Skip to content

Commit

Permalink
Merge pull request #2391 from QuizandSurveyMaster/CU-867925rzy-Cross-…
Browse files Browse the repository at this point in the history 
…Site-Request-Forgery-vulnerability

fixed Cross Site Request Forgery (CSRF) vulnerability
  • Loading branch information
@zubairraeen
zubairraeen authored Nov 1, 2023
2 parents c4e7083 + f6f7467 commit b1a1a8b
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 344 deletions.
101 changes: 0 additions & 101 deletions css/admin-dashboard-rtl.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -296,86 +296,6 @@
display: inline-block;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner {
width: 31%;
margin-left: 2%;
float: right;
border: 1px solid #dfd4d4;
height: 210px;
text-align: center;
margin-bottom: 2%;
position: relative;
cursor: pointer;
box-sizing: border-box;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:hover,
#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner.selected-quiz-template {
border-color: #1e8cbe;
-webkit-box-shadow: 2px -1px 13px -1px rgba(30, 140, 190, 1);
-moz-box-shadow: 2px -1px 13px -1px rgba(30, 140, 190, 1);
box-shadow: 2px -1px 13px -1px rgba(30, 140, 190, 1);
transition: 0.2s all;
-ms-transition: 0.2s all;
-o-transition: 0.2s all;
-webkit-transition: 0.2s all;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:nth-child(3n + 3) {
width: 33%;
margin-left: 0%;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner .template-center-vertical {
/*position: absolute;
top: 50%;
left: 50%;
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%); */
margin-top: 21px;
height: 96px;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:first-child .template-center-vertical {
height: auto;
position: absolute;
top: 50%;
right: 50%;
-ms-transform: translate(50%, -50%);
transform: translate(50%, -50%);
margin-top: 0;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner .dashicons {
font-size: 75px;
color: #9ea3a8;
display: inline-block;
height: auto;
width: auto;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner p.start_scratch {
font-size: 14px;
text-transform: uppercase;
letter-spacing: 1px;
color: #9ea3a8;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner h3 {
margin: 0;
padding: 10px;
border-top: 1px solid #dfd4d4;
font-size: 15px;
position: absolute;
width: 100%;
box-sizing: border-box;
bottom: 0;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner.inner-json {
background: #fff;
}

#model-wizard .qsm-popup__footer {
text-align: left;
background: #fff;
Expand Down Expand Up @@ -1079,22 +999,6 @@ h2.hndle.ui-sortable-handle {
}
}

@media (min-width: 768px) and (max-width: 991px) {
#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner {
width: 48%;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:nth-child(2n + 2) {
margin-left: 0;
width: 50%;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:nth-child(3n + 3) {
margin-left: 2%;
width: 48%;
}
}

@media screen and (max-width: 767px) {
#model-wizard .qsm-popup__container {
width: 90%;
Expand All @@ -1104,11 +1008,6 @@ h2.hndle.ui-sortable-handle {
width: 100%;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:nth-child(2n + 2),
#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner {
width: 100% !important;
}

#model-wizard .qsm-wizard-setting-section {
width: 100%;
height: auto !important;
Expand Down
101 changes: 0 additions & 101 deletions css/admin-dashboard.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,86 +303,6 @@ ul.popuar-addon-ul::after {
display: inline-block;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner {
width: 31%;
margin-right: 2%;
float: left;
border: 1px solid #dfd4d4;
height: 210px;
text-align: center;
margin-bottom: 2%;
position: relative;
cursor: pointer;
box-sizing: border-box;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:hover,
#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner.selected-quiz-template {
border-color: #1e8cbe;
-webkit-box-shadow: -2px -1px 13px -1px rgba(30, 140, 190, 1);
-moz-box-shadow: -2px -1px 13px -1px rgba(30, 140, 190, 1);
box-shadow: -2px -1px 13px -1px rgba(30, 140, 190, 1);
transition: 0.2s all;
-ms-transition: 0.2s all;
-o-transition: 0.2s all;
-webkit-transition: 0.2s all;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:nth-child(3n + 3) {
width: 33%;
margin-right: 0%;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner .template-center-vertical {
/*position: absolute;
top: 50%;
left: 50%;
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%); */
margin-top: 21px;
height: 96px;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:first-child .template-center-vertical {
height: auto;
position: absolute;
top: 50%;
left: 50%;
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%);
margin-top: 0;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner .dashicons {
font-size: 75px;
color: #9ea3a8;
display: inline-block;
height: auto;
width: auto;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner p.start_scratch {
font-size: 14px;
text-transform: uppercase;
letter-spacing: 1px;
color: #9ea3a8;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner h3 {
margin: 0;
padding: 10px;
border-top: 1px solid #dfd4d4;
font-size: 15px;
position: absolute;
width: 100%;
box-sizing: border-box;
bottom: 0;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner.inner-json {
background: #fff;
}

