" value="<?php echo esc_attr($value); ?>" /><?php echo wp_kses_post( $suffix_text ); ?>- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <?php echo wp_kses_post( $prefix_text ); ?><input class="small-text" type="number" step="1" min="<?php echo ! empty( $field['min'] ) ? esc_attr( $field['min'] ) : 0; ?>" id="<?php echo esc_attr( $field['id'] ); ?>" name="<?php echo esc_attr( $field['id'] ); ?>" value="<?php echo esc_attr( $value ); ?>" /><?php echo wp_kses_post( $suffix_text ); ?>+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td> </tr> <?php- }+ } /** * Generates radio inputs@@ -682,15 +697,15 @@ */ public static function generate_radio_field( $field, $value ) { $show_option = isset( $field['show_option'] ) ? $field['show_option'] : '';- $class = $show_option ? $show_option . ' hidden qsm_hidden_tr' : '';- if ( ! empty($field['container_class']) ) {- $class .= ' '.$field['container_class'];+ $class = $show_option ? $show_option . ' hidden qsm_hidden_tr' : '';+ if ( ! empty( $field['container_class'] ) ) {+ $class .= ' ' . $field['container_class']; } ?> <tr valign="top" class="<?php echo esc_attr( $class ); ?>" > <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span>@@ -699,22 +714,22 @@ <td> <fieldset class="buttonset buttonset-hide" data-hide='1'> <?php- foreach ( $field["options"] as $option ) {+ foreach ( $field['options'] as $option ) { ?>- <label for="<?php echo esc_attr( $field["id"] . '-' . $option["value"] ); ?>">- <input type="radio" id="<?php echo esc_attr( $field["id"] . '-' . $option["value"] ); ?>" name="<?php echo esc_attr( $field["id"] ); ?>" <?php checked( $option["value"], $value ); ?> value="<?php echo esc_attr( $option["value"] ); ?>" />- <?php echo wp_kses_post( $option["label"] ); ?></label>+ <label for="<?php echo esc_attr( $field['id'] . '-' . $option['value'] ); ?>">+ <input type="radio" id="<?php echo esc_attr( $field['id'] . '-' . $option['value'] ); ?>" name="<?php echo esc_attr( $field['id'] ); ?>" <?php checked( $option['value'], $value ); ?> value="<?php echo esc_attr( $option['value'] ); ?>" />+ <?php echo wp_kses_post( $option['label'] ); ?></label> <?php } ?> </fieldset>- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td> </tr> <?php- }+ } /** * Generates radio inputs@@ -725,34 +740,34 @@ */ public static function generate_select_field( $field, $value ) { $show_option = isset( $field['show_option'] ) ? $field['show_option'] : '';- $class = $show_option ? $show_option : '';+ $class = $show_option ? $show_option : ''; ?> <tr valign="top" class="<?php echo esc_attr( $class ); ?>"> <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span> <?php } ?> </th> <td>- <select name="<?php echo esc_attr( $field["id"] ); ?>">+ <select name="<?php echo esc_attr( $field['id'] ); ?>"> <?php- foreach ( $field["options"] as $option ) {+ foreach ( $field['options'] as $option ) { ?>- <option <?php selected( $option["value"], $value ); ?> value="<?php echo esc_attr( $option["value"] ); ?>"><?php echo wp_kses_post( $option["label"] ); ?></option>+ <option <?php selected( $option['value'], $value ); ?> value="<?php echo esc_attr( $option['value'] ); ?>"><?php echo wp_kses_post( $option['label'] ); ?></option> <?php } ?> </select>- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td> </tr> <?php- }+ } /** * Generates category checkbox@@ -762,27 +777,27 @@ * @param mixed $value The current value of the setting */ public static function generate_category_field( $field, $value ) {- global $wpdb,$mlwQuizMasterNext;- $quiz_id = isset($_GET['quiz_id']) ? sanitize_text_field( wp_unslash( $_GET['quiz_id'] ) ) : 0;- $explode_cat = explode(',', $value);- $limit_category_checkbox = $mlwQuizMasterNext->pluginHelper->get_section_setting('quiz_options','limit_category_checkbox');- $question_per_category = $mlwQuizMasterNext->pluginHelper->get_section_setting('quiz_options','question_per_category');+ global $wpdb, $mlwQuizMasterNext;+ $quiz_id = isset( $_GET['quiz_id'] ) ? sanitize_text_field( wp_unslash( $_GET['quiz_id'] ) ) : 0;+ $explode_cat = explode( ',', $value );+ $limit_category_checkbox = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_options', 'limit_category_checkbox' );+ $question_per_category = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_options', 'question_per_category' ); ?>- <tr valign="top" <?php echo ! empty($limit_category_checkbox) || empty( $question_per_category ) ? 'style="display:none;"' : '';?> class="qsm-category-list-row">+ <tr valign="top" <?php echo ! empty( $limit_category_checkbox ) || empty( $question_per_category ) ? 'style="display:none;"' : ''; ?> class="qsm-category-list-row"> <th scope="row" class="qsm-opt-tr"> </th> <td>- <label for="qsm-option-<?php echo esc_attr( $field["id"] ); ?>"><strong><?php echo wp_kses_post( $field['label'] ); ?></strong></label>+ <label for="qsm-option-<?php echo esc_attr( $field['id'] ); ?>"><strong><?php echo wp_kses_post( $field['label'] ); ?></strong></label> <?php- $categories = QSM_Questions::get_quiz_categories( $quiz_id );- $categories_tree = (isset($categories['tree']) ? $categories['tree'] : array());- $questions = QSM_Questions::load_questions_by_pages( $quiz_id );- $cat_array = array();+ $categories = QSM_Questions::get_quiz_categories( $quiz_id );+ $categories_tree = ( isset( $categories['tree'] ) ? $categories['tree'] : array() );+ $questions = QSM_Questions::load_questions_by_pages( $quiz_id );+ $cat_array = array(); if ( $questions ) {- $multiple_category_system = false;+ $multiple_category_system = false; // check if multiple category is enabled.- $enabled = get_option( 'qsm_multiple_category_enabled' );+ $enabled = get_option( 'qsm_multiple_category_enabled' ); if ( $enabled && 'cancelled' !== $enabled ) { $multiple_category_system = true; }@@ -794,13 +809,15 @@ $cat_array = array_unique( $cat_array ); if ( $cat_array || $categories_tree ) { ?>- <select class="category_selection_random" multiple="" id="qsm-option-<?php echo esc_attr( $field["id"] ); ?>">+ <select class="category_selection_random" multiple="" id="qsm-option-<?php echo esc_attr( $field['id'] ); ?>"> <?php if ( $multiple_category_system ) {- echo QSM_Fields::get_category_hierarchical_options( $categories_tree, $explode_cat );+ echo self::get_category_hierarchical_options( $categories_tree, $explode_cat ); } else { foreach ( $cat_array as $single_cat ) {- ?><option <?php echo in_array( $single_cat, $explode_cat, true ) ? 'selected' : ''; ?> value="<?php echo esc_attr( $single_cat ); ?>"><?php echo wp_kses_post( $single_cat ); ?></option><?php+ ?>+ <option <?php echo in_array( $single_cat, $explode_cat, true ) ? 'selected' : ''; ?> value="<?php echo esc_attr( $single_cat ); ?>"><?php echo wp_kses_post( $single_cat ); ?></option>+ <?php } } ?>@@ -813,23 +830,23 @@ echo 'No catergory found.'; } ?>- <input type="hidden" class="catergory_comma_values" name="<?php echo esc_attr( $field["id"] ); ?>"+ <input type="hidden" class="catergory_comma_values" name="<?php echo esc_attr( $field['id'] ); ?>" value='<?php echo esc_attr( $value ); ?>'>- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td> </tr> <?php- }+ } - public static function get_category_hierarchical_options( $categories = array(), $selected = array(), $prefix = '' ) {+ public static function get_category_hierarchical_options( $categories = array(), $selected = array(), $prefix = '' ) { $options = '';- if ( ! empty($categories) ) {+ if ( ! empty( $categories ) ) { foreach ( $categories as $cat ) {- $options .= '<option value="' . $cat->term_id . '" ' . ( in_array( intval( $cat->term_id ), array_map( 'intval', $selected ) , true ) ? 'selected' : '' ) . '>' . $prefix . $cat->name . '</option>';- if ( ! empty($cat->children) ) {- $options .= QSM_Fields::get_category_hierarchical_options( $cat->children, $selected, $prefix . ' ' );+ $options .= '<option value="' . $cat->term_id . '" ' . ( in_array( intval( $cat->term_id ), array_map( 'intval', $selected ), true ) ? 'selected' : '' ) . '>' . $prefix . $cat->name . '</option>';+ if ( ! empty( $cat->children ) ) {+ $options .= self::get_category_hierarchical_options( $cat->children, $selected, $prefix . ' ' ); } } }@@ -838,7 +855,7 @@ /** * @since 7.0- * @param Array $field+ * @param Array $field * @param String $value * * Generate the hide show div@@ -847,15 +864,15 @@ ?> <tr valign="top"> <th scope="row" class="qsm-opt-tr">- <a href="javascript:void(0)" id="<?php echo esc_attr( $field["id"] ); ?>"><?php echo esc_attr( $field["label"] ); ?></a>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <a href="javascript:void(0)" id="<?php echo esc_attr( $field['id'] ); ?>"><?php echo esc_attr( $field['label'] ); ?></a>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span> <?php } ?> </th> <td>- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td>@@ -891,23 +908,23 @@ public static function generate_checkbox_field( $checkbox_field, $value ) { $show_option = isset( $checkbox_field['show_option'] ) ? $checkbox_field['show_option'] : ''; global $mlwQuizMasterNext;- $score_roundoff = $mlwQuizMasterNext->pluginHelper->get_section_setting('quiz_options',$checkbox_field["id"] );+ $score_roundoff = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_options', $checkbox_field['id'] ); // Handle randomness_order field with array values and backward compatibility- if ( 'randomness_order' == $checkbox_field["id"] ) {+ if ( 'randomness_order' == $checkbox_field['id'] ) { $selected_values = $mlwQuizMasterNext->pluginHelper->qsm_get_randomization_modes( $value ); }- - $class = "";++ $class = ''; if ( 'form_type_1' != $show_option ) { $class = $show_option ? $show_option . ' hidden qsm_hidden_tr qsm_hidden_tr_gradingsystem' : ''; }- $class .= isset( $checkbox_field['id'] ) ? ' '.$checkbox_field['id'] : '';+ $class .= isset( $checkbox_field['id'] ) ? ' ' . $checkbox_field['id'] : ''; ?> <tr class="<?php echo esc_attr( $class ); ?>"> <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $checkbox_field["id"] ); ?>"><?php echo wp_kses_post( $checkbox_field['label'] ); ?></label>- <?php if ( isset($checkbox_field['tooltip']) && '' !== $checkbox_field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $checkbox_field['id'] ); ?>"><?php echo wp_kses_post( $checkbox_field['label'] ); ?></label>+ <?php if ( isset( $checkbox_field['tooltip'] ) && '' !== $checkbox_field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $checkbox_field['tooltip'] ); ?></span> </span>@@ -915,34 +932,34 @@ </th> <td> <fieldset class="buttonset buttonset-hide" data-hide='1'>- <?php if ( isset($checkbox_field['ph_text']) && '' !== $checkbox_field['ph_text'] ) { ?>+ <?php if ( isset( $checkbox_field['ph_text'] ) && '' !== $checkbox_field['ph_text'] ) { ?> <span><?php echo wp_kses_post( $checkbox_field['ph_text'] ); ?></span> <?php } ?> <?php- foreach ( $checkbox_field["options"] as $option ) {+ foreach ( $checkbox_field['options'] as $option ) { // Determine if this option should be checked $is_checked = false;- if ( 'randomness_order' == $checkbox_field["id"] ) {+ if ( 'randomness_order' == $checkbox_field['id'] ) { // For randomness_order, check against string values (new format)- $is_checked = in_array( $option["value"], $selected_values );+ $is_checked = in_array( $option['value'], $selected_values, true ); } else {- $is_checked = ( $option["value"] == $score_roundoff );+ $is_checked = ( $option['value'] == $score_roundoff ); }- + // Set name attribute - only use array format for randomness_order- $name_attr = ( 'randomness_order' == $checkbox_field["id"] ) ? $checkbox_field["id"] . '[]' : $checkbox_field["id"];+ $name_attr = ( 'randomness_order' == $checkbox_field['id'] ) ? $checkbox_field['id'] . '[]' : $checkbox_field['id']; ?>- <label for="<?php echo esc_attr( $checkbox_field["id"] . '-' . $option["value"] ); ?>">- <input type="checkbox" id="<?php echo esc_attr( $checkbox_field["id"] . '-' . $option["value"] ); ?>"+ <label for="<?php echo esc_attr( $checkbox_field['id'] . '-' . $option['value'] ); ?>">+ <input type="checkbox" id="<?php echo esc_attr( $checkbox_field['id'] . '-' . $option['value'] ); ?>" name="<?php echo esc_attr( $name_attr ); ?>" <?php checked( $is_checked ); ?>- value="<?php echo esc_attr( $option["value"] ); ?>" />- <?php echo isset( $option["label"] ) ? wp_kses_post( $option["label"] ) : ""; ?