Skip to content

Commit

Permalink
MDL-70823 qtype_ddwtos: new method for safer feedback unserializing.
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulholden @sarjona
paulholden authored and sarjona committed Nov 3, 2021
1 parent a405697 commit 9bd64d6
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 7 deletions.
6 changes: 3 additions & 3 deletions question/type/ddwtos/edit_ddwtos_form.php
View file
Expand Up @@ -41,9 +41,9 @@ public function qtype() {

protected function data_preprocessing_choice($question, $answer, $key) {
$question = parent::data_preprocessing_choice($question, $answer, $key);
$options = unserialize($answer->feedback);
$question->choices[$key]['choicegroup'] = $options->draggroup;
$question->choices[$key]['infinite'] = $options->infinite;
$options = unserialize_object($answer->feedback);
$question->choices[$key]['choicegroup'] = $options->draggroup ?? 1;
$question->choices[$key]['infinite'] = !empty($options->infinite);
return $question;
}

Expand Down
22 changes: 18 additions & 4 deletions question/type/ddwtos/questiontype.php
View file
Expand Up @@ -49,13 +49,27 @@ protected function choice_options_to_feedback($choice) {
return serialize($output);
}

/**
* Safely convert given serialized feedback string into valid feedback object
*
* @param string $feedback
* @return stdClass
*/
protected function unserialize_feedback(string $feedback): stdClass {
$feedbackobject = unserialize_object($feedback);

return (object) [
'draggroup' => $feedbackobject->draggroup ?? 1,
'infinite' => !empty($feedbackobject->infinite),
];
}

protected function feedback_to_choice_options($feedback) {
$feedbackobj = unserialize($feedback);
return array('draggroup' => $feedbackobj->draggroup, 'infinite' => $feedbackobj->infinite);
return (array) $this->unserialize_feedback($feedback);
}

protected function make_choice($choicedata) {
$options = unserialize($choicedata->feedback);
$options = $this->unserialize_feedback($choicedata->feedback);
return new qtype_ddwtos_choice(
$choicedata->answer, $options->draggroup, $options->infinite);
}
Expand Down Expand Up @@ -102,7 +116,7 @@ public function export_to_xml($question, qformat_xml $format, $extra = null) {
$question->contextid);

foreach ($question->options->answers as $answer) {
$options = unserialize($answer->feedback);
$options = $this->unserialize_feedback($answer->feedback);

$output .= " <dragbox>\n";
$output .= $format->writetext($answer->answer, 3);
Expand Down

0 comments on commit 9bd64d6

Please sign in to comment.