engagingnewsproject · luukee · Oct 18, 2023 · Oct 19, 2023 · Jan 16, 2024
diff --git a/database/class-enp_quiz_db.php b/database/class-enp_quiz_db.php
@@ -1,23 +1,20 @@
 <?php
-
 /**
- * Extremely bare wrapper based on
- * http://codereview.stackexchange.com/questions/52414/my-simple-pdo-wrapper-class
- * & http://stackoverflow.com/questions/20664450/is-a-pdo-wrapper-really-overkill
- * to make opening PDO connections and preparing, binding, and executing connections
- * faster.
- *
- **/
-
-class enp_quiz_Db extends PDO
-{
-
-    public function __construct()
-    {
+* Extremely bare wrapper based on
+* http://codereview.stackexchange.com/questions/52414/my-simple-pdo-wrapper-class
+* & http://stackoverflow.com/questions/20664450/is-a-pdo-wrapper-really-overkill
+* to make opening PDO connections and preparing, binding, and executing connections
+* faster.
+*
+**/
+
+class enp_quiz_Db extends PDO {
+
+    public function __construct() {
         // check if a connection already exists
         try {
             // config file for connection info and necessary variables
-            include($_SERVER["DOCUMENT_ROOT"] . '/enp-quiz-database-config.php');
+            include($_SERVER["DOCUMENT_ROOT"].'/enp-quiz-database-config.php');
             // Table names for dynamic reference
             $this->quiz_table = $enp_quiz_table_quiz;
             $this->quiz_option_table = $enp_quiz_table_quiz_option;
@@ -41,154 +38,138 @@ public function __construct()
                 PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
             );
             // create the new connection
-            parent::__construct(
-                'mysql:host=' . $enp_db_host . ';dbname=' . $enp_db_name,
-                // for windows users possible fix for PDO error, change 'mysql:host=' line above to:
-                // 'sqlsrv:Server=' . $enp_db_host . ';Database=' . $enp_db_name,
-                $enp_db_user,
-                $enp_db_password,
-                $options
-            );
+            parent::__construct('mysql:host='.$enp_db_host.';dbname='.$enp_db_name,
+                                $enp_db_user,
+                                $enp_db_password,
+                                $options);
         } catch (Exception $e) {
             $this->errors = $e->getMessage();
         }
     }
 
-    public function runQuery($sql, $params = null)
-    {
+    public function runQuery($sql, $params = null, ...$fetchModeArgs) {
         $stmt = $this->prepare($sql);
         $stmt->execute($params);
         return $stmt;
     }
 
-    public function fetchOne($sql, $params = [])
-    {
-        $stmt = $this->runQuery($sql, $params);
+    public function fetchOne($sql, $params = []) {
+        $stmt = $this->query($sql, $params);
         return $stmt->fetch(PDO::FETCH_ASSOC);
     }
 
-    public function fetchAll($sql, $params = [])
-    {
-        $stmt = $this->runQuery($sql, $params);
+    public function fetchAll($sql, $params = []) {
+        $stmt = $this->query($sql, $params);
         return $stmt->fetchAll(PDO::FETCH_ASSOC);
     }
 
     /*
      * Get Quizzes
      *
      */
-    public function getQuizzes($where = [])
-    {
+    public function getQuizzes($where = []) {
 
         $params = $this->buildParams($where);
-        $sql = "SELECT * from " . $this->quiz_table . " WHERE quiz_is_deleted = 0";
-
-        if ($where) {
+        $sql = "SELECT * from ".$this->quiz_table." WHERE quiz_is_deleted = 0";
+        
+        if($where) {
             $sql .= $this->buildWhere($params, true);
         }
-
+        
         return $this->fetchAll($sql, $params);
     }
 
     /*
      * Get Domains
      *
      */
-    public function getDomains($where = [])
-    {
+    public function getDomains($where = []) {
 
         $params = $this->buildParams($where);
-        $sql = "SELECT DISTINCT(SUBSTRING_INDEX((SUBSTRING_INDEX((SUBSTRING_INDEX(embed_site_url, '://', -1)), '/', 1)), '.', -2)) as domain from " . $this->embed_site_table;
-
-        if ($where) {
+        $sql = "SELECT DISTINCT(SUBSTRING_INDEX((SUBSTRING_INDEX((SUBSTRING_INDEX(embed_site_url, '://', -1)), '/', 1)), '.', -2)) as domain from ".$this->embed_site_table;
+        
+        if($where) {
             $sql .= $this->buildWhere($params, true);
         }
-
+        
         return $this->fetchAll($sql, $params);
     }
-
+    
     /*
      * Get Sites
      *
      */
-    public function getSites($where = [])
-    {
+    public function getSites($where = []) {
 