#model-wizard .qsm-popup__footer {
text-align: right;
background: #fff;
Expand Down Expand Up @@ -1120,22 +1040,6 @@ h2.hndle.ui-sortable-handle {
}
}

@media (min-width: 768px) and (max-width: 991px) {
#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner {
width: 48%;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:nth-child(2n + 2) {
margin-right: 0;
width: 50%;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:nth-child(3n + 3) {
margin-right: 2%;
width: 48%;
}
}

@media screen and (max-width: 767px) {
#model-wizard .qsm-popup__container {
width: 90%;
Expand All @@ -1145,11 +1049,6 @@ h2.hndle.ui-sortable-handle {
width: 100%;
}

#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner:nth-child(2n + 2),
#model-wizard .qsm-popup__content .template-inner-wrap .template-list .template-list-inner {
width: 100% !important;
}

#model-wizard .qsm-wizard-setting-section {
width: 100%;
height: auto !important;
Expand Down
91 changes: 16 additions & 75 deletions js/qsm-admin.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,13 +203,13 @@ var QSMAdmin;
if (confirm(qsm_admin_messages.confirm_message)) {
var action = 'qsm_dashboard_delete_result';
var result_id = jQuery(this).data('result_id');
$.post(ajaxurl, { result_id: result_id, action: action },
function (data) {
if (data == 'failed') {
alert(qsm_admin_messages.error_delete_result);
} else {
$this.parents('li').slideUp();
$.post(ajaxurl, { result_id: result_id, action: action, nonce: wpApiSettings.nonce },
function (response) {
if (response.success) {
$this.parents('li').remove();
$this.parents('li').slideUp();
} else {
alert(qsm_admin_messages.error_delete_result);
}
}
);
Expand All @@ -231,37 +231,8 @@ var QSMAdmin;
heightStyle: "content"
});
jQuery('#accordion h3.ui-accordion-header').next().slideDown();
jQuery('.template-list .template-list-inner:first-child').trigger('click');
}
});
//Get quiz options
jQuery('.template-list-inner').click(function () {
var action = 'qsm_wizard_template_quiz_options';
var settings = jQuery(this).data('settings');
var addons = jQuery(this).data('addons');
jQuery('.template-list .template-list-inner').removeClass('selected-quiz-template');
jQuery(this).addClass('selected-quiz-template');
jQuery('#quiz_settings_wrapper').html('').html('<div class="qsm-spinner-loader"></div>');
jQuery('#recomm_addons_wrapper').html('').html('<div class="qsm-spinner-loader"></div>');
$.post(ajaxurl, { settings: settings, addons: addons, action: action },
function (data) {
var diff_html = data.split('=====');
jQuery('#quiz_settings_wrapper').html('');
jQuery('#quiz_settings_wrapper').html(diff_html[0]);
jQuery('#recomm_addons_wrapper').html('');
jQuery('#recomm_addons_wrapper').html(diff_html[1]);
jQuery("#accordion").accordion();
jQuery('#accordion h3.ui-accordion-header').next().slideDown();
$('#quiz_settings_wrapper select').each(function () {
var name = $(this).attr('name');
var value = $(this).val();
if ($('.' + name + '_' + value).length > 0) {
$('.' + name + '_' + value).show();
}
});
}
);
});

