From eee6b810331d73453ffd09165752da78e513961c Mon Sep 17 00:00:00 2001
From: Mohammad Zubair Ali <zubair@expresstech.io>
Date: Mon, 11 Mar 2024 11:48:08 +0530
Subject: [PATCH 1/5] Release QSM 8.2.3

---
 js/qsm-quiz.js                                    | 9 ++++++++-
 mlw_quizmaster2.php                               | 4 ++--
 php/classes/class-qmn-quiz-creator.php            | 3 +++
 php/classes/class-qmn-quiz-manager.php            | 7 ++++---
 php/classes/class-qsm-results-pages.php           | 2 +-
 php/question-types/qsm-question-type-dropdown.php | 2 +-
 readme.txt                                        | 7 ++++++-
 7 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/js/qsm-quiz.js b/js/qsm-quiz.js
index 3b9a934e5..7cb166c7b 100644
--- a/js/qsm-quiz.js
+++ b/js/qsm-quiz.js
@@ -1868,6 +1868,13 @@ function qsm_question_quick_result_js(question_id, answer, answer_type = '', sho
 			got_ans = true;
 		}
 
-		return { "correct_index": correct_index, "success": correct_answer ? 'correct' : 'incorrect', "message": show_correct_info && got_ans ? correct_info_text : "" };
+		let returnObject = {
+			"correct_index": correct_index,
+			"success": correct_answer ? 'correct' : 'incorrect',
+			"message": show_correct_info && got_ans ? correct_info_text : ""
+		};
+
+		jQuery(document).trigger('qsm_question_quick_result_js_after', [returnObject, correct_answer, answer, answer_array, answer_type, settings, decrypt, question_id]);
+		return returnObject;
 	}
 }
diff --git a/mlw_quizmaster2.php b/mlw_quizmaster2.php
index 628392474..3be61e048 100644
--- a/mlw_quizmaster2.php
+++ b/mlw_quizmaster2.php
@@ -2,7 +2,7 @@
 /**
  * Plugin Name: Quiz And Survey Master
  * Description: Easily and quickly add quizzes and surveys to your website.
- * Version: 8.2.2
+ * Version: 8.2.3
  * Author: ExpressTech
  * Author URI: https://quizandsurveymaster.com/
  * Plugin URI: https://expresstech.io/
@@ -43,7 +43,7 @@ class MLWQuizMasterNext {
 	 * @var string
 	 * @since 4.0.0
 	 */
-	public $version = '8.2.2';
+	public $version = '8.2.3';
 
 	/**
 	 * QSM Alert Manager Object
diff --git a/php/classes/class-qmn-quiz-creator.php b/php/classes/class-qmn-quiz-creator.php
index 91e0498af..048276e73 100644
--- a/php/classes/class-qmn-quiz-creator.php
+++ b/php/classes/class-qmn-quiz-creator.php
@@ -524,6 +524,7 @@ public function duplicate_quiz( $quiz_id, $quiz_name, $is_duplicating_questions
 		// Update quiz settings
 		$update_quiz_settings = maybe_unserialize( $mlw_qmn_duplicate_data->quiz_settings );
 		$update_pages         = maybe_unserialize( $update_quiz_settings['pages'] );
+		$update_q_pages       = maybe_unserialize( $update_quiz_settings['qpages'] );
 		// get logic data from logic table first or else from quiz_settings
 		if ( ! is_null( $logic_table_exists ) ) {
 			$query       = $wpdb->prepare( "SELECT * FROM $logic_table WHERE quiz_id = %d", $quiz_id );
@@ -633,6 +634,7 @@ public function duplicate_quiz( $quiz_id, $quiz_name, $is_duplicating_questions
 					foreach ( $pages_value as $pages_k_q => $page_q_id ) {
 						if ( intval($page_q_id) === intval($mlw_question->question_id) ) {
 							$update_pages[ $pages_key ][ $pages_k_q ] = $wpdb->insert_id;
+							$update_q_pages[ $pages_key ]['questions'][ $pages_k_q ] = $wpdb->insert_id;
 						}
 					}
 				}
@@ -681,6 +683,7 @@ public function duplicate_quiz( $quiz_id, $quiz_name, $is_duplicating_questions
 				}
 			}
 			$update_quiz_settings['pages'] = maybe_serialize( $update_pages );
+			$update_quiz_settings['qpages'] = maybe_serialize( $update_q_pages );
 			// saves data in logic table first or else in quiz_settings.
 			$value_array = array();
 			if ( is_array( $logic_rules ) && ! empty( $logic_rules ) ) {
diff --git a/php/classes/class-qmn-quiz-manager.php b/php/classes/class-qmn-quiz-manager.php
index 1f2f66acc..0a62dc68e 100644
--- a/php/classes/class-qmn-quiz-manager.php
+++ b/php/classes/class-qmn-quiz-manager.php
@@ -903,6 +903,7 @@ public function display_quiz( $options, $quiz_data, $question_amount, $shortcode
 		wp_enqueue_script( 'jquery-ui-core' );
 		wp_enqueue_script( 'jquery-ui-tooltip' );
 		wp_enqueue_style( 'jquery-redmond-theme', QSM_PLUGIN_CSS_URL . '/jquery-ui.css', array(), $mlwQuizMasterNext->version );
+		wp_enqueue_style( 'qsm_quiz_common_style', $this->common_css, array(), $mlwQuizMasterNext->version );
 
