]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 82fd2e8)
quiz: fix URL escaping issues.
authortjhunt <tjhunt>
Wed, 22 Jul 2009 09:49:48 +0000 (09:49 +0000)
committertjhunt <tjhunt>
Wed, 22 Jul 2009 09:49:48 +0000 (09:49 +0000)
mod/quiz/attempt.php patch | blob | history
mod/quiz/attemptlib.php patch | blob | history
mod/quiz/review.php patch | blob | history
mod/quiz/summary.php patch | blob | history

diff --git a/mod/quiz/attempt.php b/mod/quiz/attempt.php
index 0bc05abc169a2b167dda5c5cb277196c1b94d659..e3aa0e15405f2c8a0a7fe8878ed002273e6d6172 100644 (file)
--- a/mod/quiz/attempt.php
+++ b/mod/quiz/attempt.php
@@ -34,7 +34,11 @@
 
 /// Check that this attempt belongs to this user.
     if ($attemptobj->get_userid() != $USER->id) {
-        redirect($attemptobj->review_url(0, $page));
+        if ($attemptobj->has_capability('mod/quiz:viewreports')) {
+            redirect($attemptobj->review_url(0, $page));
+        } else {
+            quiz_error($attemptobj->get_quiz(), 'notyourattempt');
+        }
     }
 
 /// Check capabilites.
@@ -110,17 +114,10 @@
             $accessmanager->print_messages($messages);
             print_box_end();
         }
-    } else {
-    /// Just a heading.
-        if ($attemptobj->get_num_attempts_allowed() != 1) {
-            print_heading(format_string($attemptobj->get_quiz_name()).' - '.$title);
-        } else {
-            print_heading(format_string($attemptobj->get_quiz_name()));
-        }
     }
 
     // Start the form
-    echo '<form id="responseform" method="post" action="', $attemptobj->processattempt_url(),
+    echo '<form id="responseform" method="post" action="', s($attemptobj->processattempt_url()),
             '" enctype="multipart/form-data" accept-charset="utf-8">', "\n";
 
     // A quiz page with a lot of questions can take a long time to load, and we
diff --git a/mod/quiz/attemptlib.php b/mod/quiz/attemptlib.php
index 6fca3878b7e9be13a2b6adb91ccbb8bdb92c3a19..ac81a76a834985803b6671360c232787e020d0de 100644 (file)
--- a/mod/quiz/attemptlib.php
+++ b/mod/quiz/attemptlib.php
@@ -725,7 +725,7 @@ class quiz_attempt extends quiz {
                 $attemptlist[] = '<strong>' . $at->attempt . '</strong>';
             } else {
                 $changedurl = preg_replace($search, 'attempt=' . $at->id, $url);
-                $attemptlist[] = '<a href="' . $changedurl . '">' . $at->attempt . '</a>';
+                $attemptlist[] = '<a href="' . s($changedurl) . '">' . $at->attempt . '</a>';
             }
         }
         return implode(', ', $attemptlist);
@@ -817,9 +817,9 @@ class quiz_attempt extends quiz {
         }
         $param = '';
         if ($showall) {
-            $param = '&amp;showall=1';
+            $param = '&showall=1';
         } else if ($page > 0) {
-            $param = '&amp;page=' . $page;
+            $param = '&page=' . $page;
         }
         return $param . $fragment;
     }
diff --git a/mod/quiz/review.php b/mod/quiz/review.php
index 6fd122717002ede1dbdfce1b3e0db98e3ba1891d..9ffe1c4ea7fd2f9cd656464f6e2a77f41ce5d549 100644 (file)
--- a/mod/quiz/review.php
+++ b/mod/quiz/review.php
@@ -204,7 +204,7 @@
 
 /// Form for saving flags if necessary.
     if ($options->flags == QUESTION_FLAGSEDITABLE) {
-        echo '<form action="' . $attemptobj->review_url(0, $page, $showall) .
+        echo '<form action="' . s($attemptobj->review_url(0, $page, $showall)) .
                 '" method="post"><div>';
         echo '<input type="hidden" name="sesskey" value="' . sesskey() . '" />';
     }
@@ -236,7 +236,7 @@
     if ($lastpage) {
         $accessmanager->print_finish_review_link($attemptobj->is_preview_user());
     } else {
-        link_arrow_right(get_string('next'), $attemptobj->review_url(0, $page + 1));
+        link_arrow_right(get_string('next'), s($attemptobj->review_url(0, $page + 1)));
     }
     echo "</div>";
 
diff --git a/mod/quiz/summary.php b/mod/quiz/summary.php
index 467a68d4ff50d877755d9f4f9b8f7990185f8001..d834aaf9916a9fd828cbe1b547fa95064ba96e7d 100644 (file)
--- a/mod/quiz/summary.php
+++ b/mod/quiz/summary.php
@@ -91,7 +91,7 @@ foreach ($attemptobj->get_question_iterator() as $number => $question) {
         $flag = ' <img src="' . $OUTPUT->old_icon_url('i/flagged') . '" alt="' .
                 get_string('flagged', 'question') . '" class="questionflag" />';
     }
-    $row = array('<a href="' . $attemptobj->attempt_url($question->id) . '">' . $number . $flag . '</a>',
+    $row = array('<a href="' . s($attemptobj->attempt_url($question->id)) . '">' . $number . $flag . '</a>',
             get_string($attemptobj->get_question_status($question->id), 'quiz'));
     if ($scorescolumn) {
         $row[] = $attemptobj->get_question_score($question->id);
@@ -114,7 +114,7 @@ $options = array(
     'questionids' => '',
     'sesskey' => sesskey(),
 );
-print_single_button($attemptobj->processattempt_url(), $options, get_string('finishattempt', 'quiz'),
+print_single_button(s($attemptobj->processattempt_url()), $options, get_string('finishattempt', 'quiz'),
         'post', '', false, '', false, get_string('confirmclose', 'quiz'), 'responseform');
 echo "</div>\n";
 
Unnamed repository; edit this file to name it for gitweb.