Merge pull request #2614 from QuizandSurveyMaster/dev

Release 9.1.1

css/qsm-admin.css

@@ -2683,7 +2683,7 @@ input#duplicate_questions {
 	flex-wrap: wrap;
 	justify-content: flex-start;
 	align-content: flex-start;
-	margin-bottom: 250px;
+	margin-bottom: 375px;
 }
 .contact-form-builder-wrap a {
 	display: inline-block;
@@ -3081,6 +3081,8 @@ input#duplicate_questions {
 }
 .qsm-primary-acnhor .qsm-bundles-widget .qsm-bundles-icon img{
 	height: 35px;
+	width: 35px;
+	object-fit: contain;
 }
 .custom-add-upper li a.current {
 	outline: none;
@@ -3090,12 +3092,15 @@ input#duplicate_questions {
 	border: none;
 }
 .qsm-primary-acnhor .qsm-bundles-widget .qsm-bundles-dynamic-0{
-	background-color: #01B592;
+	background-color: #3B9A7A;
 }
 .qsm-primary-acnhor .qsm-bundles-widget .qsm-bundles-dynamic-1{
-	background-color: #EC706F;
+	background-color: #01B592;
 }
 .qsm-primary-acnhor .qsm-bundles-widget .qsm-bundles-dynamic-2{
+	background-color: #EC706F;
+}
+.qsm-primary-acnhor .qsm-bundles-widget .qsm-bundles-dynamic-3{
 	background-color: #2270B1;
 }
 .custom-addon-sub-div .custom-addon-details {

js/qsm-admin.js

@@ -2883,32 +2883,41 @@ var import_button;
                     $(this).parents('.question').next('.questionElements').slideUp('slow');
                     MicroModal.show('modal-10');
                     $("#changed_question_page_no, #current_question_page_no").val($(this).parents('.page').data("page-id"));
-                    $("#changed_question_position, #current_question_position").val($(this).parents('.question').index() - 1);
+                    $("#changed_question_position, #current_question_position").val($(this).closest('.question').index() - 2 );
                     $("#current_question_id, #current_question_id").val($(this).parents('.question').data("question-id"));
                 });
 
                 //  Confirm move question button
                 $("#move-question-button").on('click', function (e) {
+                    e.preventDefault();
                     $(this).prop("disabled", true);
                     $("#move-question-error").html("");
-                    if ( 0 < $("#changed_question_position").val() && 0 < $("#changed_question_page_no").val()) {
-                        new_page_section = $(".qsm_tab_content .page").eq( $("#changed_question_page_no").val() - 1 );
-                        if ( 0 != new_page_section.length) {
-                            new_element = new_page_section.find(".question").eq($("#changed_question_position").val() - 1);
-                            current_page_section = $(".qsm_tab_content .page").eq( $("#current_question_page_no").val() - 1 );
-                            current_element = current_page_section.find(".question").eq($("#current_question_position").val() - 1);
-                            if ( 0 == new_element.length ) {
-                                new_page_section.append(current_element.clone());
-                            } else if ( 1 == $("#current_question_position").val() && $("#changed_question_page_no").val() == $("#current_question_page_no").val() ) {
-                                    new_element.after(current_element.clone());
+
+                    let changedQuestionPosition = $("#changed_question_position").val();
+                    let changedQuestionPageNo = $("#changed_question_page_no").val();
+                    let currentQuestionPosition = $("#current_question_position").val();
+                    let currentQuestionPageNo = $("#current_question_page_no").val();
+
+                    if (changedQuestionPosition > 0 && changedQuestionPageNo > 0) {
+                        let newPageSection = $(".qsm_tab_content .page").eq(changedQuestionPageNo - 1);
+                        if (newPageSection.length > 0) {
+                            let newElement = newPageSection.find(".question").eq(changedQuestionPosition - 1);
+                            let currentPageSection = $(".qsm_tab_content .page").eq(currentQuestionPageNo - 1);
+                            let currentElement = currentPageSection.find(".question").eq(currentQuestionPosition - 1);
+                            if (newElement.length === 0) {
+                                newPageSection.append(currentElement.clone());
+                            } else if (currentQuestionPosition == 1 && changedQuestionPageNo == currentQuestionPageNo) {
+                                newElement.after(currentElement.clone());
                             } else {
-                                new_element.before(current_element.clone());
+                                newElement.before(currentElement.clone());
                             }
-                            current_element.remove();
-                            let question_id = $("#current_question_id").val();
-                            let parent_page = $("#changed_question_page_no").val();
-                            let model = QSMQuestion.questions.get(question_id);
-                            model.set('page', parent_page-1);
+
+                            currentElement.remove();
+
+                            let questionId = $("#current_question_id").val();
+                            let parentPage = $("#changed_question_page_no").val();
+                            let model = QSMQuestion.questions.get(questionId);
+                            model.set('page', parentPage - 1);
                             QSMQuestion.savePages();
                             clear_move_form_values();
                         } else {
@@ -2917,12 +2926,14 @@ var import_button;
                     } else {
                         $("#move-question-error").html("Please enter positive numbers.");
                     }
+
                     setTimeout(function () {
                         $("#move-question-error").html("");
+                        $("#move-question-button").prop("disabled", false);
                     }, 3000);
-                    $(this).prop("disabled", false);
                 });
 