 		global $qmn_json_data;
 		$qmn_json_data['error_messages'] = array(
@@ -1549,7 +1550,7 @@ public function display_results( $options, $data ) {
 		if ( ! isset( $_REQUEST['qsm_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['qsm_nonce'] ) ), 'qsm_submit_quiz_' . intval( $quiz_id ) ) ) {
 			echo wp_json_encode(
 				array(
-					'display'       => htmlspecialchars_decode( 'Nonce Validation failed!' ),
+					'display'       => __( 'Nonce Validation failed!', 'quiz-master-next' ),
 					'redirect'      => false,
 					'result_status' => array(
 						'save_response' => false,
@@ -1636,7 +1637,7 @@ public function ajax_submit_results() {
 		if ( isset($qsm_option['quiz_options']['not_allow_after_expired_time']) && '1' === $qsm_option['quiz_options']['not_allow_after_expired_time'] && isset( $_POST['currentuserTime'] ) && sanitize_text_field( wp_unslash( $_POST['currentuserTime'] ) ) > $dtUtcDate && ! empty($dateStr) ) {
 			echo wp_json_encode(
 				array(
-					'display'       => htmlspecialchars_decode( 'Quiz Expired!' ),
+					'display'       => __( 'Quiz Expired!', 'quiz-master-next' ),
 					'redirect'      => false,
 					'result_status' => array(
 						'save_response' => false,
@@ -1985,7 +1986,7 @@ public function submit_results( $qmn_quiz_options, $qmn_array_for_variables ) {
 		// Prepares data to be sent back to front-end.
 		$return_array = array(
 			'quizExpired'   => false,
-			'display'       => htmlspecialchars_decode( $result_display ),
+			'display'       => wp_kses_post( htmlspecialchars_decode( $result_display, ENT_QUOTES) ),
 			'redirect'      => apply_filters( 'mlw_qmn_template_variable_results_page', $results_pages['redirect'], $qmn_array_for_variables ),
 			'result_status' => array(
 				'save_response' => $qmn_array_for_variables['response_saved'],
diff --git a/php/classes/class-qsm-results-pages.php b/php/classes/class-qsm-results-pages.php
index c85adfe5a..52acc91a5 100644
--- a/php/classes/class-qsm-results-pages.php
+++ b/php/classes/class-qsm-results-pages.php
@@ -164,7 +164,7 @@ public static function generate_pages( $response_data ) {
 
 			// Decodes special characters, runs through our template
 			// variables, and then outputs the text.
-			$page = htmlspecialchars_decode( $content, ENT_QUOTES );
+			$page = wp_kses_post($content);
 