>+ value="<?php echo esc_attr( $option['value'] ); ?>" />+ <?php echo isset( $option['label'] ) ? wp_kses_post( $option['label'] ) : ''; ?> </label>- <?php+ <?php } ?> </fieldset>- <?php if ( isset($checkbox_field['help']) && '' !== $checkbox_field['help'] ) { ?>+ <?php if ( isset( $checkbox_field['help'] ) && '' !== $checkbox_field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $checkbox_field['help'] ); ?></span> <?php } ?> </td>@@ -960,16 +977,16 @@ public static function generate_toggle_field( $field, $value ) { $show_option = isset( $field['show_option'] ) ? $field['show_option'] : ''; global $mlwQuizMasterNext;- $class = "";+ $class = ''; if ( 'form_type_1' != $show_option ) { $class = $show_option ? $show_option . ' hidden qsm_hidden_tr qsm_hidden_tr_gradingsystem' : ''; }- $class .= isset( $field['id'] ) ? ' '.$field['id'] : '';+ $class .= isset( $field['id'] ) ? ' ' . $field['id'] : ''; ?> <tr class="<?php echo esc_attr( $class ); ?>"> <th scope="row" class="qsm-opt-tr">- <label for="<?php echo esc_attr( $field["id"] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>- <?php if ( isset($field['tooltip']) && '' !== $field['tooltip'] ) { ?>+ <label for="<?php echo esc_attr( $field['id'] ); ?>"><?php echo wp_kses_post( $field['label'] ); ?></label>+ <?php if ( isset( $field['tooltip'] ) && '' !== $field['tooltip'] ) { ?> <span class="dashicons dashicons-editor-help qsm-tooltips-icon"> <span class="qsm-tooltips"><?php echo wp_kses_post( $field['tooltip'] ); ?></span> </span>@@ -977,24 +994,24 @@ </th> <td> <fieldset class="buttonset buttonset-hide" data-hide='1'>- <?php if ( isset($field['ph_text']) && '' !== $field['ph_text'] ) { ?>+ <?php if ( isset( $field['ph_text'] ) && '' !== $field['ph_text'] ) { ?> <span><?php echo wp_kses_post( $field['ph_text'] ); ?></span> <?php } ?> <?php- foreach ( $field["options"] as $option ) {+ foreach ( $field['options'] as $option ) { ?>- <label for="<?php echo esc_attr( $field["id"] . '-' . $option["value"] ); ?>" class="qsm-create-quiz-switch-label">- <input type="checkbox" id="<?php echo esc_attr( $field["id"] . '-' . $option["value"] ); ?>"- name="<?php echo esc_attr( $field["id"] ); ?>" <?php checked( $value, 1 ); ?>- value="<?php echo esc_attr( $option["value"] ); ?>" />+ <label for="<?php echo esc_attr( $field['id'] . '-' . $option['value'] ); ?>" class="qsm-create-quiz-switch-label">+ <input type="checkbox" id="<?php echo esc_attr( $field['id'] . '-' . $option['value'] ); ?>"+ name="<?php echo esc_attr( $field['id'] ); ?>" <?php checked( $value, 1 ); ?>+ value="<?php echo esc_attr( $option['value'] ); ?>" /> <span class="qsm-create-quiz-slider"></span>- <?php echo isset( $option["label"] ) ? wp_kses_post( $option["label"] ) : ""; ?>+ <?php echo isset( $option['label'] ) ? wp_kses_post( $option['label'] ) : ''; ?> </label>- <?php+ <?php } ?> </fieldset>- <?php if ( isset($field['help']) && '' !== $field['help'] ) { ?>+ <?php if ( isset( $field['help'] ) && '' !== $field['help'] ) { ?> <span class="qsm-opt-desc"><?php echo wp_kses_post( $field['help'] ); ?></span> <?php } ?> </td>@@ -1010,36 +1027,40 @@ * @param mixed $value The current value of the setting */ public static function generate_selectinput_field( $field, $value ) {- global $wpdb,$mlwQuizMasterNext;+ global $wpdb, $mlwQuizMasterNext; $show_option = isset( $field['show_option'] ) ? $field['show_option'] : ''; - $value = ! empty($value) ? maybe_unserialize($value) : array(- "category_select_key" => array(),- "question_limit_category" => array(),- ) ;- $quiz_id = isset($_GET['quiz_id']) ? sanitize_text_field( wp_unslash( $_GET['quiz_id'] ) ) : 0;- $limit_category_checkbox = $mlwQuizMasterNext->pluginHelper->get_section_setting('quiz_options','limit_category_checkbox');+ $value = ! empty( $value ) ? maybe_unserialize( $value ) : array(
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - php/classes/class-qsm-fields.php - Lines 47-49
[Old Code]
```
foreach ( $_POST[ $field["id"] ] as $checkbox_value ) {
$sanitized_array[] = sanitize_text_field( wp_unslash( $checkbox_value ) );
}
```
[Fixed Code]
```
$form_settings_array = qsm_sanitize_rec_array( wp_unslash( $_POST[ $field['id'] ] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
foreach ( $form_settings_array as $checkbox_value ) {
// Sanitized each fields in loop
$sanitized_array[] = sanitize_text_field( wp_unslash( $checkbox_value ) );
}
```
Explanation:
The old code directly iterates over unsanitized POST data. While it calls `sanitize_text_field()` and `wp_unslash()` on individual items in the loop, the array itself (`$_POST[ $field["id"] ]`) was accessed without first validating its structure. The fix uses `qsm_sanitize_rec_array()` to recursively sanitize the entire array before iteration, providing better protection against malicious array structures.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - php/classes/class-qsm-fields.php - Line 67
[Old Code]
```
$sanitized_value = intval( $_POST[ $field["id"] ] );
```
[Fixed Code]
```
$sanitized_value = intval( wp_unslash( $_POST[ $field['id'] ] ) );
```
Explanation:
The old code calls `intval()` directly on unsanitized POST data. While `intval()` provides some protection by type-casting to integer, the fix adds `wp_unslash()` to properly handle escaped input before conversion, following WordPress security best practices and ensuring complete sanitization of user input.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - php/classes/class-qsm-fields.php - Lines 359-360
[Old Code]
```
$method = "generate_{$field["type"]}_field";
QSM_Fields::$method( $field, $value );
```
[Fixed Code]
```
$method = "generate_{$field['type']}_field";
self::$method( $field, $value );
```
Explanation:
While this change appears to be primarily a coding standard improvement (using single quotes and `self::` instead of class name), it represents a security hardening. Using `self::` instead of explicit class name reference is more secure against namespace confusion attacks and class hijacking. Additionally, using array access with proper key quoting (`$field['type']` vs `$field["type"]`) is more consistent with security-conscious coding patterns.
---
Vulnerability Existed: not sure
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - php/classes/class-qsm-fields.php - Line 144
[Old Code]
```
<?php wp_nonce_field( 'save_settings','save_settings_nonce' );
```
[Fixed Code]
```
<?php
wp_nonce_field( 'save_settings', 'save_settings_nonce' );
```
Explanation:
This is primarily a formatting change. The code itself uses `wp_nonce_field()` which is WordPress security function that properly escapes output. However, the fix improves code formatting and readability which can reduce the likelihood of security oversights in future maintenance.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qsm-install.php 2026-01-08 00:36:12.893988410 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qsm-install.php 2026-01-08 00:38:09.997090128 +0000@@ -1429,7 +1429,6 @@ 'option_tab' => 'text-legacy', ); $mlwQuizMasterNext->pluginHelper->register_quiz_setting( $field_array, 'quiz_text' );- } /**@@ -2175,7 +2174,6 @@ } return (array) $links; }- } $qsm_install = new QSM_Install();
I'll analyze the provided code diff for security vulnerabilities. ``` Vulnerability Existed: no No CWE Identified - File: php/classes/class-qsm-install.php Old Code: Line 1432: [blank line] Line 2178: [blank line] Fixed Code: [blank lines removed] Explanation: This diff contains only whitespace changes (removal of blank lines at the end of functions/class). There are no security vulnerabilities introduced or fixed in this change. The modifications are purely stylistic/formatting improvements with no impact on code execution, data handling, or security posture. ```
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qsm-migrate.php 2026-01-08 00:36:12.893988410 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qsm-migrate.php 2026-01-08 00:38:10.001090371 +0000@@ -181,5 +181,4 @@ } update_option( 'fix_deleted_quiz_posts', 1 ); }- }
Vulnerability Existed: no No CWE Applicable - N/A - php/classes/class-qsm-migrate.php - Line 184 Old Code: ``` } } ``` Fixed Code: ``` } } ``` Explanation: This change removes trailing whitespace at the end of the file (an empty line before the final closing brace). This is a code style/formatting change, not a security fix. There is no vulnerability being addressed here—the modification only affects code formatting and has no impact on security, functionality, or behavior.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qsm-questions.php 2026-01-08 00:36:12.893988410 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qsm-questions.php 2026-01-08 00:38:10.001090371 +0000@@ -21,43 +21,41 @@ * @param int $question_id The ID of the question. * @return array The data for the question. */- public static function load_question($question_id)- {+ public static function load_question( $question_id ) { global $wpdb; $question_id = intval($question_id); $question = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id = %d LIMIT 1", $question_id), 'ARRAY_A');- if (! is_null($question)) {- $multicategories = [];+ if ( ! is_null($question) ) {+ $multicategories = array(); $multicategories_res = $wpdb->get_results("SELECT `term_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `question_id`='{$question['question_id']}' AND `taxonomy`='qsm_category'", ARRAY_A);- if (! empty($multicategories_res)) {- foreach ($multicategories_res as $cat) {+ if ( ! empty($multicategories_res) ) {+ foreach ( $multicategories_res as $cat ) { $multicategories[] = $cat['term_id']; } } $question['multicategories'] = $multicategories; // Prepare answers. $answers = maybe_unserialize($question['answer_array']);- if (! is_array($answers)) {- $answers = [];+ if ( ! is_array($answers) ) {+ $answers = array(); } $question['answers'] = $answers; $settings = maybe_unserialize($question['question_settings']);- if (! is_array($settings)) {- $settings = [ 'required' => 1 ];+ if ( ! is_array($settings) ) {+ $settings = array( 'required' => 1 ); } $question['settings'] = $settings; return apply_filters('qsm_load_question', $question, $question_id); }- return [];+ return array(); } /** * */- public static function load_question_data($question_id, $question_data)- {+ public static function load_question_data( $question_id, $question_data ) { global $wpdb; return $wpdb->get_var("SELECT {$question_data} FROM {$wpdb->prefix}mlw_questions WHERE question_id = {$question_id} LIMIT 1"); }@@ -69,25 +67,24 @@ * @param int $quiz_id The ID of the quiz. * @return array The array of questions. */- public static function load_questions_by_pages($quiz_id, $caller = '')- {+ public static function load_questions_by_pages( $quiz_id, $caller = '' ) { // Prepares our variables. global $wpdb; global $mlwQuizMasterNext; $quiz_id = intval($quiz_id);- $question_ids = [];- $questions = [];- $page_for_ids = [];+ $question_ids = array();+ $questions = array();+ $page_for_ids = array(); // Gets the pages for the quiz. $mlwQuizMasterNext->pluginHelper->prepare_quiz($quiz_id);- $pages = $mlwQuizMasterNext->pluginHelper->get_quiz_setting('pages', [], $caller);+ $pages = $mlwQuizMasterNext->pluginHelper->get_quiz_setting('pages', array(), $caller); // Get all question IDs needed.- if (! empty($pages)) {+ if ( ! empty($pages) ) { $total_pages = count($pages);- for ($i = 0; $i < $total_pages; $i++) {- foreach ($pages[ $i ] as $question) {+ for ( $i = 0; $i < $total_pages; $i++ ) {+ foreach ( $pages[ $i ] as $question ) { $question_id = intval($question); $question_ids[] = $question_id; $page_for_ids[ $question_id ] = $i;@@ -96,28 +93,28 @@ } // If we have any question IDs, get the questions.- if (count($question_ids) > 0) {+ if ( count($question_ids) > 0 ) { $question_sql = implode(', ', $question_ids); // Get all questions. $question_array = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id IN (%1s)", $question_sql), 'ARRAY_A'); // Loop through questions and prepare serialized data.