+
                 //  Cancel move question button
                 $("#cancel-question-button").on('click', function () {
                     clear_move_form_values();
@@ -3796,6 +3807,9 @@ var import_button;
                     QSMAdminResults.addCondition($page, 'quiz', '', 'score', 'equal', 0);
                 },
                 addResultsPage: function (conditions, page, redirect, default_mark = false) {
+                    const parser = new DOMParser();
+                    let parseRedirect = parser.parseFromString(redirect, 'text/html');
+                    redirect = parseRedirect.documentElement.textContent;
                     QSMAdminResults.total += 1;
                     var template = wp.template('results-page');
                     $('#results-pages').append(template({ id: QSMAdminResults.total, page: page, redirect: redirect, default_mark: default_mark }));

js/qsm-quiz.js

@@ -596,13 +596,28 @@ function isValidDomains(email, domains) {
 	if (0 == domains.length) {
 		return true;
 	}
-	for (var i = 0; i < domains.length; i++) {
+	for (let i = 0; i < domains.length; i++) {
 		if (email.indexOf(domains[i]) != -1) {
 			return true;
 		}
 	}
 	return false;
 }
+function isBlockedDomain(email, blockdomains) {
+    if (typeof blockdomains === 'undefined') {
+        return false;
+    }
+    if (blockdomains.length === 0) {
+        return false;
+    }
+    for (let i = 0; i < blockdomains.length; i++) {
+        if (email.indexOf(blockdomains[i]) !== -1) {
+            return true;
+        }
+    }
+    return false;
+}
+
 /**
  * Validates a URL.
  *
@@ -732,6 +747,16 @@ function qmnValidation(element, quiz_form_id) {
 						show_result_validation = false;
 					}
 				}
+				/**
+				 * Validate email from blocked domains.
+				 */
+				let blockdomains = jQuery(this).attr('data-blockdomains');
+				if (typeof blockdomains !== 'undefined') {
+					if (isBlockedDomain(x, blockdomains.split(","))) {
+						qmnDisplayError(error_messages.email_error_text, jQuery(this), quiz_form_id);
+						show_result_validation = false;
+					}
+				}
 			}
 			if (jQuery(this).attr('class').indexOf('mlwUrl') !== -1 && this.value !== "") {
 				// Remove any trailing and preceeding space.
@@ -1970,7 +1995,12 @@ jQuery(document).on('click', function(event) {
 jQuery(document).keydown(function(event) {
 	if (jQuery('.qsm-quiz-container.qsm-recently-active').length) {
 		jQuery(document).trigger('qsm_keyboard_quiz_action_start', event);
-
+		if (jQuery(event.target).is('input')) {
+			// Check if the parent div has the class 'qsm_contact_div'
+			if (jQuery(event.target).closest('div.qsm_contact_div').length > 0) {
+				return;
+			}
+		}
         if ([39, 37, 13, 9].includes(event.keyCode)) {
             event.preventDefault();
         }
@@ -2026,7 +2056,7 @@ jQuery(document).keydown(function(event) {
                 jQuery('.qsm-quiz-container.qsm-recently-active .qsm-question-wrapper').removeClass("qsm-active-question");
                 active_question.next('.qsm-question-wrapper:visible').addClass("qsm-active-question");
             } else {
-                jQuery(".qsm-quiz-container.qsm-recently-active .qsm-question-wrapper:visible:first-child").addClass("qsm-active-question");
+                jQuery(".qsm-quiz-container.qsm-recently-active .qsm-question-wrapper:visible:first").addClass("qsm-active-question");
             }
         }
         if (event.keyCode === 9) {

