From 258c5153a9b4e54f69bc11dc9348af4c709459f0 Mon Sep 17 00:00:00 2001
From: Mohammad Zubair Ali <zubair@expresstech.io>
Date: Wed, 4 Oct 2023 13:45:50 +0530
Subject: [PATCH] fixed Vulnerability Report

---
 php/classes/class-qmn-quiz-manager.php | 27 ++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/php/classes/class-qmn-quiz-manager.php b/php/classes/class-qmn-quiz-manager.php
index 2fd87538f..f04fca5bc 100644
--- a/php/classes/class-qmn-quiz-manager.php
+++ b/php/classes/class-qmn-quiz-manager.php
@@ -190,7 +190,7 @@ public function qsm_upload_image_fd_question() {
 						} else {
 						$filetypes_allowed[] = $filetypes[0];
 						}
-					}else { 
+					}else {
 						$filetypes_allowed[] = $file;
 					}
 				}
@@ -1318,7 +1318,7 @@ public function display_questions( $qmn_quiz_options, $qmn_quiz_questions, $qmn_
 					<?php
 					$current_page_number++;
 					echo apply_filters( 'qsm_auto_page_begin_pagination', '', ( $current_page_number - 1 ), $qmn_quiz_options, $qmn_quiz_questions );
-				} 
+				}
 				echo apply_filters( 'qsm_auto_page_begin_row', '', ( $current_page_number - 1 ), $qmn_quiz_options, $qmn_quiz_questions );
 			}
 			$category_class      = '';
@@ -1519,13 +1519,24 @@ public function ajax_submit_results() {
 		global $qmn_allowed_visit, $mlwQuizMasterNext, $wpdb;
 
 		$qmn_allowed_visit = true;
-		$quiz              = isset( $_POST['qmn_quiz_id'] ) ? intval( $_POST['qmn_quiz_id'] ) : '';
-		$mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz );
+		$mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz_id );
 		$options    = $mlwQuizMasterNext->quiz_settings->get_quiz_options();
-		if ( is_null( $options ) || 1 == $options->deleted ) {
+		$post_ids = get_posts(array(
+			'post_type'   => 'qsm_quiz', // Replace with the post type you're working with
+			'meta_key'    => 'quiz_id',
+			'meta_value'  => intval( $quiz_id ),
+			'fields'      => 'ids',
+			'numberposts' => 1,
+		));
+		$post_status = false;
+		if ( ! empty( $post_ids[0] ) ) {
+			$post_status = get_post_status( $post_ids[0] );
+		}
+
+		if ( is_null( $options ) || 1 == $options->deleted || 'publish' !== $post_status ) {
 			echo wp_json_encode(
 				array(
-					'display'       => htmlspecialchars_decode( 'This quiz is no longer available.' ),
+					'display'       => __( 'This quiz is no longer available.', 'quiz-master-next' ),
 					'redirect'      => false,
 					'result_status' => array(
 						'save_response' => false,
@@ -2150,13 +2161,13 @@ public static function check_answers( $options, $quiz_data ) {
 				}
 			}
 		}
-		foreach ( $question_data as $questiontype ) { 
+		foreach ( $question_data as $questiontype ) {
 			if ( 11 == $questiontype['question_type'] ) {
 				$total_questions = $total_questions - 1;
 			}
 		}
 
-		
+
 		// Calculate Total Percent Score And Average Points Only If Total Questions Doesn't Equal Zero To Avoid Division By Zero Error
 		if ( 0 !== $total_questions ) {
 			$total_score = round( ( ( $total_correct / ( $total_questions - count( $hidden_questions ) ) ) * 100 ), 2 );