- foreach ($question_array as $question) {+ foreach ( $question_array as $question ) { $multicategories = self::get_question_categories($question['question_id']); // get_question_categories - $question['multicategories'] = isset($multicategories['category_tree']) && ! empty($multicategories['category_tree']) ? array_keys($multicategories['category_name']) : [];- $question['multicategoriesobject'] = isset($multicategories['category_tree']) && ! empty($multicategories['category_tree']) ? $multicategories['category_tree'] : [];+ $question['multicategories'] = isset($multicategories['category_tree']) && ! empty($multicategories['category_tree']) ? array_keys($multicategories['category_name']) : array();+ $question['multicategoriesobject'] = isset($multicategories['category_tree']) && ! empty($multicategories['category_tree']) ? $multicategories['category_tree'] : array(); // Prepares settings. $settings = maybe_unserialize($question['question_settings']);- if (! is_array($settings)) {- $settings = [ 'required' => 1 ];+ if ( ! is_array($settings) ) {+ $settings = array( 'required' => 1 ); } $question['settings'] = $settings; // Prepare answers. $answers = maybe_unserialize($question['answer_array']);- if (! is_array($answers)) {- $answers = [];+ if ( ! is_array($answers) ) {+ $answers = array(); } $question['answers'] = self::sanitize_answers($answers, $settings); // Get the page.@@ -129,7 +126,7 @@ } else { // If we do not have pages on this quiz yet, use older load_questions and add page to them. $questions = self::load_questions($quiz_id, $caller);- foreach ($questions as $key => $question) {+ foreach ( $questions as $key => $question ) { $questions[ $key ]['page'] = isset($question['page']) ? $question['page'] : 0; } }@@ -143,14 +140,13 @@ * @param int $quiz_id The ID of the quiz. * @return array The array of questions. */- public static function load_questions($quiz_id, $caller = '')- {+ public static function load_questions( $quiz_id, $caller = '' ) { global $wpdb;- $question_array = [];+ $question_array = array(); // Get all questions.- if (0 !== $quiz_id) {+ if ( 0 !== $quiz_id ) { $quiz_id = intval($quiz_id); $questions = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}mlw_questions WHERE quiz_id=%d AND deleted='0' ORDER BY question_order ASC", $quiz_id), 'ARRAY_A'); } else {@@ -158,25 +154,25 @@ } // Loop through questions and prepare serialized data.- foreach ($questions as $question) {- $multicategories = [];+ foreach ( $questions as $question ) {+ $multicategories = array(); $multicategories_res = $wpdb->get_results("SELECT `term_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `question_id`='{$question['question_id']}' AND `taxonomy`='qsm_category'", ARRAY_A);- if (! empty($multicategories_res)) {- foreach ($multicategories_res as $cat) {+ if ( ! empty($multicategories_res) ) {+ foreach ( $multicategories_res as $cat ) { $multicategories[] = $cat['term_id']; } } $question['multicategories'] = $multicategories; // Prepare answers. $answers = maybe_unserialize($question['answer_array']);- if (! is_array($answers)) {- $answers = [];+ if ( ! is_array($answers) ) {+ $answers = array(); } $question['answers'] = $answers; $settings = maybe_unserialize($question['question_settings']);- if (! is_array($settings)) {- $settings = [ 'required' => 1 ];+ if ( ! is_array($settings) ) {+ $settings = array( 'required' => 1 ); } $question['settings'] = $settings; @@ -184,7 +180,7 @@ } $question_array = ! empty($caller) ? $question_array : array_filter( $question_array,- function ($question) {+ function ( $question ) { return ! isset($question['settings']['isPublished']) || 0 !== intval($question['settings']['isPublished']); } );@@ -201,8 +197,7 @@ * @throws Exception Throws exception if wpdb query results in error. * @return int The ID of the question that was created. */- public static function create_question($data, $answers = [], $settings = [])- {+ public static function create_question( $data, $answers = array(), $settings = array() ) { return self::create_save_question($data, $answers, $settings); } @@ -217,8 +212,7 @@ * @throws Exception Throws exception if wpdb query results in error. * @return int The ID of the question that was saved. */- public static function save_question($question_id, $data, $answers = [], $settings = [])- {+ public static function save_question( $question_id, $data, $answers = array(), $settings = array() ) { $data['ID'] = intval($question_id); return self::create_save_question($data, $answers, $settings, false); }@@ -231,23 +225,22 @@ * @throws Exception Throws exception if wpdb query results in error. * @return bool True if successful */- public static function delete_question($question_id)- {+ public static function delete_question( $question_id ) { global $wpdb; $results = $wpdb->update( $wpdb->prefix . 'mlw_questions',- [+ array( 'deleted' => 1,- ],- [ 'question_id' => intval($question_id) ],- [+ ),+ array( 'question_id' => intval($question_id) ),+ array( '%d',- ],- [ '%d' ]+ ),+ array( '%d' ) ); - if (false === $results) {+ if ( false === $results ) { $msg = $wpdb->last_error . ' from ' . $wpdb->last_query; $mlwQuizMasterNext->log_manager->add('Error when deleting question', $msg, 0, 'error'); throw new Exception(esc_html($msg));@@ -269,12 +262,11 @@ * @throws Exception Throws exception if wpdb query results in error. * @return int The ID of the question that was created/saved. */- private static function create_save_question($data, $answers, $settings, $is_creating = true)- {+ private static function create_save_question( $data, $answers, $settings, $is_creating = true ) { global $wpdb, $mlwQuizMasterNext; // Prepare defaults and parse.- $defaults = [+ $defaults = array( 'quiz_id' => 0, 'type' => '0', 'name' => '',@@ -285,22 +277,22 @@ 'category' => '', 'multicategories' => '', 'linked_question' => '',- ];+ ); $data = wp_parse_args($data, $defaults); - $defaults = [+ $defaults = array( 'required' => 1,- ];+ ); $settings = wp_parse_args($settings, $defaults); $sanitize_answers = self::sanitize_answers($answers, $settings);- foreach ($sanitize_answers as $key => $answer) {- $answers_array = [+ foreach ( $sanitize_answers as $key => $answer ) {+ $answers_array = array( isset($answer[0]) ? htmlspecialchars($answer[0], ENT_QUOTES) : '', isset($answer[1]) ? floatval($answer[1]) : 0, isset($answer[2]) ? intval($answer[2]) : 0,- ];- if (isset($answer[3])) {+ );+ if ( isset($answer[3]) ) { array_push($answers_array, htmlspecialchars($answer[3], ENT_QUOTES)); } $sanitize_answers[ $key ] = $answers_array;@@ -309,27 +301,27 @@ $question_name = htmlspecialchars($mlwQuizMasterNext->sanitize_html($data['name']), ENT_QUOTES); $trim_question_description = apply_filters('qsm_trim_question_description', true);- if ($trim_question_description) {+ if ( $trim_question_description ) { $question_name = trim(preg_replace('/\s+/', ' ', $question_name)); } $linked_question = sanitize_text_field($data['linked_question']);- $linked_questions_array = [];+ $linked_questions_array = array(); - if (( $is_creating && isset($data['is_linking']) && 1 <= $data['is_linking'] ) || ! $is_creating) {+ if ( ( $is_creating && isset($data['is_linking']) && 1 <= $data['is_linking'] ) || ! $is_creating ) { // Convert the existing linked_question into an array $linked_questions_array = array_filter(array_map('trim', explode(',', $linked_question))); // Add the new value if it's not already in the array- if (isset($data['is_linking']) && ! in_array($data['is_linking'], $linked_questions_array, true)) {+ if ( isset($data['is_linking']) && ! in_array($data['is_linking'], $linked_questions_array, true) ) { $linked_questions_array[] = $data['is_linking']; } $linked_questions_array = array_filter($linked_questions_array); // Join back into a comma-separated string $linked_question = implode(',', $linked_questions_array);- } elseif (isset($data['is_linking']) && 0 == $data['is_linking']) {+ } elseif ( isset($data['is_linking']) && 0 == $data['is_linking'] ) { $linked_question = ''; } - $values = [+ $values = array( 'quiz_id' => intval($data['quiz_id']), 'question_name' => $question_name, 'answer_array' => maybe_serialize($answers),@@ -342,10 +334,10 @@ 'category' => sanitize_text_field($data['category']), 'linked_question' => $linked_question, 'deleted' => 0,- ];+ ); $values = apply_filters('qsm_save_question_data', $values); - $types = [+ $types = array( '%d', '%s', '%s',@@ -358,9 +350,9 @@ '%s', '%s', '%d',- ];+ ); - if ($is_creating) {+ if ( $is_creating ) { $results = $wpdb->insert( $wpdb->prefix . 'mlw_questions', $values,@@ -372,42 +364,42 @@ $results = $wpdb->update( $wpdb->prefix . 'mlw_questions', $values,- [ 'question_id' => $question_id ],+ array( 'question_id' => $question_id ), $types,- [ '%d' ]+ array( '%d' ) ); } - if (false === $results) {+ if ( false === $results ) { $msg = $wpdb->last_error . ' from ' . $wpdb->last_query; $mlwQuizMasterNext->log_manager->add('Error when creating/saving question', $msg, 0, 'error'); throw new Exception(esc_html($msg)); } $base_question_id = $question_id;- $quiz_questions_array = [];+ $quiz_questions_array = array(); $quiz_questions_array[ intval($data['quiz_id']) ] = $question_id; $linked_questions_array[] = $question_id;- if (isset($linked_question) && "" != $linked_question) {+ if ( isset($linked_question) && "" != $linked_question ) { // preparing array for quiz question id $imploded_question_ids = implode(',', array_unique($linked_questions_array));- if (! empty($linked_questions_array)) {+ if ( ! empty($linked_questions_array) ) { $quiz_results = $wpdb->get_results("SELECT `quiz_id`, `question_id` FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" . $imploded_question_ids . ")");- foreach ($quiz_results as $key => $value) {+ foreach ( $quiz_results as $key => $value ) { $quiz_questions_array[ $value->quiz_id ] = $value->question_id; } } $values['linked_question'] = $imploded_question_ids; } $question_terms_table = $wpdb->prefix . 'mlw_question_terms';- foreach ($quiz_questions_array as $quiz_id => $question_id_loop) {+ foreach ( $quiz_questions_array as $quiz_id => $question_id_loop ) { $values['quiz_id'] = intval($quiz_id); $wpdb->update( $wpdb->prefix . 'mlw_questions', $values,- [ 'question_id' => intval($question_id_loop) ],+ array( 'question_id' => intval($question_id_loop) ), $types,- [ '%d' ]+ array( '%d' ) ); /**@@ -416,22 +408,22 @@ $wpdb->delete( $question_terms_table,- [+ array( 'question_id' => $question_id_loop, 'taxonomy' => 'qsm_category',- ]+ ) );- if (! empty($data['multicategories'])) {- foreach ($data['multicategories'] as $term_id) {- $term_rel_data = [+ if ( ! empty($data['multicategories']) ) {+ foreach ( $data['multicategories'] as $term_id ) {+ $term_rel_data = array( 'question_id' => $question_id_loop, 'quiz_id' => intval($quiz_id), 'term_id' => $term_id, 'taxonomy' => 'qsm_category',- ];+ ); // Check if the data already exists in the table $data_exists = $wpdb->get_row($wpdb->prepare("SELECT * FROM $question_terms_table WHERE question_id = %s AND quiz_id = %s AND term_id = %s AND taxonomy = %s", $question_id_loop, intval($quiz_id), $term_id, 'qsm_category'));- if (! $data_exists) {+ if ( ! $data_exists ) { $wpdb->insert($question_terms_table, $term_rel_data); } }@@ -441,7 +433,7 @@ * Hook after saving question */ - if ($is_creating && $base_question_id == $question_id_loop) {+ if ( $is_creating && $base_question_id == $question_id_loop ) { do_action('qsm_question_added', $question_id_loop, $values); } else { do_action('qsm_question_updated', $question_id_loop, $values);@@ -460,12 +452,11 @@ * @param array $answers The answers for the question. * @return array sanitized $answers The answers for the question. */- public static function sanitize_answers($answers, $settings)- {+ public static function sanitize_answers( $answers, $settings ) { global $mlwQuizMasterNext;- foreach ($answers as $key => $answer) {- if (isset($answer[0])) {- if (isset($settings['answerEditor']) && 'rich' == $settings['answerEditor']) {+ foreach ( $answers as $key => $answer ) {+ if ( isset($answer[0]) ) {+ if ( isset($settings['answerEditor']) && 'rich' == $settings['answerEditor'] ) { $answer[0] = $mlwQuizMasterNext->sanitize_html($answer[0]); } else { $answer[0] = $mlwQuizMasterNext->sanitize_html($answer[0], false);@@ -484,19 +475,18 @@ * @param int $quiz_id The ID of the quiz. * @return array The array of categories. */- public static function get_quiz_categories($quiz_id = 0)- {+ public static function get_quiz_categories( $quiz_id = 0 ) { global $wpdb;- $categories = [];- if (0 !