mlw_quizmaster2.php

@@ -2,7 +2,7 @@
 /**
  * Plugin Name: Quiz And Survey Master
  * Description: Easily and quickly add quizzes and surveys to your website.
- * Version: 9.1.0
+ * Version: 9.1.1
  * Author: ExpressTech
  * Author URI: https://quizandsurveymaster.com/
  * Plugin URI: https://expresstech.io/
@@ -43,7 +43,7 @@ class MLWQuizMasterNext {
 	 * @var string
 	 * @since 4.0.0
 	 */
-	public $version = '9.1.0';
+	public $version = '9.1.1';
 
 	/**
 	 * QSM Alert Manager Object
@@ -485,10 +485,14 @@ public function qsm_admin_scripts_style( $hook ) {
 		$qsm_variables_name = array();
 		foreach ( $qsm_variables as $key => $value ) {
 			// Iterate over each key of the nested object
-			foreach ( $value as $nestedKey => $nestedValue ) {
+			if( is_array( $value ) && !empty($value)) {
+
+				foreach ( $value as $nestedKey => $nestedValue ) {
 				// Add the nested key to the array
 				$qsm_variables_name[] = $nestedKey;
+			    }	
 			}
+
 		}
 		$qsm_admin_messages = array(
 			'error'                      => __('Error', 'quiz-master-next'),

php/admin/addons-page.php

@@ -176,7 +176,6 @@ class="dashicons dashicons-admin-generic"></span>
 								<p><?php echo wp_kses_post( $bundles_arr['desc'] ); ?></p>
 								<a href="<?php echo esc_url( $bundle_link ); ?>" target="_blank" class="custom-addon-getnow button button-primary addon-bundle-btn qsm-bundles-dynamic-<?php echo esc_attr( $count ); ?>" rel="noopener">
 									<?php esc_html_e( 'Get now', 'quiz-master-next' ); ?>
-									$<?php echo esc_html( array_values( $bundles_arr['price'] )[0] ); ?>
 									<span class="dashicons dashicons-arrow-right-alt2"></span>
 								</a>
 							</div>

php/admin/functions.php

@@ -1314,13 +1314,16 @@ function qsm_get_market_themes() {
  * @since 7.3.5
  */
 function qsm_sanitize_rec_array( $array, $textarea = false ) {
-	foreach ( (array) $array as $key => $value ) {
-		if ( is_array( $value ) ) {
-			$array[ $key ] = qsm_sanitize_rec_array( $value );
-		} else {
+	if ( ! is_array( $array ) ) {
+        return $textarea ? sanitize_textarea_field( $value ) : sanitize_text_field( $value );
+    }
+    foreach ( $array as $key => $value ) {
+        if ( is_array( $value ) ) {
+            $array[ $key ] = qsm_sanitize_rec_array( $value, $textarea );
+        } else {
 			$array[ $key ] = $textarea ? sanitize_textarea_field( $value ) : sanitize_text_field( $value );
-		}
-	}
+        }
+    }
 	return $array;
 }
 

php/admin/options-page-contact-tab.php

@@ -200,6 +200,11 @@ function qsm_options_contact_tab_template() {
 					<em><?php esc_html_e('Leave blank to allow all domains. ', 'quiz-master-next');?></em><br/>
 					<em><?php esc_html_e('Comma separated list of domains. (i.e. example.com,abc.com)', 'quiz-master-next');?></em>
 				</div>
+				<div class="qsm-contact-form-group qsm-email-option">
+					<label class="qsm-contact-form-label"><?php esc_html_e('Block Domains', 'quiz-master-next');?></label>
+					<textarea class="qsm-contact-form-control" name="blockdomains">{{data.blockdomains}}</textarea>
+					<em><?php esc_html_e('Comma separated list of domains. (i.e. example.com,abc.com)', 'quiz-master-next');?></em>
+				</div>
 			</div>
 		</div>
 	</script>

