From 010ec024b840f8a90f93143f2010b9a2f4d56cc8 Mon Sep 17 00:00:00 2001
From: gustav_delius <gustav_delius>
Date: Sat, 22 Jan 2005 19:14:35 +0000
Subject: [PATCH] made multiple.php save to database in addition to
 $SESSION->modform and also introduced sesskey

---
 mod/quiz/locallib.php |  1 +
 mod/quiz/multiple.php | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/mod/quiz/locallib.php b/mod/quiz/locallib.php
index d3c458be2d..4dae361e3e 100644
--- a/mod/quiz/locallib.php
+++ b/mod/quiz/locallib.php
@@ -1350,6 +1350,7 @@ function quiz_print_cat_question_list($categoryid, $quizselected=true, $recurse=
             $randomcount[$i] = $i;
         }
         echo '<form method="post" action="multiple.php">';
+        echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\">";
         print_string('addrandom1', 'quiz');
         choose_from_menu($randomcount, 'randomcreate', '10', '');
         print_string('addrandom2', 'quiz');
diff --git a/mod/quiz/multiple.php b/mod/quiz/multiple.php
index 13e4cfa7da..b9ceb1b164 100644
--- a/mod/quiz/multiple.php
+++ b/mod/quiz/multiple.php
@@ -4,7 +4,7 @@
     require_once('../../config.php');
     require_once('locallib.php');
 
-    require_variable($category);
+    $category = required_param('category');
 
     // This script can only be called while editing a quiz
 
@@ -29,10 +29,9 @@
     }
 
 
-
 /// If data submitted, then process and store.
 
-    if ($form = data_submitted()) {
+    if ($form = data_submitted() and confirm_sesskey()) {
         if ($form->randomcreate > 0) {
             $newquestionids = array(); // this will hold the ids of the random questions
             
@@ -91,6 +90,10 @@
             $newquestionids = array_merge($questionids, $newquestionids);
             $modform->questions = implode(',', $newquestionids);
             $SESSION->modform = $modform;
+            if (!set_field('quiz', 'questions', $modform->questions, 'id', $modform->instance)) {
+                error('Could not save question list');
+            }
+            quiz_questiongrades_update($modform->grades, $modform->instance);
         }
         redirect('edit.php');
     }
@@ -135,6 +138,7 @@
 
     print_simple_box_start('center', '', $THEME->cellheading);
     echo '<form method="POST" action="multiple.php">';
+    echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\">";
     echo '<table cellpadding="5">';
     echo '<tr><td align="right">';
     print_string('category', 'quiz');
-- 
2.39.5