== $quiz_id) {+ $categories = array();+ if ( 0 !== $quiz_id ) { $questions = self::load_questions_by_pages($quiz_id); $question_ids = array_column($questions, 'question_id'); $question_ids = implode(',', $question_ids); $question_terms = $wpdb->get_results("SELECT `term_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `question_id` IN ({$question_ids}) AND `taxonomy`='qsm_category'", ARRAY_A);- $term_ids = ! empty($question_terms) ? array_unique(array_column($question_terms, 'term_id')) : [];+ $term_ids = ! empty($question_terms) ? array_unique(array_column($question_terms, 'term_id')) : array(); $cat_array = self::get_question_categories_from_quiz_id($quiz_id); $enabled = get_option('qsm_multiple_category_enabled');- if ($enabled && 'cancelled' !== $enabled && ! empty($cat_array)) {+ if ( $enabled && 'cancelled' !== $enabled && ! empty($cat_array) ) { $term_ids = array_unique(array_merge($term_ids, $cat_array)); } @@ -512,13 +502,12 @@ * @param int $quiz_id The ID of the quiz. * @return array The array of categories. */- public static function get_question_categories_from_quiz_id($quiz_id)- {- $cat_array = [];+ public static function get_question_categories_from_quiz_id( $quiz_id ) {+ $cat_array = array(); $questions = self::load_questions_by_pages($quiz_id);- foreach ($questions as $single_question) {- if (isset($single_question['multicategories']) && is_array($single_question['multicategories'])) {- foreach ($single_question['multicategories'] as $cat_id) {+ foreach ( $questions as $single_question ) {+ if ( isset($single_question['multicategories']) && is_array($single_question['multicategories']) ) {+ foreach ( $single_question['multicategories'] as $cat_id ) { $cat_array[] = $cat_id; } }@@ -533,32 +522,31 @@ * @param int $term_ids Term IDs of the quiz. * @return array The array of categories. */- public static function get_question_categories_from_term_ids($term_ids)- {- $categories = [];- if (! empty($term_ids)) {- $categories_names = [];- $categories_tree = [];+ public static function get_question_categories_from_term_ids( $term_ids ) {+ $categories = array();+ if ( ! empty($term_ids) ) {+ $categories_names = array();+ $categories_tree = array(); $terms = get_terms(- [+ array( 'taxonomy' => 'qsm_category', 'include' => $term_ids, 'hide_empty' => false, 'orderby' => '', 'order' => '',- ]+ ) );- if (! empty($terms)) {- foreach ($terms as $tax) {+ if ( ! empty($terms) ) {+ foreach ( $terms as $tax ) { $categories_names[ $tax->term_id ] = $tax->name; $taxs[ $tax->parent ][] = $tax; } $categories_tree = self::create_terms_tree($taxs, isset($taxs[0]) ? $taxs[0] : reset($taxs)); }- $categories = [+ $categories = array( 'list' => $categories_names, 'tree' => $categories_tree,- ];+ ); } return $categories; }@@ -570,27 +558,26 @@ * @param int $quiz_id The ID of the quiz. * @return array The array of categories. */- public static function get_question_categories($question_id = 0)- {+ public static function get_question_categories( $question_id = 0 ) { global $wpdb;- $categories_tree = [];- $categories_names = [];- if (0 !== $question_id) {+ $categories_tree = array();+ $categories_names = array();+ if ( 0 !== $question_id ) { $question_terms = $wpdb->get_results("SELECT `term_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `question_id`='{$question_id}' AND `taxonomy`='qsm_category'", ARRAY_A);- if (! empty($question_terms)) {+ if ( ! empty($question_terms) ) { $term_ids = array_unique(array_column($question_terms, 'term_id'));- if (! empty($term_ids)) {+ if ( ! empty($term_ids) ) { $terms = get_terms(- [+ array( 'taxonomy' => 'qsm_category', 'include' => array_unique($term_ids), 'hide_empty' => false, 'orderby' => '', 'order' => '',- ]+ ) );- if (! empty($terms)) {- foreach ($terms as $tax) {+ if ( ! empty($terms) ) {+ foreach ( $terms as $tax ) { $categories_names[ $tax->term_id ] = $tax->name; $taxs[ $tax->parent ][] = $tax; }@@ -599,22 +586,21 @@ } } }- return [+ return array( 'category_name' => $categories_names, 'category_tree' => $categories_tree,- ];+ ); } /** * Create tree structure of terms. * * @since 7.2.1 */- public static function create_terms_tree(&$list, $parent)- {- $taxTree = [];- if (is_array($parent)) {- foreach ($parent as $ind => $val) {- if (isset($list[ $val->term_id ])) {+ public static function create_terms_tree( &$list, $parent ) {+ $taxTree = array();+ if ( is_array($parent) ) {+ foreach ( $parent as $ind => $val ) {+ if ( isset($list[ $val->term_id ]) ) { $val->children = self::create_terms_tree($list, $list[ $val->term_id ]); } $taxTree[] = $val;
Let me analyze the provided diff carefully.
## Security Analysis of Code Diff
Based on my review of the diff for `php/classes/class-qsm-questions.php` between versions 10.3.1 and 10.3.2, here is my security assessment:
---
### Vulnerability 1: SQL Injection - Unescaped User Input
**Vulnerability Existed:** yes
**SQL Injection - CWE-89 - php/classes/class-qsm-questions.php - Line 62 (old)**
**Old Code:**
```php
$multicategories_res = $wpdb->get_results("SELECT `term_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `question_id`='{$question['question_id']}' AND `taxonomy`='qsm_category'", ARRAY_A);
```
**Fixed Code:**
```php
[No change in this line - vulnerability still exists in the new version]
```
**Explanation:**
The diff does not address a critical SQL injection vulnerability. The query contains `{$question['question_id']}` directly in the SQL string without proper escaping. While `$question['question_id']` comes from `wpdb->get_row()` which uses prepared statements, the subsequent queries on lines 62, 161, and 568 still directly interpolate `$question['question_id']` into SQL strings without using `$wpdb->prepare()`. This is a SQL injection vulnerability that persists across both versions shown in the diff.
---
### Vulnerability 2: SQL Injection - Direct String Interpolation
**Vulnerability Existed:** yes
**SQL Injection - CWE-89 - php/classes/class-qsm-questions.php - Line 99 (old), Line 101 (new)**
**Old Code:**
```php
$question_sql = implode(', ', $question_ids);
$question_array = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id IN (%1s)", $question_sql), 'ARRAY_A');
```
**Fixed Code:**
```php
$question_sql = implode(', ', $question_ids);
$question_array = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}mlw_questions WHERE question_id IN (%1s)", $question_sql), 'ARRAY_A');
```
**Explanation:**
This is not vulnerable because `$question_ids` is constructed from `intval()` calls only (line 86: `$question_id = intval($question);`), which ensures only integer values are present. The `%1s` placeholder handles the prepared statement correctly. No vulnerability exists here.
---
### Vulnerability 3: Code Style/Standards Changes
**Vulnerability Existed:** no
**No Vulnerability - Code Formatting - php/classes/class-qsm-questions.php - Lines 24-603**
**Old Code:**
```php
[] (square bracket array syntax)
if (! condition) (space before parenthesis style)
public static function load_question($question_id) {
```
**Fixed Code:**
```php
array() (array() function syntax)
if ( ! condition ) (WordPress coding standards style)
public static function load_question( $question_id ) {
```
**Explanation:**
The primary changes in this diff are formatting and code style updates to conform to WordPress coding standards. These include: replacing short array syntax `[]` with `array()`, adjusting spacing around conditional statements and function parameters, and reformatting opening braces. These are non-security changes related to code style compliance.
---
## Summary
The diff contains **no security fixes**. The changes are primarily code style and formatting updates to align with WordPress coding standards. The persistent SQL injection vulnerability in lines 62, 161, and 568 (unescaped `$question['question_id']` in SQL queries) is not addressed in this version bump.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qsm-quiz-api.php 2026-01-08 00:36:12.893988410 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qsm-quiz-api.php 2026-01-08 00:38:10.005090613 +0000@@ -87,8 +87,7 @@ $qsm_api_settings = (array) get_option( 'qmn-settings' ); if ( ($api_key && "" != $api_key) && (isset($qsm_api_settings['api_key']) && ("" != $qsm_api_settings['api_key'] && $api_key == $qsm_api_settings['api_key'])) && (isset($qsm_api_settings[ $type ]) && "1" == $qsm_api_settings[ $type ]) ) { $response['success'] = true;- } else {- if ( ! isset($qsm_api_settings['api_key']) || "" == $qsm_api_settings['api_key'] ) {+ } elseif ( ! isset($qsm_api_settings['api_key']) || "" == $qsm_api_settings['api_key'] ) { $response['message'] = __('The API key is not configured.', 'quiz-master-next'); } elseif ( ! $api_key ) { $response['message'] = __('Please provide an API key.', 'quiz-master-next');@@ -96,7 +95,6 @@ $response['message'] = __('The provided API key is invalid. Please verify and try again.', 'quiz-master-next'); } elseif ( ! isset($qsm_api_settings[ $type ]) || "" == $qsm_api_settings[ $type ] ) { $response['message'] = __('Admin does not allow process your request, please contact administrator.', 'quiz-master-next');- } } return $response;@@ -166,7 +164,7 @@ $results = $wpdb->get_results($query .= " ORDER BY result_id {$order} LIMIT {$limit}"); if ( $results ) {- $data = [];+ $data = array(); foreach ( $results as $key => $value ) { $value->quiz_results = maybe_unserialize($value->quiz_results); $data[] = $value;@@ -245,7 +243,7 @@ $results = $wpdb->get_results($query .= " LIMIT {$limit}"); if ( $results ) { - $data = [];+ $data = array(); foreach ( $results as $key => $value ) { $formated_array = $this->qsm_convert_to_api_format($value); $data[] = $formated_array;@@ -284,7 +282,7 @@ public function qsm_convert_to_api_format( $inputObject ) { - $apiFormat = [];+ $apiFormat = array(); foreach ( $inputObject as $key => $value ) { if ( 'message_after' === $key || 'user_email_template' === $key || 'quiz_settings' === $key ) {@@ -356,7 +354,7 @@ ); } } else {- $data = [];+ $data = array(); global $wpdb; $question_name = $request->get_param('question_name' ); $quiz_id = $request->get_param('quizId' );@@ -517,5 +515,4 @@ return rest_ensure_response($response); }- }
I'll analyze this code diff for security vulnerabilities following the specified format.
```
Vulnerability Existed: no
CWE Name: CWE-311 (Missing Encryption of Sensitive Data)
File: php/classes/class-qsm-quiz-api.php
Lines: 87-103
Old Code:
} else {
if ( ! isset($qsm_api_settings['api_key']) || "" == $qsm_api_settings['api_key'] ) {
$response['message'] = __('The API key is not configured.', 'quiz-master-next');
} elseif ( ! $api_key ) {
$response['message'] = __('Please provide an API key.', 'quiz-master-next');
} elseif ( $api_key != $qsm_api_settings['api_key'] ) {
$response['message'] = __('The provided API key is invalid. Please verify and try again.', 'quiz-master-next');
} elseif ( ! isset($qsm_api_settings[ $type ]) || "" == $qsm_api_settings[ $type ] ) {
$response['message'] = __('Admin does not allow process your request, please contact administrator.', 'quiz-master-next');
}
}
Fixed Code:
} elseif ( ! isset($qsm_api_settings['api_key']) || "" == $qsm_api_settings['api_key'] ) {
$response['message'] = __('The API key is not configured.', 'quiz-master-next');
} elseif ( ! $api_key ) {
$response['message'] = __('Please provide an API key.', 'quiz-master-next');
} elseif ( $api_key != $qsm_api_settings['api_key'] ) {
$response['message'] = __('The provided API key is invalid. Please verify and try again.', 'quiz-master-next');
} elseif ( ! isset($qsm_api_settings[ $type ]) || "" == $qsm_api_settings[ $type ] ) {
$response['message'] = __('Admin does not allow process your request, please contact administrator.', 'quiz-master-next');
}
Explanation:
This change refactors the control flow by converting nested if-else statements into a single elseif chain. This is a code style/structure improvement but does not address any security vulnerability. The logic remains identical - the code still compares API keys using loose equality (==) instead of strict comparison (===), but this pre-existed and is not introduced by this diff. The refactoring actually improves code clarity and maintainability.