 			//last chance to filter $page
 			$page = apply_filters( 'qsm_template_variable_results_page', $page, $response_data );
diff --git a/php/question-types/qsm-question-type-dropdown.php b/php/question-types/qsm-question-type-dropdown.php
index 603381bfb..aea758516 100644
--- a/php/question-types/qsm-question-type-dropdown.php
+++ b/php/question-types/qsm-question-type-dropdown.php
@@ -21,7 +21,7 @@ function qmn_drop_down_display( $id, $question, $answers ) {
 		$require_class = '';
 	}
 	$new_question_title = $mlwQuizMasterNext->pluginHelper->get_question_setting( $id, 'question_title' );
-	$question = apply_filters( 'qsm_question_title_func_before', $question, $answers, $id );
+	$question = apply_filters( 'qsm_question_title_function_before', $question, $answers, $id );
 	qsm_question_title_func( $question, '', $new_question_title, $id );
 	$show = true;
 	$show = apply_filters( 'qsm_check_show_answer_drop_down', $show, $id, $question, $answers );
diff --git a/readme.txt b/readme.txt
index 8500c2b12..6922becfb 100644
--- a/readme.txt
+++ b/readme.txt
@@ -4,7 +4,7 @@ Tags: quiz, survey, lead, test, score, exam, questionnaire, question,wordpress q
 Requires at least: 4.9
 Tested up to: 6.4
 Requires PHP: 5.4
-Stable tag: 8.2.2
+Stable tag: 8.2.3
 License: GPLv2
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -163,6 +163,11 @@ This is usually a theme conflict. You can [checkout out our common conflict solu
 18. Database
 
 == Changelog ==
+= 8.2.3 (March 11, 2024) =
+Bug: Patched a vulnerability related to the result page
+Bug: Fixed issue with inline result while duplicating quizzes
+Enhancement: Improve contact fields UI
+
 = 8.2.2 (January 18, 2024) =
 * Feature: Added an option to mark texts as code snippets in the question description
 * Bug: Fixed the issue of skipping question validation after the quiz timer ends

From 4e7a7e3018b2772b0cc323585e7cbd7b2d92c773 Mon Sep 17 00:00:00 2001
From: Mohammad Zubair Ali <zubair@expresstech.io>
Date: Tue, 12 Mar 2024 15:36:43 +0530
Subject: [PATCH 2/5] fixed retake button issue

---
 php/classes/class-qmn-quiz-manager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/classes/class-qmn-quiz-manager.php b/php/classes/class-qmn-quiz-manager.php
index 0a62dc68e..68548fa95 100644
--- a/php/classes/class-qmn-quiz-manager.php
+++ b/php/classes/class-qmn-quiz-manager.php
@@ -1911,7 +1911,7 @@ public function submit_results( $qmn_quiz_options, $qmn_array_for_variables ) {
 			if ( 1 === intval( $qmn_quiz_options->store_responses ) && ! $qmn_array_for_variables['response_saved'] ) {
 				$result_display .= '<div class="qsm-result-page-warning">' . __('Your responses are not being saved in the database due to a technical issue. Please contact the website administrator for assistance.', 'quiz-master-next') . '</div>';
 			}
-			$result_display .= $results_pages['display'];
+			$result_display .= wp_kses_post( htmlspecialchars_decode( $results_pages['display'], ENT_QUOTES) );
 			$result_display  = apply_filters( 'qmn_after_results_text', $result_display, $qmn_quiz_options, $qmn_array_for_variables );
 
 			$result_display .= $this->display_social( $qmn_quiz_options, $qmn_array_for_variables );
@@ -1986,7 +1986,7 @@ public function submit_results( $qmn_quiz_options, $qmn_array_for_variables ) {
 		// Prepares data to be sent back to front-end.
 		$return_array = array(
 			'quizExpired'   => false,
-			'display'       => wp_kses_post( htmlspecialchars_decode( $result_display, ENT_QUOTES) ),
+			'display'       => $result_display,
 			'redirect'      => apply_filters( 'mlw_qmn_template_variable_results_page', $results_pages['redirect'], $qmn_array_for_variables ),
 			'result_status' => array(
 				'save_response' => $qmn_array_for_variables['response_saved'],

From 43ca9a9e50a106b3f72bec10675349031390ea50 Mon Sep 17 00:00:00 2001
From: Mohammad Zubair Ali <zubair@expresstech.io>
Date: Tue, 12 Mar 2024 15:51:49 +0530
Subject: [PATCH 3/5] fixed issue with category limit option

