mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-15 05:25:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-79408 mod_lesson: safer unserializing/comparison of properties.

Browse Source
This commit is contained in:
Paul Holden 2023-09-18 14:01:36 +01:00 committed by Jenkins
parent 7679452caf
commit ba974a4add
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mod/lesson/locallib.php
View File

@ -323,7 +323,7 @@ function lesson_grade($lesson, $ntries, $userid = 0) {
$attempt = end($attempts);
// If essay question, handle it, otherwise add to score
if ($page->requires_manual_grading()) {
$useranswerobj = unserialize($attempt->useranswer);
$useranswerobj = unserialize_object($attempt->useranswer);
if (isset($useranswerobj->score)) {
$earned += $useranswerobj->score;
}
@ -2919,11 +2919,11 @@ class lesson extends lesson_base {
if ($dependentlesson = $DB->get_record('lesson', array('id' => $this->properties->dependency))) {
// Lesson exists, so we can proceed.
$conditions = unserialize($this->properties->conditions);
$conditions = unserialize_object($this->properties->conditions);
// Assume false for all.
$errors = array();
// Check for the timespent condition.
if ($conditions->timespent) {
if (!empty($conditions->timespent)) {
$timespent = false;
if ($attempttimes = $DB->get_records('lesson_timer', array("userid" => $USER->id, "lessonid" => $dependentlesson->id))) {
// Go through all the times and test to see if any of them satisfy the condition.
@ -2939,7 +2939,7 @@ class lesson extends lesson_base {
}
}
// Check for the gradebetterthan condition.
if ($conditions->gradebetterthan) {
if (!empty($conditions->gradebetterthan)) {
$gradebetterthan = false;
if ($studentgrades = $DB->get_records('lesson_grades', array("userid" => $USER->id, "lessonid" => $dependentlesson->id))) {
// Go through all the grades and test to see if any of them satisfy the condition.
@ -2954,7 +2954,7 @@ class lesson extends lesson_base {
}
}
// Check for the completed condition.
if ($conditions->completed) {
if (!empty($conditions->completed)) {
if (!$DB->count_records('lesson_grades', array('userid' => $USER->id, 'lessonid' => $dependentlesson->id))) {
$errors[] = get_string('completederror', 'lesson');
}

8
mod/lesson/mod_form.php
View File

@ -358,10 +358,10 @@ class mod_lesson_mod_form extends moodleform_mod {
**/
public function data_preprocessing(&$defaultvalues) {
if (isset($defaultvalues['conditions'])) {
$conditions = unserialize($defaultvalues['conditions']);
$defaultvalues['timespent'] = $conditions->timespent;
$defaultvalues['completed'] = $conditions->completed;
$defaultvalues['gradebetterthan'] = $conditions->gradebetterthan;
$conditions = unserialize_object($defaultvalues['conditions']);
$defaultvalues['timespent'] = $conditions->timespent ?? 0;
$defaultvalues['completed'] = !empty($conditions->completed);
$defaultvalues['gradebetterthan'] = $conditions->gradebetterthan ?? 0;
}
// Set up the completion checkbox which is not part of standard data.

6
mod/lesson/pagetypes/essay.php
View File

@ -56,9 +56,9 @@ class lesson_page_type_essay extends lesson_page {
* @return object
*/
static public function extract_useranswer($useranswer) {
$essayinfo = unserialize($useranswer);
$essayinfo = unserialize_object($useranswer);
if (!isset($essayinfo->responseformat)) {
$essayinfo->response = text_to_html($essayinfo->response, false, false);
$essayinfo->response = text_to_html($essayinfo->response ?? '', false, false);
$essayinfo->responseformat = FORMAT_HTML;
}
return $essayinfo;
@ -150,7 +150,7 @@ class lesson_page_type_essay extends lesson_page {
$editoroptions['context'], 'mod_lesson', 'essay_answers', $attempt->id);
// Update the student response to have the modified link.
$useranswer = unserialize($attempt->useranswer);
$useranswer = unserialize_object($attempt->useranswer);
$useranswer->answer = $formdata->answer;
$useranswer->answerformat = $formdata->answerformat;
$attempt->useranswer = serialize($useranswer);