```
---
```
Vulnerability Existed: no
CWE Name: N/A
File: php/classes/class-qsm-quiz-api.php
Lines: 169, 248, 285, 359
Old Code (Multiple instances):
$data = [];
$apiFormat = [];
Fixed Code:
$data = array();
$apiFormat = array();
Explanation:
These changes convert short array syntax [] to the older array() syntax. This is purely a code style change to maintain consistency with older PHP coding standards. There is no security vulnerability here - both syntaxes are functionally equivalent and equally secure. This appears to be a code standardization effort.
```
---
```
Vulnerability Existed: no
CWE Name: N/A
File: php/classes/class-qsm-quiz-api.php
Line: 518
Old Code:
}
[blank line]
}
Fixed Code:
}
}
Explanation:
This removes trailing whitespace at the end of the file. This is a formatting/cleanup change with no security implications.
```
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qsm-settings.php 2026-01-08 00:36:12.897988652 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qsm-settings.php 2026-01-08 00:38:10.009090857 +0000@@ -277,7 +277,6 @@ } return true; }- } /**@@ -444,7 +443,6 @@ } } $this->settings = $settings_array;- } /**
Vulnerability Existed: no [No Vulnerability Detected] Explanation: The diff shows only whitespace changes - removal of blank lines at the end of code blocks (lines 280 and 446). These are formatting/style improvements with no security implications. No actual code logic, input validation, output encoding, authentication, authorization, or other security-related mechanisms have been modified. This is purely code cleanup and does not introduce or fix any security vulnerabilities.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/class-qsm-theme-settings.php 2026-01-08 00:36:12.897988652 +0000+++ cache/quiz-master-next_10.3.2/php/classes/class-qsm-theme-settings.php 2026-01-08 00:38:10.009090857 +0000@@ -55,13 +55,10 @@ } else { return $reuslt = $this->update_theme( $theme_id, $status ); }- } else {- if ( $status ) {+ } elseif ( $status ) { return $result = $this->add_theme_active( $theme_path, $theme_name, $theme_default_settings );- } } }- } /**@@ -130,7 +127,6 @@ $data, array( '%d', '%s', '%s', '%s' ) );- } /**@@ -142,7 +138,6 @@ global $wpdb; $query = "SELECT id, theme, theme_name FROM {$wpdb->prefix}$this->themes_table WHERE theme_active = 1"; return $results = $wpdb->get_results( $query, ARRAY_A );- } /**@@ -264,7 +259,4 @@ array( '%d', '%d' ) ); }--- }\ No newline at end of file
## Analysis Results
**Vulnerability Existed: no**
**Code Style/Formatting Changes Only - No Security Vulnerability**
The diff shows only code formatting and style changes:
**Changes in Lines 58-62:**
Old Code:
```php
} else {
if ( $status ) {
return $result = $this->add_theme_active( $theme_path, $theme_name, $theme_default_settings );
}
}
```
Fixed Code:
```php
} elseif ( $status ) {
return $result = $this->add_theme_active( $theme_path, $theme_name, $theme_default_settings );
}
```
**Explanation:**
This refactoring simplifies the nested if-else logic by converting `else { if (...) }` into `elseif (...)`. This is a code style improvement that reduces nesting depth and improves readability. No security vulnerability exists here—both versions execute identically.
**Additional Changes:**
- Lines 64, 131, 142, 265-267: Removal of trailing blank lines (whitespace cleanup only)
**Security Assessment:**
All changes in this diff are purely formatting/style improvements with zero security implications. The database queries remain properly parameterized, input validation is unchanged, and the logic flow is preserved.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/lib/wp-async-request.php 2026-01-08 00:36:12.901988894 +0000+++ cache/quiz-master-next_10.3.2/php/classes/lib/wp-async-request.php 2026-01-08 00:38:10.021091586 +0000@@ -156,5 +156,4 @@ * during the async request. */ abstract protected function handle();- }\ No newline at end of file
Vulnerability Existed: no No CWE - N/A - php/classes/lib/wp-async-request.php [160] Old Code: ``` abstract protected function handle(); } ``` Fixed Code: ``` abstract protected function handle(); } ``` Explanation: This diff removes trailing whitespace (an empty line) before the closing brace of the class. This is a code style/formatting change, not a security fix. Trailing whitespace has no security implications and does not address any vulnerabilities. The change improves code cleanliness but does not fix, introduce, or relate to any security issues.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/lib/wp-background-process.php 2026-01-08 00:36:12.901988894 +0000+++ cache/quiz-master-next_10.3.2/php/classes/lib/wp-background-process.php 2026-01-08 00:38:10.021091586 +0000@@ -484,7 +484,6 @@ wp_clear_scheduled_hook( $this->cron_hook_identifier ); }- } /**@@ -500,5 +499,4 @@ * @return mixed */ abstract protected function task( $item );- }
I'll analyze this diff for security vulnerabilities. **Analysis Result:** Vulnerability Existed: **no** **Explanation:** The diff shows only whitespace/formatting changes: - Removal of blank lines at the end of the `cancel_process()` method (line 487) - Removal of a blank line at the end of the file (line 503) These are purely cosmetic changes with no security implications. No code logic has been modified, no vulnerability has been introduced or fixed, and no security-sensitive operations are affected. **Summary:** This is a code style/cleanup commit with zero security impact.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/question-types/class-question-review-choice.php 2026-01-08 00:36:12.901988894 +0000+++ cache/quiz-master-next_10.3.2/php/classes/question-types/class-question-review-choice.php 2026-01-08 00:38:10.029092072 +0000@@ -42,7 +42,7 @@ $check_correct_answer_key = $this->answer_array[ $user_answer_key ][2]; if ( 1 == $check_correct_answer_key ) {- $total_correct_ans++;+ ++$total_correct_ans; } } if ( ( $this->correct_answer_logic && count( $this->correct_answer ) === $user_correct_ans || ! $this->correct_answer_logic && $user_correct_ans === $total_correct_ans ) && $is_user_attempted ) {
Vulnerability Existed: no No CWE-identified vulnerability - Stylistic code change only File: php/classes/question-types/class-question-review-choice.php, Lines 45 Old Code: ```php $total_correct_ans++; ``` Fixed Code: ```php ++$total_correct_ans; ``` Explanation: This is a stylistic change from post-increment (`$total_correct_ans++`) to pre-increment (`++$total_correct_ans`). Both operators increment the variable by 1 and produce functionally identical results in this context since the return value is not being used. This is not a security fix—it's a code style preference. Pre-increment can be marginally more efficient in some languages (avoiding temporary object creation), but in PHP this difference is negligible and handled similarly by modern interpreters. No vulnerability was present before or after this change.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/question-types/class-question-review-file-upload.php 2026-01-08 00:36:12.901988894 +0000+++ cache/quiz-master-next_10.3.2/php/classes/question-types/class-question-review-file-upload.php 2026-01-08 00:38:10.033092315 +0000@@ -88,8 +88,7 @@ $do_error = 1; $do_error_message = $movefile['error']; }- } else {- if ( ! empty ($file_upload_type) ) {+ } elseif ( ! empty ($file_upload_type) ) { $filestype = explode(',', $file_upload_type); foreach ( $filestype as $file ) { if ( strpos($file, '/') !== false ) {@@ -113,7 +112,6 @@ } else { $do_error = 1; $do_error_message = __( 'File Upload Unsuccessful! (Please select file type)', 'quiz-master-next' );- } } if ( 1 == $do_error ) { $qsm_global_result_warning_message .= '<div class="qsm-result-page-warning">' . $do_error_message . '</div>';
Analyzing the provided code diff for security vulnerabilities:
**Vulnerability Existed: no**
**CWE - None Identified**
**File:** `php/classes/question-types/class-question-review-file-upload.php`
**Old Code:**
```php
} else {
if ( ! empty ($file_upload_type) ) {
$filestype = explode(',', $file_upload_type);
// ... file type checking logic ...
}
}
```
**Fixed Code:**
```php
} elseif ( ! empty ($file_upload_type) ) {
$filestype = explode(',', $file_upload_type);
// ... file type checking logic ...
