added nonce validation in display_results page

QuizandSurveyMaster · Sep 19, 2023 · 00eef26 · 00eef26
1 parent 7b77db8
commit 00eef26
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/php/classes/class-qmn-quiz-manager.php b/php/classes/class-qmn-quiz-manager.php
@@ -1455,6 +1455,19 @@ public function display_end_section( $qmn_quiz_options, $qmn_array_for_variables
 	 * @return string The content for the results page section
 	 */
 	public function display_results( $options, $data ) {
+		$quiz_id = ! empty( $_REQUEST['qmn_quiz_id'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['qmn_quiz_id'] ) ) : 0 ;
+		if ( ! isset( $_REQUEST['qsm_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['qsm_nonce'] ) ), 'qsm_submit_quiz_' . intval( $quiz_id ) ) ) {
+			echo wp_json_encode(
+				array(
+					'display'       => htmlspecialchars_decode( 'Nonce Validation failed!' ),
+					'redirect'      => false,
+					'result_status' => array(
+						'save_response' => false,
+					),
+				)
+			);
+			exit;
+		}
 		$result        = $this->submit_results( $options, $data );
 		$results_array = $result;
 		return $results_array['display'];