---
 php/classes/class-qmn-quiz-manager.php | 26 ++++++++++++++++++++++++--
 readme.txt                             |  5 +++--
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/php/classes/class-qmn-quiz-manager.php b/php/classes/class-qmn-quiz-manager.php
index 68548fa95..d9bee3d03 100644
--- a/php/classes/class-qmn-quiz-manager.php
+++ b/php/classes/class-qmn-quiz-manager.php
@@ -712,7 +712,17 @@ public function load_questions( $quiz_id, $quiz_options, $is_quiz_page, $questio
 					$question_id = implode( ',', $question_ids );
 					$term_ids    = ( '' !== $quiz_options->randon_category ) ? $quiz_options->randon_category : $term_ids;
 
-					$tq_ids = $wpdb->get_results( "SELECT DISTINCT `term_id`, `question_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `question_id` IN ({$question_id}) AND `term_id` IN ({$term_ids}) AND `taxonomy`='qsm_category'", ARRAY_A );
+					$tq_ids = $wpdb->get_results(
+						"SELECT DISTINCT `term_id`, `question_id`
+						FROM `{$wpdb->prefix}mlw_question_terms`
+						JOIN `{$wpdb->prefix}mlw_questions` ON `{$wpdb->prefix}mlw_question_terms`.`question_id` = `{$wpdb->prefix}mlw_questions`.`question_id`
+						WHERE `{$wpdb->prefix}mlw_question_terms`.`question_id` IN ($question_id)
+							AND `{$wpdb->prefix}mlw_question_terms`.`term_id` IN ($term_ids)
+							AND `{$wpdb->prefix}mlw_question_terms`.`taxonomy` = 'qsm_category'
+							AND `{$wpdb->prefix}mlw_questions`.`deleted` = 0
+						",
+						ARRAY_A
+					);
 					$random = array();
 					if ( ! empty( $tq_ids ) ) {
 						$term_data = array();
@@ -757,7 +767,19 @@ public function load_questions( $quiz_id, $quiz_options, $is_quiz_page, $questio
 						if ( 1 == $quiz_options->randomness_order || 2 == $quiz_options->randomness_order ) {
 							$category_order_sql = 'ORDER BY rand()';
 						}
-						$tq_ids[] = $wpdb->get_results( "SELECT DISTINCT `question_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `quiz_id` = $quiz_id AND `term_id` = $category  AND `taxonomy`='qsm_category' AND question_id NOT IN ($exclude_ids) ".esc_sql( $category_order_sql )." LIMIT $limit", ARRAY_A );
+						$tq_ids[] = $wpdb->get_results(
+							"SELECT DISTINCT q.`question_id`
+							FROM `{$wpdb->prefix}mlw_questions` AS q
+							JOIN `{$wpdb->prefix}mlw_question_terms` AS qt ON q.`question_id` = qt.`question_id`
+							WHERE qt.`quiz_id` = $quiz_id
+								AND qt.`term_id` = $category
+								AND qt.`taxonomy` = 'qsm_category'
+								AND qt.`question_id` NOT IN ($exclude_ids)
+								AND q.`deleted` = 0
+							".esc_sql( $category_order_sql )."
+							LIMIT $limit",
+							ARRAY_A
+						);
 					}
 					$final_result = array_column(array_merge(...array_map('array_merge', $tq_ids)),'question_id');
 					if ( 1 == $quiz_options->randomness_order || 2 == $quiz_options->randomness_order ) {
diff --git a/readme.txt b/readme.txt
index 6922becfb..e9dbe9531 100644
--- a/readme.txt
+++ b/readme.txt
@@ -163,9 +163,10 @@ This is usually a theme conflict. You can [checkout out our common conflict solu
 18. Database
 
 == Changelog ==
-= 8.2.3 (March 11, 2024) =
-Bug: Patched a vulnerability related to the result page
+= 8.2.3 (March 12, 2024) =
+Bug: Fixed issue while using question limit with categories
 Bug: Fixed issue with inline result while duplicating quizzes
+Bug: Patched a vulnerability related to the result page
 Enhancement: Improve contact fields UI
 
 = 8.2.2 (January 18, 2024) =

From f57973dc45b6ea1ca884d12adee1bc6197e7e5a4 Mon Sep 17 00:00:00 2001
From: Mohammad Zubair Ali <zubair@expresstech.io>
Date: Tue, 12 Mar 2024 20:29:07 +0530
Subject: [PATCH 4/5] remove category limit code