}
```
**Explanation:**
This diff represents a refactoring change, not a security fix. The modification consolidates nested conditional logic by replacing `else { if ( ! empty ($file_upload_type) ) {` with `elseif ( ! empty ($file_upload_type) ) {`. This is a structural improvement that:
1. Reduces unnecessary nesting depth
2. Improves code readability and maintainability
3. Eliminates a redundant closing brace
The change does not address or introduce any security vulnerabilities. The file upload validation logic itself (checking MIME types, validating file types, moving uploaded files) remains unchanged. No CWE-related security issues are present in this diff.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/classes/question-types/class-question-review-fill-in-blanks.php 2026-01-08 00:36:12.901988894 +0000+++ cache/quiz-master-next_10.3.2/php/classes/question-types/class-question-review-fill-in-blanks.php 2026-01-08 00:38:10.033092315 +0000@@ -58,7 +58,7 @@ $answer_key = array_search( $this->prepare_for_string_matching( $user_answer ), array_map( array( $this, 'prepare_for_string_matching' ), $this->correct_answer ), true ); } if ( false !== $answer_key ) {- $user_correct_ans++;+ ++$user_correct_ans; $this->points += $this->answer_array[ $answer_key ][1]; } }@@ -70,7 +70,7 @@ $answer_key = array_search( $this->prepare_for_string_matching( $correct_answer ), array_map( array( $this, 'prepare_for_string_matching' ), $this->user_answer ), true ); } if ( false !== $answer_key ) {- $user_correct_ans++;+ ++$user_correct_ans; $this->points += $this->answer_array[ $answer_key ][1]; } }@@ -89,14 +89,14 @@ if ( $total_user_answers <= $total_correct_answer ) { foreach ( $this->user_answer as $user_answer_key => $user_answer ) { if ( ( 1 === intval($case_sensitive) && $user_answer === $this->correct_answer[ $user_answer_key ] ) || ( 1 !== intval($case_sensitive) && $this->prepare_for_string_matching( $user_answer ) === $this->prepare_for_string_matching( $this->correct_answer[ $user_answer_key ] ) ) ) {- $user_correct_ans++;+ ++$user_correct_ans; $this->points += $this->answer_array[ $user_answer_key ][1]; } } } else { foreach ( $this->correct_answer as $correct_answer_key => $correct_answer ) { if ( ( 1 === intval($case_sensitive) && $correct_answer === $this->user_answer[ $correct_answer_key ] ) || ( 1 !== intval($case_sensitive) && $this->prepare_for_string_matching( $correct_answer ) === $this->prepare_for_string_matching( $this->user_answer[ $correct_answer_key ] ) ) ) {- $user_correct_ans++;+ ++$user_correct_ans; $this->points += $this->answer_array[ $correct_answer_key ][1]; } }
Analyzing the provided code diff for security vulnerabilities: --- **Vulnerability Existed: no** No CWE - No Vulnerability - File: php/classes/question-types/class-question-review-fill-in-blanks.php (Lines 61, 73, 92, 99) **Old Code:** ```php $user_correct_ans++; ``` **Fixed Code:** ```php ++$user_correct_ans; ``` **Explanation:** This diff contains only a code style change, not a security fix. The modification changes the post-increment operator (`$user_correct_ans++`) to the pre-increment operator (`++$user_correct_ans`). Both operators have the same functional behavior in this context since the return value of the increment operation is not being used. This is a performance micro-optimization (pre-increment avoids creating a temporary copy in some languages) and coding style improvement, but it does not address or relate to any security vulnerability. No security vulnerability existed in the original code, and this change does not fix any security issue.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/question-types/qsm-question-title.php 2026-01-08 00:36:12.933990831 +0000+++ cache/quiz-master-next_10.3.2/php/question-types/qsm-question-title.php 2026-01-08 00:38:10.061094017 +0000@@ -26,7 +26,7 @@ if ( '' !== $new_question_title ) { $new_question_title = $mlwQuizMasterNext->pluginHelper->qsm_language_support( htmlspecialchars_decode( $new_question_title, ENT_QUOTES ), "Question-{$question_id}", "QSM Questions"); $new_question_title = apply_filters( 'qsm_question_title_before', $new_question_title, $question_type, $question_id );- if ( in_array( intval( get_question_type( $question_id ) ), [ 12, 7, 3, 5 ], true ) ) {+ if ( in_array( intval( get_question_type( $question_id ) ), array( 12, 7, 3, 5 ), true ) ) { ?> <div class='mlw_qmn_new_question'><label class="qsm-question-title-label" for="question<?php echo esc_attr( $question_id ); ?>"><?php echo esc_html( $new_question_title ); ?> </label></div> <?php@@ -51,7 +51,7 @@ <?php } }- if ( ! empty( $question_title ) && ! in_array( intval( get_question_type( $question_id ) ), [ 2, 14 ], true ) ) {+ if ( ! empty( $question_title ) && ! in_array( intval( get_question_type( $question_id ) ), array( 2, 14 ), true ) ) { $question_title = $mlwQuizMasterNext->pluginHelper->qsm_language_support( htmlspecialchars_decode( html_entity_decode( $question_title, ENT_HTML5 ), ENT_QUOTES ), "question-description-{$question_id}", "QSM Questions" ); } ?>@@ -66,9 +66,9 @@ $allow_html = apply_filters( 'qsm_allow_html_question_title_after', $allow_html, $question_id ); $pattern = '/<code>(.*?)<\/code>/s'; $question_description = preg_replace_callback($pattern, function ( $matches ) {- return preg_replace([ '/<(?!(\/?code|br)[ >])/', '/>(?!(\/?code|br)[ \/>])/' ], [ '<', '>' ], $matches[0]);+ return preg_replace(array( '/<(?!(\/?code|br)[ >])/', '/>(?!(\/?code|br)[ \/>])/' ), array( '<', '>' ), $matches[0]); }, $question_title);- $question_description = str_replace([ 'code>', 'br />' ],[ 'code/>', 'br />' ], $question_description );+ $question_description = str_replace(array( 'code>', 'br />' ),array( 'code/>', 'br />' ), $question_description ); $question_description = apply_filters( 'qsm_question_description_before', $question_description, $question_type, $question_id ); ?> <p><?php echo do_shortcode( wp_kses( $question_description . $deselect_answer, $allow_html ) ); ?></p>
I'll analyze this code diff for security vulnerabilities. Vulnerability Existed: no Code Style Update - No CWE - php/question-types/qsm-question-title.php - Lines 29, 54, 69, 71 Old Code: ```php [ 12, 7, 3, 5 ] [ 2, 14 ] [ '/<(?!(\/?code|br)[ >])/', '/>(?!(\/?code|br)[ \/>])/' ] [ 'code>', 'br />' ] ``` Fixed Code: ```php array( 12, 7, 3, 5 ) array( 2, 14 ) array( '/<(?!(\/?code|br)[ >])/', '/>(?!(\/?code|br)[ \/>])/' ) array( 'code>', 'br />' ) ``` Explanation: This diff contains only code style changes, converting PHP short array syntax `[ ]` to the legacy `array()` syntax. This is not a security fix but rather a compatibility or coding standards change. The functionality remains identical—no security vulnerabilities are being fixed or introduced. The short array syntax and long array syntax are functionally equivalent in PHP 5.4+. No input validation, output encoding, or security-related logic has been modified.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/question-types/qsm-question-type-dropdown.php 2026-01-08 00:36:12.933990831 +0000+++ cache/quiz-master-next_10.3.2/php/question-types/qsm-question-type-dropdown.php 2026-01-08 00:38:10.065094260 +0000@@ -40,7 +40,7 @@ if ( is_array( $answers ) ) { $mlw_answer_total = 0; foreach ( $answers as $answer_index => $answer ) {- $mlw_answer_total++;+ ++$mlw_answer_total; if ( '' !== $answer[0] ) { $answer_text = trim( htmlspecialchars_decode( $answer[0], ENT_QUOTES ) ); $answer_text = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $answer_text, "answer-" . $id . "-" . $answer_index, "QSM Answers" );
Vulnerability Existed: no No Vulnerability Detected - Code Style Change Only Old Code: ```php $mlw_answer_total++; ``` Fixed Code: ```php ++$mlw_answer_total; ``` Explanation: This change is a code style modification, not a security fix. The diff shows a transition from post-increment (`$mlw_answer_total++`) to pre-increment (`++$mlw_answer_total`). Both syntaxes are functionally equivalent in this context since the return value of the increment operation is not being used. This is a stylistic preference with no security implications. No vulnerability existed in the original code, and no vulnerability is introduced in the fixed code.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/question-types/qsm-question-type-multiple-choice-horizontal.php 2026-01-08 00:36:12.937991073 +0000+++ cache/quiz-master-next_10.3.2/php/question-types/qsm-question-type-multiple-choice-horizontal.php 2026-01-08 00:38:10.065094260 +0000@@ -50,7 +50,7 @@ if ( empty( $add_label[ $answer_index ] ) ) { $mrq_checkbox_class = "mrq_checkbox_class"; }- $mlw_answer_total++;+ ++$mlw_answer_total; $other_option_class = ''; $other_option_class = apply_filters( 'qsm_multiple_choice_other_option_classes', $other_option_class, $mlw_answer_total, $id, $answers ); if ( '' !== $answer[0] ) {
Vulnerability Existed: no No Vulnerability Identified - File: php/question-types/qsm-question-type-multiple-choice-horizontal.php [Line 53] Old Code: ```php $mlw_answer_total++; ``` Fixed Code: ```php ++$mlw_answer_total; ``` Explanation: This change is a code style/performance optimization, not a security fix. The modification changes a post-increment operator (`$mlw_answer_total++`) to a pre-increment operator (`++$mlw_answer_total`). Both operators produce the same functional result in this context since the return value is not being used. Pre-increment is marginally more efficient as it doesn't create a temporary variable for the old value. This is purely a stylistic improvement and does not address any security vulnerability. No CWE applies to this change.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/question-types/qsm-question-type-multiple-choice.php 2026-01-08 00:36:12.937991073 +0000+++ cache/quiz-master-next_10.3.2/php/question-types/qsm-question-type-multiple-choice.php 2026-01-08 00:38:10.069094503 +0000@@ -47,7 +47,7 @@ if ( empty( $add_label_value ) ) { $mrq_checkbox_class = "mrq_checkbox_class"; }- $mlw_answer_total++;+ ++$mlw_answer_total; $other_option_class = ''; $other_option_class = apply_filters( 'qsm_multiple_choice_other_option_classes', $other_option_class, $mlw_answer_total, $id, $answers ); if ( '' !== $answer[0] ) {
Vulnerability Existed: no No Vulnerability - Code Style Change - php/question-types/qsm-question-type-multiple-choice.php Line 50 Old Code: ```php $mlw_answer_total++; ``` Fixed Code: ```php ++$mlw_answer_total; ``` Explanation: This change is a code style improvement, not a security fix. Both `$mlw_answer_total++` (post-increment) and `++$mlw_answer_total` (pre-increment) are functionally equivalent in this context since the return value is not being used. The pre-increment operator (`++`) is slightly more efficient as it doesn't need to create a temporary copy of the old value, but this has no security implications. This appears to be a refactoring to follow PHP best practices or coding standards rather than addressing any security vulnerability.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/question-types/qsm-question-type-multiple-response-horizontal.php 2026-01-08 00:36:12.941991315 +0000+++ cache/quiz-master-next_10.3.2/php/question-types/qsm-question-type-multiple-response-horizontal.php 2026-01-08 00:38:10.069094503 +0000@@ -47,7 +47,7 @@ if ( empty( $add_label_value ) ) { $mrq_checkbox_class = "mrq_checkbox_class"; }- $mlw_answer_total++;+ ++$mlw_answer_total; if ( '' !== $answer[0] ) { $answer_class = apply_filters( 'qsm_answer_wrapper_class', '', $answer, $id ); $answer_class .= 'image' === $answerEditor ? ' qmn_image_option' : '';
Vulnerability Existed: no No Vulnerability Identified - Code Style Change Old Code: ```php $mlw_answer_total++; ``` Fixed Code: ```php ++$mlw_answer_total; ``` Explanation: This change replaces post-increment (`$mlw_answer_total++`) with pre-increment (`++$mlw_answer_total`). Both operations increment the variable by 1 and have identical side effects in this context since the return value is not used. This is a code style/performance preference (pre-increment avoids creating a temporary copy of the old value) rather than a security fix. No vulnerability existed before this change, and no vulnerability is being fixed. This is a minor optimization or code quality improvement with no security implications.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/question-types/qsm-question-type-multiple-response.php 2026-01-08 00:36:12.941991315 +0000+++ cache/quiz-master-next_10.3.2/php/question-types/qsm-question-type-multiple-response.php 2026-01-08 00:38:10.069094503 +0000@@ -48,7 +48,7 @@ if ( empty( $add_label[ $answer_index ] ) ) { $mrq_checkbox_class = "mrq_checkbox_class"; }- $mlw_answer_total++;+ ++$mlw_answer_total; if ( '' !== $answer[0] ) { $answer_class = apply_filters( 'qsm_answer_wrapper_class', '', $answer, $id ); $answer_class = 'image' === $answerEditor ? $answer_class.' qmn_image_option' : '';
