From d4ad9adf22c5d03705d4588a6f3b2b6f7a222357 Mon Sep 17 00:00:00 2001 From: tjhunt Date: Wed, 22 Jul 2009 09:49:48 +0000 Subject: [PATCH] quiz: fix URL escaping issues. --- mod/quiz/attempt.php | 15 ++++++--------- mod/quiz/attemptlib.php | 6 +++--- mod/quiz/review.php | 4 ++-- mod/quiz/summary.php | 4 ++-- 4 files changed, 13 insertions(+), 16 deletions(-) diff --git a/mod/quiz/attempt.php b/mod/quiz/attempt.php index 0bc05abc16..e3aa0e1540 100644 --- a/mod/quiz/attempt.php +++ b/mod/quiz/attempt.php @@ -34,7 +34,11 @@ /// Check that this attempt belongs to this user. if ($attemptobj->get_userid() != $USER->id) { - redirect($attemptobj->review_url(0, $page)); + if ($attemptobj->has_capability('mod/quiz:viewreports')) { + redirect($attemptobj->review_url(0, $page)); + } else { + quiz_error($attemptobj->get_quiz(), 'notyourattempt'); + } } /// Check capabilites. @@ -110,17 +114,10 @@ $accessmanager->print_messages($messages); print_box_end(); } - } else { - /// Just a heading. - if ($attemptobj->get_num_attempts_allowed() != 1) { - print_heading(format_string($attemptobj->get_quiz_name()).' - '.$title); - } else { - print_heading(format_string($attemptobj->get_quiz_name())); - } } // Start the form - echo '
', "\n"; // A quiz page with a lot of questions can take a long time to load, and we diff --git a/mod/quiz/attemptlib.php b/mod/quiz/attemptlib.php index 6fca3878b7..ac81a76a83 100644 --- a/mod/quiz/attemptlib.php +++ b/mod/quiz/attemptlib.php @@ -725,7 +725,7 @@ class quiz_attempt extends quiz { $attemptlist[] = '' . $at->attempt . ''; } else { $changedurl = preg_replace($search, 'attempt=' . $at->id, $url); - $attemptlist[] = '' . $at->attempt . ''; + $attemptlist[] = '' . $at->attempt . ''; } } return implode(', ', $attemptlist); @@ -817,9 +817,9 @@ class quiz_attempt extends quiz { } $param = ''; if ($showall) { - $param = '&showall=1'; + $param = '&showall=1'; } else if ($page > 0) { - $param = '&page=' . $page; + $param = '&page=' . $page; } return $param . $fragment; } diff --git a/mod/quiz/review.php b/mod/quiz/review.php index 6fd1227170..9ffe1c4ea7 100644 --- a/mod/quiz/review.php +++ b/mod/quiz/review.php @@ -204,7 +204,7 @@ /// Form for saving flags if necessary. if ($options->flags == QUESTION_FLAGSEDITABLE) { - echo 'review_url(0, $page, $showall)) . '" method="post">
'; echo ''; } @@ -236,7 +236,7 @@ if ($lastpage) { $accessmanager->print_finish_review_link($attemptobj->is_preview_user()); } else { - link_arrow_right(get_string('next'), $attemptobj->review_url(0, $page + 1)); + link_arrow_right(get_string('next'), s($attemptobj->review_url(0, $page + 1))); } echo "
"; diff --git a/mod/quiz/summary.php b/mod/quiz/summary.php index 467a68d4ff..d834aaf991 100644 --- a/mod/quiz/summary.php +++ b/mod/quiz/summary.php @@ -91,7 +91,7 @@ foreach ($attemptobj->get_question_iterator() as $number => $question) { $flag = ' ' . get_string('flagged', 'question') . ''; } - $row = array('' . $number . $flag . '', + $row = array('' . $number . $flag . '', get_string($attemptobj->get_question_status($question->id), 'quiz')); if ($scorescolumn) { $row[] = $attemptobj->get_question_score($question->id); @@ -114,7 +114,7 @@ $options = array( 'questionids' => '', 'sesskey' => sesskey(), ); -print_single_button($attemptobj->processattempt_url(), $options, get_string('finishattempt', 'quiz'), +print_single_button(s($attemptobj->processattempt_url()), $options, get_string('finishattempt', 'quiz'), 'post', '', false, '', false, get_string('confirmclose', 'quiz'), 'responseform'); echo "\n"; -- 2.39.5