---
 php/classes/class-qmn-quiz-manager.php | 26 ++------------------------
 1 file changed, 2 insertions(+), 24 deletions(-)

diff --git a/php/classes/class-qmn-quiz-manager.php b/php/classes/class-qmn-quiz-manager.php
index d9bee3d03..4678dfb85 100644
--- a/php/classes/class-qmn-quiz-manager.php
+++ b/php/classes/class-qmn-quiz-manager.php
@@ -712,17 +712,7 @@ public function load_questions( $quiz_id, $quiz_options, $is_quiz_page, $questio
 					$question_id = implode( ',', $question_ids );
 					$term_ids    = ( '' !== $quiz_options->randon_category ) ? $quiz_options->randon_category : $term_ids;
 
-					$tq_ids = $wpdb->get_results(
-						"SELECT DISTINCT `term_id`, `question_id`
-						FROM `{$wpdb->prefix}mlw_question_terms`
-						JOIN `{$wpdb->prefix}mlw_questions` ON `{$wpdb->prefix}mlw_question_terms`.`question_id` = `{$wpdb->prefix}mlw_questions`.`question_id`
-						WHERE `{$wpdb->prefix}mlw_question_terms`.`question_id` IN ($question_id)
-							AND `{$wpdb->prefix}mlw_question_terms`.`term_id` IN ($term_ids)
-							AND `{$wpdb->prefix}mlw_question_terms`.`taxonomy` = 'qsm_category'
-							AND `{$wpdb->prefix}mlw_questions`.`deleted` = 0
-						",
-						ARRAY_A
-					);
+					$tq_ids = $wpdb->get_results( "SELECT DISTINCT `term_id`, `question_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `question_id` IN ({$question_id}) AND `term_id` IN ({$term_ids}) AND `taxonomy`='qsm_category'", ARRAY_A );
 					$random = array();
 					if ( ! empty( $tq_ids ) ) {
 						$term_data = array();
@@ -767,19 +757,7 @@ public function load_questions( $quiz_id, $quiz_options, $is_quiz_page, $questio
 						if ( 1 == $quiz_options->randomness_order || 2 == $quiz_options->randomness_order ) {
 							$category_order_sql = 'ORDER BY rand()';
 						}
-						$tq_ids[] = $wpdb->get_results(
-							"SELECT DISTINCT q.`question_id`
-							FROM `{$wpdb->prefix}mlw_questions` AS q
-							JOIN `{$wpdb->prefix}mlw_question_terms` AS qt ON q.`question_id` = qt.`question_id`
-							WHERE qt.`quiz_id` = $quiz_id
-								AND qt.`term_id` = $category
-								AND qt.`taxonomy` = 'qsm_category'
-								AND qt.`question_id` NOT IN ($exclude_ids)
-								AND q.`deleted` = 0
-							".esc_sql( $category_order_sql )."
-							LIMIT $limit",
-							ARRAY_A
-						);
+						$tq_ids[] = $wpdb->get_results( "SELECT DISTINCT `question_id` FROM `{$wpdb->prefix}mlw_question_terms` WHERE `quiz_id` = $quiz_id AND `term_id` = $category AND `taxonomy`='qsm_category' AND question_id NOT IN ($exclude_ids) ".esc_sql( $category_order_sql )." LIMIT $limit", ARRAY_A );
 					}
 					$final_result = array_column(array_merge(...array_map('array_merge', $tq_ids)),'question_id');
 					if ( 1 == $quiz_options->randomness_order || 2 == $quiz_options->randomness_order ) {

From 241577b197cba1dbe9713bd2e89b74cac04ce31d Mon Sep 17 00:00:00 2001
From: Mohammad Zubair Ali <zubair@expresstech.io>
Date: Tue, 12 Mar 2024 20:30:37 +0530
Subject: [PATCH 5/5] remove category limit code changelog

---
 readme.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/readme.txt b/readme.txt
index e9dbe9531..b14e59396 100644
--- a/readme.txt
+++ b/readme.txt
@@ -164,7 +164,6 @@ This is usually a theme conflict. You can [checkout out our common conflict solu
 
 == Changelog ==
 = 8.2.3 (March 12, 2024) =
-Bug: Fixed issue while using question limit with categories
 Bug: Fixed issue with inline result while duplicating quizzes
 Bug: Patched a vulnerability related to the result page
 Enhancement: Improve contact fields UI