//Dismiss the welcome panel
jQuery('.qsm-welcome-panel-dismiss').click(function (e) {
Expand Down Expand Up @@ -932,41 +903,9 @@ if(current_id == 'qsm_variable_text'){ jQuery(".current_variable")[0].click();}
heightStyle: "content"
});
jQuery('#accordion h3.ui-accordion-header').next().slideDown();
jQuery('.template-list .template-list-inner:first-child').trigger('click');
}
});
//Get quiz options
$('.template-list-inner').click(function () {
var action = 'qsm_wizard_template_quiz_options';
var settings = $(this).data('settings');
var addons = $(this).data('addons');
$('.template-list .template-list-inner').removeClass('selected-quiz-template');
$(this).addClass('selected-quiz-template');
$('#quiz_settings_wrapper').html('').html('<div class="qsm-spinner-loader"></div>');
$('#recomm_addons_wrapper').html('').html('<div class="qsm-spinner-loader"></div>');
$.post(ajaxurl, {
settings: settings,
addons: addons,
action: action
},
function (data) {
var diff_html = data.split('=====');
$('#quiz_settings_wrapper').html('');
$('#quiz_settings_wrapper').html(diff_html[0]);
$('#recomm_addons_wrapper').html('');
$('#recomm_addons_wrapper').html(diff_html[1]);
$("#accordion").accordion();
$('#accordion h3.ui-accordion-header').next().slideDown();
$('#quiz_settings_wrapper select').each(function () {
var name = $(this).attr('name');
var value = $(this).val();
if ($('.' + name + '_' + value).length > 0) {
$('.' + name + '_' + value).show();
}
});
}
);
});

$('#show_import_export_popup').on('click', function (event) {
event.preventDefault();
MicroModal.show('modal-export-import');
Expand Down Expand Up @@ -1222,12 +1161,12 @@ if(current_id == 'qsm_variable_text'){ jQuery(".current_variable")[0].click();}
url: ajaxurl,
data: {
action: 'enable_multiple_categories',
value: 'enable'
value: 'enable',
nonce: wpApiSettings.nonce
},
success: function (r) {
response = JSON.parse(r);
success: function (response) {
clearInterval(category_interval);
if (response.status) {
if (response.success) {
$('.category-action').parents('.multiple-category-notice').removeClass('notice-info').addClass('notice-success').html('<p>' + qsm_admin_messages.update_db_success + '</p>');
} else {
$('.category-action').parents('.multiple-category-notice').removeClass('notice-info').addClass('notice-error').html(qsm_admin_messages.error + '! ' + qsm_admin_messages.try_again);
Expand All @@ -1245,10 +1184,11 @@ if(current_id == 'qsm_variable_text'){ jQuery(".current_variable")[0].click();}
url: ajaxurl,
data: {
action: 'enable_multiple_categories',
value: 'cancel'
value: 'cancel',
nonce: wpApiSettings.nonce
},
success: function (status) {
if (status) {
if (response.success) {
$('.multiple-category-notice').hide();
}
}
Expand Down Expand Up @@ -1498,7 +1438,7 @@ var QSMContact;
$(document).on('change', '.show-disabled-fields', function (event) {
event.preventDefault();
var is_show = $(this).prop('checked');
jQuery.post(ajaxurl, { action: 'qsm_show_disabled_contact_fields', show: is_show });
jQuery.post(ajaxurl, { action: 'qsm_show_disabled_contact_fields', show: is_show, 'nonce': qsmContactObject.saveNonce, 'quiz_id': qsmContactObject.quizID });
if (is_show) {
$('.contact-form-field').removeClass('hidden-field');
} else {
Expand Down Expand Up @@ -3309,6 +3249,7 @@ var import_button;
var new_category_data = {
action: 'save_new_category',
name: new_category,
nonce: qsmQuestionSettings.saveNonce,
parent: parent_category
};
$('#modal-9-content .info').html('');
Expand Down
Loading

0 comments on commit b1a1a8b

Please sign in to comment.