php/classes/class-qmn-quiz-manager.php

@@ -2132,7 +2132,7 @@ public function submit_results( $qmn_quiz_options, $qmn_array_for_variables ) {
 			if ( 1 == $qmn_quiz_options->enable_retake_quiz_button ) {
 				$result_display .= '<form method="POST">';
 				$result_display .= '<input type="hidden" value="' . $qmn_array_for_variables['quiz_id'] . '" name="qsm_retake_quiz_id" />';
-				$result_display .= '<input type="submit" value="' . $mlwQuizMasterNext->pluginHelper->qsm_language_support( apply_filters( 'qsm_retake_quiz_text', $qmn_quiz_options->retake_quiz_button_text ), "quiz_retake_quiz_button_text-{$qmn_quiz_options->quiz_id}" ) . '" name="qsm_retake_button" class="qsm-btn qsm_retake_button qmn_btn" id="qsm_retake_button" />';
+				$result_display .= '<input type="submit" value="' . esc_attr( $mlwQuizMasterNext->pluginHelper->qsm_language_support( apply_filters( 'qsm_retake_quiz_text', $qmn_quiz_options->retake_quiz_button_text ), "quiz_retake_quiz_button_text-{$qmn_quiz_options->quiz_id}" ) ) . '" name="qsm_retake_button" class="qsm-btn qsm_retake_button qmn_btn" id="qsm_retake_button" />';
 				$result_display .= '</form>';
 			}
 
@@ -3140,10 +3140,10 @@ function qmn_pagination_check( $display, $qmn_quiz_options, $qmn_array_for_varia
 			'amount'                 => $qmn_quiz_options->pagination,
 			'section_comments'       => $qmn_quiz_options->comment_section,
 			'total_questions'        => $total_questions,
-			'previous_text'          => $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->previous_button_text, "quiz_previous_button_text-{$qmn_quiz_options->quiz_id}" ),
-			'next_text'              => $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->next_button_text, "quiz_next_button_text-{$qmn_quiz_options->quiz_id}" ),
-			'start_quiz_survey_text' => $mlwQuizMasterNext->pluginHelper->qsm_language_support( $quiz_btn_display_text, "quiz_start_quiz_text-{$qmn_quiz_options->quiz_id}" ),
-			'submit_quiz_text'       => $mlwQuizMasterNext->pluginHelper->qsm_language_support($qmn_quiz_options->submit_button_text, "quiz_submit_button_text-{$qmn_quiz_options->quiz_id}" ),
+			'previous_text'          => esc_html( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->previous_button_text, "quiz_previous_button_text-{$qmn_quiz_options->quiz_id}" ) ),
+			'next_text'              => esc_html( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $qmn_quiz_options->next_button_text, "quiz_next_button_text-{$qmn_quiz_options->quiz_id}" ) ),
+			'start_quiz_survey_text' => esc_html( $mlwQuizMasterNext->pluginHelper->qsm_language_support( $quiz_btn_display_text, "quiz_start_quiz_text-{$qmn_quiz_options->quiz_id}" ) ),
+			'submit_quiz_text'       => esc_html( $mlwQuizMasterNext->pluginHelper->qsm_language_support($qmn_quiz_options->submit_button_text, "quiz_submit_button_text-{$qmn_quiz_options->quiz_id}" ) ),
 		);
 	}
 	return $display;

php/classes/class-qsm-contact-manager.php

@@ -372,6 +372,18 @@ public static function save_fields( $quiz_id, $fields ) {
 
 					$fields[ $i ]['allowdomains'] = implode( ',', $allowdomains );
 				}
+				// Validate blocked domains
+				if ( ! empty( $fields[ $i ]['blockdomains'] ) ) {
+					$blockdomains = explode( ',', $fields[ $i ]['blockdomains'] );
+					// Trim domains
+					$blockdomains = array_map( 'trim', $blockdomains );
+					// Filter domain
+					$blockdomains = array_filter( $blockdomains, function( $blockdomain ) {
+						return preg_match( '/^([a-zA-Z0-9-]{1,63}\.)+[a-zA-Z]{2,63}$/', $blockdomain ) && ( strlen( $blockdomain ) <= 253 );
+					} );
+
+					$fields[ $i ]['blockdomains'] = implode( ',', $blockdomains );
+				}
 				if ( ! empty( $fields[ $i ]['options'] ) ) {
 					$options = sanitize_text_field( wp_unslash( $fields[ $i ]['options'] ) );
 					$fields[ $i ]['options']  = $options;
@@ -476,6 +488,11 @@ public static function generate_contact_field( $field, $index, $quiz_options, $d
 					$allowdomains    = array_map( 'trim', explode( ',', $field['allowdomains'] ) );
 					$fieldAttr       .= " data-domains='" . implode( ',', array_filter( $allowdomains ) ) . "' ";
 				}
+				// Add code to block specific domains
+				if ( isset( $field['blockdomains'] ) && ! empty( $field['blockdomains'] ) ) {
+					$blockdomains = array_map( 'trim', explode( ',', $field['blockdomains'] ) );
+					$fieldAttr   .= " data-blockdomains='" . implode( ',', array_filter( $blockdomains ) ) . "' ";
+				}
 				$class       = apply_filters( 'qsm_contact_email_field_class', $class, $field['use'] );
 				$fieldAttr   .= " placeholder='" . esc_attr( wp_strip_all_tags( $field_placeholder ) ) . "' ";
 				if ( ! isset( $field['hide_label'] ) || 'true' != $field['hide_label'] ) {

