From f5622c417805c6001195beb9780052809233ba3d Mon Sep 17 00:00:00 2001 From: Corey Peterson Date: Tue, 1 Oct 2024 14:12:17 -0400 Subject: [PATCH 1/3] Adds proper string sanitation before performing comparison in score module --- src/_score/score_module.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/_score/score_module.php b/src/_score/score_module.php index 81088e7..097cc76 100755 --- a/src/_score/score_module.php +++ b/src/_score/score_module.php @@ -30,7 +30,11 @@ public function check_answer($log) $answers = $this->questions[$log->item_id]->answers; foreach($answers as $answer) { - if ($log->text == $answer['text']) + // ensure string values are in parity. The answer value (coming from the qset) may include html entities. + $log_sanitized = html_entity_decode(strtolower(trim($log->text))); + $answer_sanitized = html_entity_decode(strtolower(trim($answer['text']))); + + if ($log_sanitized == $answer_sanitized) { return $answer['value']; } From a1718606d3508a339b286ab374600250e9261d11 Mon Sep 17 00:00:00 2001 From: Corey Peterson Date: Tue, 1 Oct 2024 14:51:22 -0400 Subject: [PATCH 2/3] String sanitation in score screen to un-bork it --- src/scoreScreen.js | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/scoreScreen.js b/src/scoreScreen.js index a5cda7a..3c56022 100644 --- a/src/scoreScreen.js +++ b/src/scoreScreen.js @@ -39,9 +39,9 @@ SortItOut.controller('SortItOutScoreCtrl', [ $scope.questionValue = 100 / qset.items.length for (let item of qset.items) { - const folderName = item.answers[0].text + const folderName = sanitizeHelper.desanitize(item.answers[0].text) if (item.options.image) { - imageMap[item.questions[0].text] = Materia.ScoreCore.getMediaUrl(item.options.image) + imageMap[sanitizeHelper.desanitize(item.questions[0].text)] = Materia.ScoreCore.getMediaUrl(item.options.image) } if (folderNames[folderName] == undefined) { folderNames[folderName] = folders.length @@ -56,8 +56,13 @@ SortItOut.controller('SortItOutScoreCtrl', [ } for (let entry of scoreTable) { - const [text, userFolderName, correctFolderName] = entry.data + let [text, userFolderName, correctFolderName] = entry.data + text = sanitizeHelper.desanitize(text) + userFolderName = sanitizeHelper.desanitize(userFolderName) + correctFolderName = sanitizeHelper.desanitize(correctFolderName) + + // ensure string values are properly decoded const correctFolderIndex = folderNames[correctFolderName] const userFolderIndex = folderNames[userFolderName] const correct = userFolderName == correctFolderName @@ -65,7 +70,7 @@ SortItOut.controller('SortItOutScoreCtrl', [ folders[userFolderIndex].placeCount++ const item = { - text: sanitizeHelper.desanitize(text), + text: text, correct, userFolderName, image: imageMap[text] || false @@ -78,7 +83,7 @@ SortItOut.controller('SortItOutScoreCtrl', [ } else { folders[correctFolderIndex].items.push(item) folders[userFolderIndex].extraItems.push({ - text: sanitizeHelper.desanitize(text), + text: text, image: imageMap[text] || false, correctFolderName }) From 9e25fbecc7d1b51bcb48923b3ff8a1cb05c9dffe Mon Sep 17 00:00:00 2001 From: Corey Peterson Date: Tue, 1 Oct 2024 14:52:40 -0400 Subject: [PATCH 3/3] Sanitation comment relocated --- src/scoreScreen.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scoreScreen.js b/src/scoreScreen.js index 3c56022..ee6d147 100644 --- a/src/scoreScreen.js +++ b/src/scoreScreen.js @@ -58,11 +58,11 @@ SortItOut.controller('SortItOutScoreCtrl', [ for (let entry of scoreTable) { let [text, userFolderName, correctFolderName] = entry.data + // ensure string values are properly decoded text = sanitizeHelper.desanitize(text) userFolderName = sanitizeHelper.desanitize(userFolderName) correctFolderName = sanitizeHelper.desanitize(correctFolderName) - // ensure string values are properly decoded const correctFolderIndex = folderNames[correctFolderName] const userFolderIndex = folderNames[userFolderName] const correct = userFolderName == correctFolderName