Vulnerability Existed: no No Vulnerability Detected - Style Change Only - php/question-types/qsm-question-type-multiple-response.php [Line 51] Old Code: ```php $mlw_answer_total++; ``` Fixed Code: ```php ++$mlw_answer_total; ``` Explanation: This change is a stylistic modification from post-increment to pre-increment syntax. Both `$mlw_answer_total++` and `++$mlw_answer_total` produce the same functional result in this context since the return value is not used. This is not a security fix—it's a code style preference. Pre-increment is marginally more efficient in some languages (it avoids creating a temporary copy of the old value), but in PHP, modern compilers optimize both identically. No security vulnerability was present in the original code, and this change does not address any security concern.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/rest-api.php 2026-01-08 00:36:12.945991557 +0000+++ cache/quiz-master-next_10.3.2/php/rest-api.php 2026-01-08 00:38:10.081095233 +0000@@ -20,7 +20,9 @@ array( 'methods' => WP_REST_Server::READABLE, 'callback' => 'qsm_rest_get_questions',- 'permission_callback' => '__return_true',+ 'permission_callback' => function () {+ return current_user_can( 'edit_qsm_quizzes' );+ }, ) ); register_rest_route(@@ -51,7 +53,9 @@ array( 'methods' => WP_REST_Server::READABLE, 'callback' => 'qsm_rest_get_question',- 'permission_callback' => '__return_true',+ 'permission_callback' => function () {+ return current_user_can( 'edit_qsm_quizzes' );+ }, ) ); register_rest_route(@@ -60,7 +64,9 @@ array( 'methods' => WP_REST_Server::READABLE, 'callback' => 'qsm_rest_get_results',- 'permission_callback' => '__return_true',+ 'permission_callback' => function () {+ return current_user_can( 'edit_qsm_quizzes' );+ }, ) ); register_rest_route(@@ -80,7 +86,9 @@ array( 'methods' => WP_REST_Server::READABLE, 'callback' => 'qsm_rest_get_emails',- 'permission_callback' => '__return_true',+ 'permission_callback' => function () {+ return current_user_can( 'edit_qsm_quizzes' );+ }, ) ); register_rest_route(@@ -94,25 +102,29 @@ }, ) );- // Register rest api to get quiz list+ // Register rest api to get quiz list (admin-only) register_rest_route( 'qsm', '/list_quiz', array( 'methods' => 'GET', 'callback' => 'qsm_get_basic_info_quiz',- 'permission_callback' => '__return_true',+ 'permission_callback' => function () {+ return current_user_can( 'edit_qsm_quizzes' );+ }, ) ); - // Register rest api to get result of quiz+ // Register rest api to get result of quiz (admin-only) register_rest_route( 'qsm', '/list_results/(?P<id>\d+)', array( 'methods' => 'GET', 'callback' => 'qsm_get_result_of_quiz',- 'permission_callback' => '__return_true',+ 'permission_callback' => function () {+ return current_user_can( 'edit_qsm_quizzes' );+ }, ) ); // Get questions for question bank@@ -127,27 +139,30 @@ }, ) );- // Get Categories of quiz+ // Get Categories of quiz (admin-only) register_rest_route( 'quiz-survey-master/v1', '/quizzes/(?P<id>\d+)/categories', array( 'methods' => WP_REST_Server::READABLE, 'callback' => 'qsm_rest_get_categories',- 'permission_callback' => '__return_true',+ 'permission_callback' => function () {+ return current_user_can( 'edit_qsm_quizzes' );+ }, ) );- // Get Categories of quiz+ // Get quizzes list (admin-only REST). register_rest_route( 'quiz-survey-master/v2', '/quizzlist/', array( 'methods' => WP_REST_Server::READABLE, 'callback' => 'qsm_get_quizzes_list',- 'permission_callback' => '__return_true',+ 'permission_callback' => function () {+ return current_user_can( 'edit_qsm_quizzes' );+ }, ) );- } /**@@ -214,7 +229,7 @@ $total_pages = ceil( $total_count / $limit ); $pageno = isset( $parameters['page'] ) ? intval( $parameters['page'] ) : 1; $offset = ( $pageno - 1 ) * $limit;- $questions = [];+ $questions = array(); if ( ! empty( $category ) ) { if ( $migrated && is_numeric( $category ) ) { $query_result = array();@@ -511,26 +526,27 @@ $question = QSM_Questions::load_question( $request['id'] ); $categorysArray = QSM_Questions::get_question_categories( $question['question_id'] ); if ( ! empty( $question ) ) {- $is_linking = $request['is_linking'];- $comma_separated_ids = '';- if ( 1 <= $is_linking ) {- if ( isset( $question['linked_question'] ) && '' == $question['linked_question'] ) {- $comma_separated_ids = $is_linking;- } else {- $linked_question = isset($question['linked_question']) ? $question['linked_question'] : '';- $exploded_question_array = explode(',', $linked_question);- if ( ! empty($linked_question) ) {- $exploded_question_array = array_merge([ $is_linking ], $exploded_question_array);- } else {- $exploded_question_array = [ $is_linking ];- }- $comma_separated_ids = implode(',', array_unique($exploded_question_array));+ $is_linking = isset( $request['is_linking'] ) ? intval( $request['is_linking'] ) : 0;+ $linked_ids = array();++ if ( isset( $question['linked_question'] ) && '' !== $question['linked_question'] ) {+ $existing_ids = array_map( 'intval', array_filter( array_map( 'trim', explode( ',', $question['linked_question'] ) ) ) );+ if ( ! empty( $existing_ids ) ) {+ $linked_ids = $existing_ids; } } + if ( 1 <= $is_linking ) {+ $linked_ids[] = $is_linking;+ }++ $linked_ids = array_values( array_unique( array_filter( $linked_ids ) ) );+ $quiz_name_by_question = array();- if ( ! empty($comma_separated_ids) ) {- $quiz_results = $wpdb->get_results( "SELECT `quiz_id`, `question_id` FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" .$comma_separated_ids. ")" );+ if ( ! empty( $linked_ids ) ) {+ $linked_ids = array_map( 'intval', $linked_ids );+ $ids_list = implode( ',', $linked_ids );+ $quiz_results = $wpdb->get_results( "SELECT `quiz_id`, `question_id` FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" . $ids_list . ")" ); foreach ( $quiz_results as $value ) { $quiz_name_in_loop = $wpdb->get_row( $wpdb->prepare( "SELECT quiz_name FROM {$wpdb->prefix}mlw_quizzes WHERE quiz_id = %d", $value->quiz_id ), ARRAY_A ); $quiz_name_in_loop = isset( $quiz_name_in_loop['quiz_name'] ) ? $quiz_name_in_loop['quiz_name'] : '';@@ -554,7 +570,7 @@ 'page' => $question['page'], 'question_title' => isset( $question['settings']['question_title'] ) ? $question['settings']['question_title'] : '', 'link_quizzes' => $quiz_name_by_question,- 'merged_question' => $comma_separated_ids,+ 'merged_question' => implode( ',', $linked_ids ), ); } return $question;@@ -609,7 +625,7 @@ } } }- $quiz_name_by_question = array_diff($quiz_name_by_question, [ $quiz_name ]); // remove current quiz id from the list+ $quiz_name_by_question = array_diff($quiz_name_by_question, array( $quiz_name )); // remove current quiz id from the list $question_data = array( 'id' => $question['question_id'], 'quizID' => $question['quiz_id'],
I'll analyze this code diff for security vulnerabilities.
Vulnerability 1:
Vulnerability Existed: yes
TRUE POSITIVE
Broken Access Control (Insufficient Authorization) - CWE-639 - php/rest-api.php [lines 23-25, 56-58, 67-69, 89-91, 112-114, 124-126, 149-151, 162-164]
Old Code:
```php
'permission_callback' => '__return_true',
```
Fixed Code:
```php
'permission_callback' => function () {
return current_user_can( 'edit_qsm_quizzes' );
},
```
Explanation:
The original code used `'__return_true'` as the permission callback, which means ALL REST API endpoints were publicly accessible without any authentication or authorization checks. This is a critical authorization bypass vulnerability. The fix properly implements permission checks using `current_user_can( 'edit_qsm_quizzes' )`, ensuring only users with the appropriate capability can access these endpoints. This applies to 8 separate REST route registrations across the file.
---
Vulnerability 2:
Vulnerability Existed: yes
FALSE POSITIVE
SQL Injection - CWE-89 - php/rest-api.php [lines 548-549]
Old Code:
```php
$comma_separated_ids = '';
if ( 1 <= $is_linking ) {
if ( isset( $question['linked_question'] ) && '' == $question['linked_question'] ) {
$comma_separated_ids = $is_linking;
} else {
$linked_question = isset($question['linked_question']) ? $question['linked_question'] : '';
$exploded_question_array = explode(',', $linked_question);
if ( ! empty($linked_question) ) {
$exploded_question_array = array_merge([ $is_linking ], $exploded_question_array);
} else {
$exploded_question_array = [ $is_linking ];
}
$comma_separated_ids = implode(',', array_unique($exploded_question_array));
}
}
...
$quiz_results = $wpdb->get_results( "SELECT `quiz_id`, `question_id` FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" .$comma_separated_ids. ")" );
```
Fixed Code:
```php
$is_linking = isset( $request['is_linking'] ) ? intval( $request['is_linking'] ) : 0;
$linked_ids = array();
if ( isset( $question['linked_question'] ) && '' !== $question['linked_question'] ) {
$existing_ids = array_map( 'intval', array_filter( array_map( 'trim', explode( ',', $question['linked_question'] ) ) ) );
if ( ! empty( $existing_ids ) ) {
$linked_ids = $existing_ids;
}
}
if ( 1 <= $is_linking ) {
$linked_ids[] = $is_linking;
}
$linked_ids = array_values( array_unique( array_filter( $linked_ids ) ) );
...
if ( ! empty( $linked_ids ) ) {
$linked_ids = array_map( 'intval', $linked_ids );
$ids_list = implode( ',', $linked_ids );
$quiz_results = $wpdb->get_results( "SELECT `quiz_id`, `question_id` FROM `{$wpdb->prefix}mlw_questions` WHERE `question_id` IN (" . $ids_list . ")" );
```
Explanation:
The original code failed to properly validate `$is_linking` from user input and directly concatenated it into the SQL query. While the data originated from the database, the unsanitized user input `$is_linking` could be injected into the SQL query string. The fix properly sanitizes this by: (1) explicitly casting `$is_linking` to `intval()`, (2) converting all array elements to integers using `array_map( 'intval', ... )`, and (3) only building the SQL query with these validated integer values. This prevents SQL injection attacks.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/shortcodes.php 2026-01-08 00:36:12.949991799 +0000+++ cache/quiz-master-next_10.3.2/php/shortcodes.php 2026-01-08 00:38:10.085095475 +0000@@ -97,7 +97,7 @@ </div> </div>"; $result .= "<div class='clear'></div>";- $i++;+ ++$i; } } }
Analyzing the provided code diff for security vulnerabilities: --- **Vulnerability Existed:** no **No Security Vulnerability Identified** **File:** php/shortcodes.php (Line 100) **Old Code:** ```php $i++; ``` **Fixed Code:** ```php ++$i; ``` **Explanation:** This change is a style/performance optimization, not a security fix. The modification replaces post-increment (`$i++`) with pre-increment (`++$i`). From a security perspective: - Neither form introduces or fixes a vulnerability - No injection, access control, authentication, or data handling issues are present - This is purely a code quality change (pre-increment is marginally more efficient in some languages, though in PHP the difference is negligible) **Conclusion:** This diff contains no security fixes and does not address any security vulnerabilities. It is a stylistic code improvement only.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/template-variables.php 2026-01-08 00:36:12.953992041 +0000+++ cache/quiz-master-next_10.3.2/php/template-variables.php 2026-01-08 00:38:10.089095719 +0000@@ -122,7 +122,7 @@ */ function qsm_variable_single_answer( $content, $mlw_quiz_array ) {- global $mlwQuizMasterNext,$wpdb;+ global $mlwQuizMasterNext, $wpdb; $quiz_options = $mlwQuizMasterNext->quiz_settings->get_quiz_options(); $quiz_id = is_object( $mlw_quiz_array ) ? $mlw_quiz_array->quiz_id : $mlw_quiz_array['quiz_id']; while ( false !== strpos( $content, '%ANSWER_' ) ) {@@ -159,7 +159,7 @@ } while ( false !== strpos( $content, '%USER_ANSWER_' ) ) { $question_id = mlw_qmn_get_string_between( $content, '%USER_ANSWER_', '%' );- $question_answers_array = $mlw_quiz_array['question_answers_array'] ?? [];+ $question_answers_array = $mlw_quiz_array['question_answers_array'] ?? array(); $key = array_search( $question_id, array_column( $question_answers_array, 'id' ), true ); if ( false !== $key && isset( $question_answers_array[ $key ] ) ) {@@ -312,12 +312,12 @@ $sharing = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_text', 'facebook_sharing_text', '%QUIZ_NAME%' ); $sharing = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $sharing, "quiz_facebook_sharing_text-{$mlw_quiz_array['quiz_id']}" ); $sharing = apply_filters( 'mlw_qmn_template_variable_results_page', $sharing, $mlw_quiz_array );- $fb_image = plugins_url( '', dirname( __FILE__ ) ) . '/assets/facebook.png';+ $fb_image = plugins_url( '', __DIR__ ) . '/assets/facebook.png'; $social_display = "<a class=\"mlw_qmn_quiz_link\" onclick=\"qmnSocialShare('facebook', '" . esc_js( $sharing ) . "', '" . esc_js( $mlw_quiz_array['quiz_name'] ) . "', '$facebook_app_id', '$page_link');\"><img src='" . $fb_image . "' alt='" . __( 'Facebbok Share', 'quiz-master-next' ) . "' /></a>"; $content = str_replace( '%FACEBOOK_SHARE%', $social_display, $content ); } if ( false !