MDL-41820 XSS in the quiz responses report.
[moodle.git] / mod / quiz / report / responses / responses_table.php
CommitLineData
aeb15530 1<?php
9b40c540
TH
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
4747c788 18 * This file defines the quiz responses table.
9b40c540 19 *
8d76124c
TH
20 * @package quiz_responses
21 * @copyright 2008 Jean-Michel Vedrine
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
9b40c540
TH
23 */
24
25
a17b297d
TH
26defined('MOODLE_INTERNAL') || die();
27
f5e42695
TH
28require_once($CFG->dirroot . '/mod/quiz/report/attemptsreport_table.php');
29
a17b297d 30
9b40c540
TH
31/**
32 * This is a table subclass for displaying the quiz responses report.
33 *
8d76124c
TH
34 * @copyright 2008 Jean-Michel Vedrine
35 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
9b40c540 36 */
ac4d9157 37class quiz_responses_table extends quiz_attempts_report_table {
9b40c540 38
9d58dae3
TH
39 /**
40 * Constructor
41 * @param object $quiz
42 * @param context $context
43 * @param string $qmsubselect
44 * @param quiz_responses_options $options
45 * @param array $groupstudents
46 * @param array $students
47 * @param array $questions
48 * @param moodle_url $reporturl
49 */
e97d60ad
TH
50 public function __construct($quiz, $context, $qmsubselect, quiz_responses_options $options,
51 $groupstudents, $students, $questions, $reporturl) {
9b40c540 52 parent::__construct('mod-quiz-report-responses-report', $quiz, $context,
e97d60ad 53 $qmsubselect, $options, $groupstudents, $students, $questions, $reporturl);
7f29a7db 54 }
9b40c540
TH
55
56 public function build_table() {
4747c788
TH
57 if (!$this->rawdata) {
58 return;
7f29a7db 59 }
4747c788
TH
60
61 $this->strtimeformat = str_replace(',', ' ', get_string('strftimedatetime'));
62 parent::build_table();
7f29a7db 63 }
64
9b40c540 65 public function col_sumgrades($attempt) {
698c42ee 66 if ($attempt->state != quiz_attempt::FINISHED) {
7f29a7db 67 return '-';
68 }
65778323
TH
69
70 $grade = quiz_rescale_grade($attempt->sumgrades, $this->quiz);
71 if ($this->is_downloading()) {
72 return $grade;
73 }
74
55ca80ed
TH
75 $gradehtml = '<a href="review.php?q=' . $this->quiz->id . '&amp;attempt=' .
76 $attempt->attempt . '">' . $grade . '</a>';
65778323 77 return $gradehtml;
7f29a7db 78 }
65778323 79
9b40c540
TH
80 public function data_col($slot, $field, $attempt) {
81 global $CFG;
aeb15530 82
9b40c540
TH
83 if ($attempt->usageid == 0) {
84 return '-';
85 }
ca4b4f8f 86
9b40c540
TH
87 $question = $this->questions[$slot];
88 if (!isset($this->lateststeps[$attempt->usageid][$slot])) {
89 return '-';
90 }
ca4b4f8f 91
9b40c540 92 $stepdata = $this->lateststeps[$attempt->usageid][$slot];
aeb15530 93
9b40c540
TH
94 if (is_null($stepdata->$field)) {
95 $summary = '-';
7f29a7db 96 } else {
9b40c540 97 $summary = trim($stepdata->$field);
7f29a7db 98 }
9b40c540 99
78a49233
TH
100 if ($this->is_downloading() && $this->is_downloading() != 'xhtml') {
101 return $summary;
102 }
103 $summary = s($summary);
104
9b40c540
TH
105 if ($this->is_downloading() || $field != 'responsesummary') {
106 return $summary;
107 }
108
109 return $this->make_review_link($summary, $attempt, $slot);
7f29a7db 110 }
111
9b40c540
TH
112 public function other_cols($colname, $attempt) {
113 if (preg_match('/^question(\d+)$/', $colname, $matches)) {
114 return $this->data_col($matches[1], 'questionsummary', $attempt);
115
116 } else if (preg_match('/^response(\d+)$/', $colname, $matches)) {
117 return $this->data_col($matches[1], 'responsesummary', $attempt);
118
119 } else if (preg_match('/^right(\d+)$/', $colname, $matches)) {
120 return $this->data_col($matches[1], 'rightanswer', $attempt);
121
7f29a7db 122 } else {
55ca80ed 123 return null;
7f29a7db 124 }
9b40c540 125 }
7f29a7db 126
9b40c540
TH
127 protected function requires_latest_steps_loaded() {
128 return true;
7f29a7db 129 }
130
9b40c540
TH
131 protected function is_latest_step_column($column) {
132 if (preg_match('/^(?:question|response|right)([0-9]+)/', $column, $matches)) {
133 return $matches[1];
2ea2c1f5 134 }
9b40c540 135 return false;
7f29a7db 136 }
aeb15530 137
9b40c540
TH
138 /**
139 * Get any fields that might be needed when sorting on date for a particular slot.
f7970e3c 140 * @param int $slot the slot for the column we want.
9b40c540
TH
141 * @param string $alias the table alias for latest state information relating to that slot.
142 */
143 protected function get_required_latest_state_fields($slot, $alias) {
144 return "$alias.questionsummary AS question$slot,
145 $alias.rightanswer AS right$slot,
146 $alias.responsesummary AS response$slot";
147 }
148}