MDL-57257 lesson: Validate type of numerical answer
authorJan Dageförde <jan.dagefoerde@ercis.uni-muenster.de>
Mon, 12 Dec 2016 17:43:47 +0000 (18:43 +0100)
committerAdrian Greeve <adrian@moodle.com>
Tue, 13 Dec 2016 02:32:49 +0000 (10:32 +0800)
mod/lesson/pagetypes/numerical.php

index f47280d..338d44b 100644 (file)
@@ -87,12 +87,12 @@ class lesson_page_type_numerical extends lesson_page {
         $result->response = '';
         $result->newpageid = 0;
 
-        if (isset($data->answer)) {
-            // just doing default PARAM_RAW, not doing PARAM_INT because it could be a float
-            $result->useranswer = (float)$data->answer;
-        } else {
+        if (!isset($data->answer) || !is_numeric($data->answer)) {
             $result->noanswer = true;
             return $result;
+        } else {
+            // Just doing default PARAM_RAW, not doing PARAM_INT because it could be a float.
+            $result->useranswer = (float)$data->answer;
         }
         $result->studentanswer = $result->userresponse = $result->useranswer;
         $answers = $this->get_answers();