mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-09 02:12:22 +02:00
Code Issues Projects Releases Wiki Activity

MDL-70823 qtype_ddwtos: new method for safer feedback unserializing.

Browse Source
This commit is contained in:
Paul Holden 2021-10-24 21:47:18 +01:00 committed by Sara Arjona
parent b0cb1b8cea
commit faddd24a13
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
question/type/ddwtos/edit_ddwtos_form.php
View File

@ -41,9 +41,9 @@ class qtype_ddwtos_edit_form extends qtype_gapselect_edit_form_base {
protected function data_preprocessing_choice($question, $answer, $key) {
$question = parent::data_preprocessing_choice($question, $answer, $key);
$options = unserialize($answer->feedback);
$question->choices[$key]['choicegroup'] = $options->draggroup;
$question->choices[$key]['infinite'] = $options->infinite;
$options = unserialize_object($answer->feedback);
$question->choices[$key]['choicegroup'] = $options->draggroup ?? 1;
$question->choices[$key]['infinite'] = !empty($options->infinite);
return $question;
}

22
question/type/ddwtos/questiontype.php
View File

@ -49,13 +49,27 @@ class qtype_ddwtos extends qtype_gapselect_base {
return serialize($output);
}
/**
* Safely convert given serialized feedback string into valid feedback object
*
* @param string $feedback
* @return stdClass
*/
protected function unserialize_feedback(string $feedback): stdClass {
$feedbackobject = unserialize_object($feedback);
return (object) [
'draggroup' => $feedbackobject->draggroup ?? 1,
'infinite' => !empty($feedbackobject->infinite),
];
}
protected function feedback_to_choice_options($feedback) {
$feedbackobj = unserialize($feedback);
return array('draggroup' => $feedbackobj->draggroup, 'infinite' => $feedbackobj->infinite);
return (array) $this->unserialize_feedback($feedback);
}
protected function make_choice($choicedata) {
$options = unserialize($choicedata->feedback);
$options = $this->unserialize_feedback($choicedata->feedback);
return new qtype_ddwtos_choice(
$choicedata->answer, $options->draggroup, $options->infinite);
}
@ -102,7 +116,7 @@ class qtype_ddwtos extends qtype_gapselect_base {
$question->contextid);
foreach ($question->options->answers as $answer) {
$options = unserialize($answer->feedback);
$options = $this->unserialize_feedback($answer->feedback);
$output .= " <dragbox>\n";
$output .= $format->writetext($answer->answer, 3);