php/classes/class-qsm-questions.php

@@ -403,12 +403,14 @@ private static function create_save_question( $data, $answers, $settings, $is_cr
 	public static function sanitize_answers( $answers, $settings ) {
 		global $mlwQuizMasterNext;
 		foreach ( $answers as $key => $answer ) {
-			if ( isset( $settings['answerEditor'] ) && 'rich' == $settings['answerEditor'] ) {
-				$answer[0] = $mlwQuizMasterNext->sanitize_html( $answer[0] );
-			} else {
-				$answer[0] = $mlwQuizMasterNext->sanitize_html( $answer[0], false );
+			if ( isset($answer[0]) ) {
+				if ( isset( $settings['answerEditor'] ) && 'rich' == $settings['answerEditor'] ) {
+					$answer[0] = $mlwQuizMasterNext->sanitize_html( $answer[0] );
+				} else {
+					$answer[0] = $mlwQuizMasterNext->sanitize_html( $answer[0], false );
+				}
+				$answers[ $key ] = $answer;
 			}
-			$answers[ $key ] = $answer;
 		}
 
 		return $answers;

php/classes/class-qsm-results-pages.php

@@ -188,7 +188,7 @@ public static function generate_pages( $response_data ) {
 		</div><?php
 		return array(
 			'display'  => do_shortcode( ob_get_clean() ),
-			'redirect' => $redirect,
+			'redirect' => htmlspecialchars_decode( $redirect, ENT_QUOTES),
 		);
 	}
 
@@ -266,7 +266,7 @@ public static function convert_to_new_system( $quiz_id ) {
 
 				// If the page used the older version of the redirect, add it.
 				if ( ! empty( $page['redirect_url'] ) ) {
-					$new_page['redirect'] = $page['redirect_url'];
+					$new_page['redirect'] = esc_url( $page['redirect_url'] );
 				}
 
 				// Checks to see if the page is not the older version's default page.
@@ -347,6 +347,8 @@ public static function save_pages( $quiz_id, $pages ) {
 			// jQuery AJAX will send a string version of false.
 			if ( 'false' === $pages[ $i ]['redirect'] ) {
 				$pages[ $i ]['redirect'] = false;
+			} else {
+				$pages[ $i ]['redirect'] = esc_url( $pages[ $i ]['redirect'] );
 			}
 
 			/**

readme.txt

@@ -2,9 +2,9 @@
 Contributors: quizsurvey,expresstech
 Tags: quiz, survey, test, exam, online assessment
 Requires at least: 4.9
-Tested up to: 6.5
+Tested up to: 6.6
 Requires PHP: 5.4
-Stable tag: 9.1.0
+Stable tag: 9.1.1
 License: GPLv2
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -189,6 +189,14 @@ QSM is designed to be compatible with most WordPress plugins and themes. However
 18. Database
 
 == Changelog ==
+= 9.1.1 ( July 26, 2024 ) =
+* Feature: Added option to blacklist email domains in contact form
+* Bug: Fixed vulnerability with redirect result URL
+* Bug: Fixed issue with question sorting
+* Enhancement: Improved quiz navigation with keyboard
+* Enhancement: Checked compatibility with WordPress 6.6 and PHP 8.3
+
+
 = 9.1.0 ( July 11, 2024 ) =
 * Feature: Added case-sensitive option to paragraph and short answers question types
 * Bug: Fixed vulnerability with quiz settings