== strpos( $content, '%TWITTER_SHARE%' ) ) {- $tw_image = plugins_url( '', dirname( __FILE__ ) ) . '/assets/twitter.png';+ $tw_image = plugins_url( '', __DIR__ ) . '/assets/twitter.png'; $sharing = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_text', 'twitter_sharing_text', '%QUIZ_NAME%' ); $sharing = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $sharing, "quiz_twitter_sharing_text-{$mlw_quiz_array['quiz_id']}" ); $sharing = apply_filters( 'mlw_qmn_template_variable_results_page', $sharing, $mlw_quiz_array );@@ -325,7 +325,7 @@ $content = str_replace( '%TWITTER_SHARE%', $social_display, $content ); } if ( false !== strpos( $content, '%LINKEDIN_SHARE%' ) ) {- $ln_image = plugins_url( '', dirname( __FILE__ ) ) . '/assets/linkedin.png';+ $ln_image = plugins_url( '', __DIR__ ) . '/assets/linkedin.png'; $sharing = $mlwQuizMasterNext->pluginHelper->get_section_setting( 'quiz_text', 'linkedin_sharing_text', '%QUIZ_NAME%' ); $sharing = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $sharing, "quiz_linkedin_sharing_text-{$mlw_quiz_array['quiz_id']}" ); $sharing = apply_filters( 'mlw_qmn_template_variable_results_page', $sharing, $mlw_quiz_array );@@ -364,7 +364,7 @@ if ( isset( $mlw_quiz_array['question_answers_array'] ) ) { foreach ( $mlw_quiz_array['question_answers_array'] as $single_question ) { if ( '11' !== $single_question['question_type'] ) {- $question_total++;+ ++$question_total; } } }@@ -557,7 +557,7 @@ foreach ( $results['contact'] as $results_contact ) { if ( isset( $results_contact['label'] ) && isset( $results_contact['type'] ) && isset( $results_contact['value'] ) ) { $options = qsm_get_options_of_contact_fields($contact_form, $results_contact['label'], $results_contact['type'] );- $isRadioOrSelect = in_array($results_contact['type'], [ 'radio', 'select' ], true);+ $isRadioOrSelect = in_array($results_contact['type'], array( 'radio', 'select' ), true); $hasOptions = ! empty($options) ? trim($options) : ""; if ( ($isRadioOrSelect && $hasOptions) || ! $isRadioOrSelect ) {@@ -632,7 +632,7 @@ $display .= qsm_questions_answers_shortcode_to_text( $mlw_quiz_array, $qmn_question_answer_template, $questions, $qmn_questions, $answer, $qsm_question_cnt, $total_question_cnt ); $question_display = apply_filters( 'qsm_result_page_data_template', $question_display, $questions, $qmn_questions, $answer, $qsm_question_cnt, $total_question_cnt ); $display .= $question_display;- $qsm_question_cnt++;+ ++$qsm_question_cnt; } $display = "<div class='qsm_questions_answers_section'>{$display}</div>"; $content = str_replace( '%QUESTIONS_ANSWERS%', $display, $content );@@ -839,13 +839,11 @@ } } }- } else {- if ( $answer['category'] == $category_name ) {+ } elseif ( $answer['category'] == $category_name ) { $total_questions += 1; if ( 'correct' == $answer['correct'] ) { $amount_correct += 1; }- } } } @@ -970,7 +968,7 @@ */ $rank = 0; foreach ( $mlw_result_data as $mlw_eaches ) {- $rank++;+ ++$rank; if ( $mlw_eaches->result_id == $mlw_result_id ) { $mlw_rank = $rank; }@@ -1072,19 +1070,15 @@ } } }- } else {- if ( isset( $mlw_quiz_array['form_type'] ) && '1' === $mlw_quiz_array['form_type'] || '2' === $mlw_quiz_array['form_type'] ) {+ } elseif ( isset( $mlw_quiz_array['form_type'] ) && '1' === $mlw_quiz_array['form_type'] || '2' === $mlw_quiz_array['form_type'] ) { $user_answer_class = 'qmn_user_correct_answer'; $question_answer_class = 'qmn_question_answer_correct';- } else {- if ( 'correct' === $answer['correct'] ) {+ } elseif ( 'correct' === $answer['correct'] ) { $user_answer_class = 'qmn_user_correct_answer qsm-text-correct-option qsm-text-user-correct-answer'; $question_answer_class = 'qmn_question_answer_correct'; } else { $user_answer_class = 'qmn_user_incorrect_answer'; $question_answer_class = 'qmn_question_answer_incorrect';- }- } } $user_answer_class = 11 != $answer['question_type'] ? $user_answer_class : ''; $open_span_tag = '<span class="' . $user_answer_class . '">';@@ -1181,12 +1175,10 @@ break; } }- } else {- if ( isset( $single_answer[2] ) && 'correct' === $answer['correct'] ) {+ } elseif ( isset( $single_answer[2] ) && 'correct' === $answer['correct'] ) { $question_with_answer_text .= '<span class="qsm-text-correct-option">' . $mlwQuizMasterNext->pluginHelper->qsm_language_support( $single_answer[0], 'answer-' . $single_answer[0], 'QSM Answers' ) . '</span>'; $do_show_wrong = false; break;- } } } if ( $do_show_wrong ) {@@ -1293,8 +1285,7 @@ } $question_with_answer_text = $is_any_incorrect ? $question_with_answer_text . $question_correct_fill_answer_text : $question_with_answer_text; }- } else {- if ( 0 == $form_type && ( 0 == $quiz_system || 3 == $quiz_system ) ) {+ } elseif ( 0 == $form_type && ( 0 == $quiz_system || 3 == $quiz_system ) ) { if ( in_array( $answer['question_type'], $use_custom_default_template, true ) ) { $result_page_default_template = ""; $result_page_default_template = apply_filters( 'qsm_result_page_custom_default_template', $result_page_default_template, $total_answers, $questions, $answer );@@ -1310,15 +1301,12 @@ $question_with_answer_text .= qmn_polar_display_on_resultspage( $questionid, $questions, $total_answers, $answer ); $mlw_question_answer_display = str_replace( '%CORRECT_ANSWER%', '', $mlw_question_answer_display ); $mlw_question_answer_display = str_replace( '%USER_ANSWER%', $answer['points'], $mlw_question_answer_display );- } else {- if ( isset( $answer['user_answer'] ) && isset( $answer['correct_answer'] ) ) {+ } elseif ( isset( $answer['user_answer'] ) && isset( $answer['correct_answer'] ) ) { $question_with_answer_text .= qsm_tempvar_qa_text_qt_choice( $total_answers, $answer, $quiz_system, $question_settings, $form_type ); } else { $question_with_answer_text .= qsm_bckcmp_tempvar_qa_text_qt_single_choice_correct( $total_answers, $answer, $question_settings );- } }- } else {- if ( in_array( $answer['question_type'], $use_custom_default_template, true ) ) {+ } elseif ( in_array( $answer['question_type'], $use_custom_default_template, true ) ) { $question_type = $answer['question_type']; $result_page_default_template = ""; $result_page_default_template = apply_filters( 'qsm_result_page_custom_default_template', $result_page_default_template, $total_answers, $questions, $answer );@@ -1334,17 +1322,12 @@ $question_with_answer_text .= qmn_polar_display_on_resultspage( $questionid, $questions, $total_answers, $answer ); $mlw_question_answer_display = str_replace( '%CORRECT_ANSWER%', '', $mlw_question_answer_display ); $mlw_question_answer_display = str_replace( '%USER_ANSWER%', $answer['points'], $mlw_question_answer_display );- } else {- if ( isset( $answer['user_answer'] ) && isset( $answer['correct_answer'] ) ) {+ } elseif ( isset( $answer['user_answer'] ) && isset( $answer['correct_answer'] ) ) { $question_with_answer_text .= qsm_tempvar_qa_text_qt_choice( $total_answers, $answer, $quiz_system, $question_settings, $form_type ); } else { $question_with_answer_text .= qsm_bckcmp_tempvar_qa_text_qt_single_choice_points( $total_answers, $answer, $question_settings );- }- }- } }- } else {- if ( isset( $answer['question_type'] ) && 11 == $answer['question_type'] ) {+ } elseif ( isset( $answer['question_type'] ) && 11 == $answer['question_type'] ) { $file_extension = substr( $answer[1], -4 ); if ( '.jpg' === $file_extension || '.jpeg' === $file_extension || '.png' === $file_extension || '.gif' === $file_extension ) { $question_with_answer_text .= "$open_span_tag<img src='$answer[1]'/></span>";@@ -1358,7 +1341,6 @@ } else { $question_with_answer_text .= '<span class="qsm-user-answer-text">' . preg_replace( "/[\n\r]+/", '', nl2br( htmlspecialchars_decode( $answer[1], ENT_QUOTES ) ) ) . '</span>'; $question_with_answer_text = apply_filters( 'qsm_result_page_answer_text_with_no_answer', $question_with_answer_text, $total_answers, $questions, $answer );- } } } $mlw_question_answer_display = str_replace( '%USER_ANSWERS_DEFAULT%', do_shortcode( $question_with_answer_text ), $mlw_question_answer_display );@@ -1667,7 +1649,7 @@ // If it's not a serialized string, keep original value if ( is_string( $value ) && is_serialized( $value ) ) { // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_unserialize, WordPress.PHP.NoSilencedErrors.Discouraged- $unserialized_value = unserialize( $value, [ 'allowed_classes' => false ] );+ $unserialized_value = unserialize( $value, array( 'allowed_classes' => false ) ); $is_invalid_blob = ( false === $unserialized_value && 'b:0;' !== $value ); $is_disallowed_type = is_object( $unserialized_value ) || is_resource( $unserialized_value );
Analyzing the provided code diff for security vulnerabilities...
Vulnerability Existed: no
Whitespace and Code Style Changes - N/A - php/template-variables.php Lines 125, 162, 315, 318, 328, 367, 560, 635, 841-850, 971, 1075-1086, 1188-1195, 1288-1343, 1670
Old Code:
```php
global $mlwQuizMasterNext,$wpdb;
$question_answers_array = $mlw_quiz_array['question_answers_array'] ?? [];
$fb_image = plugins_url( '', dirname( __FILE__ ) ) . '/assets/facebook.png';
$question_total++;
$isRadioOrSelect = in_array($results_contact['type'], [ 'radio', 'select' ], true);
} else {
if ( $answer['category'] == $category_name ) {
$rank++;
$unserialized_value = unserialize( $value, [ 'allowed_classes' => false ] );
```
Fixed Code:
```php
global $mlwQuizMasterNext, $wpdb;
$question_answers_array = $mlw_quiz_array['question_answers_array'] ?? array();
$fb_image = plugins_url( '', __DIR__ ) . '/assets/facebook.png';
++$question_total;
$isRadioOrSelect = in_array($results_contact['type'], array( 'radio', 'select' ), true);
} elseif ( $answer['category'] == $category_name ) {
++$rank;
$unserialized_value = unserialize( $value, array( 'allowed_classes' => false ) );
```
Explanation:
This diff contains **no security vulnerabilities**. The changes are purely code style improvements and refactoring:
1. **Whitespace normalization** (line 125): Added space after comma in global statement
2. **Array syntax modernization** (lines 162, 560, 1670): Changed `[]` to `array()` for PHP compatibility
3. **Magic constant replacement** (lines 315, 318, 328): Changed `dirname( __FILE__ )` to `__DIR__` - both are functionally equivalent and this is a modernization
4. **Pre-increment convention** (lines 367, 635, 971): Changed `$var++` to `++$var` - this is a style preference with no security impact
5. **Control flow optimization** (lines 841-850, 1075-1086, 1188-1195, 1288-1343): Converted nested `} else { if (` patterns to `} elseif (` - this improves code readability and reduces nesting depth with no functional or security changes
None of these changes introduce, fix, or relate to security vulnerabilities. They are cosmetic improvements and code modernization following WordPress and PHP best practices.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
--- cache/quiz-master-next_10.3.1/php/template-variables/qsm-tempvar-question-answers.php 2026-01-08 00:36:12.953992041 +0000+++ cache/quiz-master-next_10.3.2/php/template-variables/qsm-tempvar-question-answers.php 2026-01-08 00:38:10.085095475 +0000@@ -52,12 +52,10 @@ } else { $question_with_answer_text .= '<span class="qsm-text-simple-option ' . $class . ' ' . $image_class . '">' . $show_user_answer .$caption.$close_span; }- } else {- if ( $is_user_answer ) {+ } elseif ( $is_user_answer ) { $question_with_answer_text .= '<span class="qsm-text-correct-option ' . $class . ' ' . $image_class . '">' . $show_user_answer .$caption.$close_span; } else { $question_with_answer_text .= '<span class="qsm-text-simple-option ' . $class . ' ' . $image_class . '">' . $show_user_answer .$caption.$close_span;- } } $question_with_answer_text = apply_filters( 'qsm_after_result_submit_answers', $question_with_answer_text, $form_type, $is_answer_correct, $total_answers, $answers_from_response, $grading_system, $question_settings ); }
Based on my analysis of the code diff, here is the security assessment:
**No vulnerabilities found in this diff.**
Vulnerability Existed: **no**
**Explanation:**
This diff contains only a **control flow refactoring** - converting a nested `if-else` structure into an `elseif` statement (lines 55-59 in v10.3.2). The change is purely syntactic and does not alter the logic or security posture of the code.
The modification:
- **Old (v10.3.1):** `} else { if ( $is_user_answer ) {`
- **Fixed (v10.3.2):** `} elseif ( $is_user_answer ) {`
This is a code style improvement that reduces nesting depth, but does not introduce or remove any security-related functionality. The actual operations performed (appending HTML with `$show_user_answer`, `$caption`, and `$class`) remain identical before and after the change.
The underlying code still has potential security concerns unrelated to this diff:
- Lack of explicit output escaping on `$show_user_answer` in lines 56 and 58 (though this depends on upstream filter sanitization)
- String concatenation in HTML attributes without escaping on `$image_class` and `$class` variables
However, these are pre-existing issues not introduced by this diff, and are outside the scope of this specific change analysis.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.