         $params = $this->buildParams($where);
-        $sql = "SELECT * from " . $this->embed_site_table;
-
-        if ($where) {
+        $sql = "SELECT * from ".$this->embed_site_table;
+        
+        if($where) {
             $sql .= $this->buildWhere($params, true);
         }
-
+        
         return $this->fetchAll($sql, $params);
     }
 
     /*
      * Get Embeds
      *
      */
-    public function getEmbeds($where = [])
-    {
+    public function getEmbeds($where = []) {
 
         $params = $this->buildParams($where);
-        $sql = "SELECT * from " . $this->embed_quiz_table;
-
-        if ($where) {
+        $sql = "SELECT * from ".$this->embed_quiz_table;
+        
+        if($where) {
             $sql .= $this->buildWhere($params, true);
         }
-
+        
         return $this->fetchAll($sql, $params);
     }
 
     // TOTALS
-    public function getResponsesCorrectTotal()
-    {
-        $sql = "SELECT COUNT(*) from " . $this->response_question_table . " WHERE response_correct = 1";
+    public function getResponsesCorrectTotal() {
+        $sql = "SELECT COUNT(*) from ".$this->response_question_table." WHERE response_correct = 1";
         return (int) $this->fetchOne($sql)['COUNT(*)'];
     }
 
-    public function getResponsesIncorrectTotal()
-    {
-        $sql = "SELECT COUNT(*) from " . $this->response_question_table . " WHERE response_correct = 0";
+    public function getResponsesIncorrectTotal() {
+        $sql = "SELECT COUNT(*) from ".$this->response_question_table." WHERE response_correct = 0";
         return (int) $this->fetchOne($sql)['COUNT(*)'];
     }
 
-    public function getMCQuestionsTotal()
-    {
-        $sql = "SELECT COUNT(*) from " . $this->question_table . " WHERE question_type = 'mc'";
+    public function getMCQuestionsTotal() {
+        $sql = "SELECT COUNT(*) from ".$this->question_table." WHERE question_type = 'mc'";
         return (int) $this->fetchOne($sql)['COUNT(*)'];
     }
 
-    public function getSliderQuestionsTotal()
-    {
-        $sql = "SELECT COUNT(*) from " . $this->question_table . " WHERE question_type = 'slider'";
+    public function getSliderQuestionsTotal() {
+        $sql = "SELECT COUNT(*) from ".$this->question_table." WHERE question_type = 'slider'";
         return (int) $this->fetchOne($sql)['COUNT(*)'];
     }
 
-    public function getUniqueUsersTotal()
-    {
+    public function getUniqueUsersTotal() {
         $sql = "SELECT COUNT(DISTINCT user_id) as users
-                    FROM " . $this->response_quiz_table;
+                    FROM ".$this->response_quiz_table;
 
         return (int) $this->fetchOne($sql)['users'];
+
     }
-    public function buildWhere($params, $where = true)
-    {
+    public function buildWhere($params, $where = true) {
         $sql = '';
-        if ($where === true) {
+        if($where === true) {
             $sql = ' WHERE ';
         }
-        if (!empty($params)) {
+        if(!empty($params)) {
             $i = 1;
-            foreach ($params as $key => $val) {
-                if (is_array($val)) {
+            foreach($params as $key => $val) {
+                if(is_array($val)) {
                     // for things like 'date > :date'
-                    $sql .= $val['key'] . ' ' . $val['operator'] . ' ' . $val['val'];
+                    $sql .= $val['key'].' '.$val['operator'].' '.$val['val'];
                 } else {
-                    $sql .= $key . ' = ' . $val;
+                    $sql .= $key.' = '.$val;
                 }
-                if ($i !== count($params)) {
+                if($i !== count($params)) {
                     // not the last one, so add an AND statement
                     $where .= " AND ";
                     $i++;
@@ -204,11 +185,10 @@ public function buildWhere($params, $where = true)
      * @param $params ARRAY
      * @return ARRAY
      */
-    public function buildParams($params)
-    {
+    public function buildParams($params) {
         $bound = [];
 
-        foreach ($params as $key => $val) {
+        foreach($params as $key => $val) {
             $bound[$key] = $val;
         }
 

diff --git a/database/class-enp_quiz_save_quiz.php b/database/class-enp_quiz_save_quiz.php
@@ -387,7 +387,11 @@ protected function sanitize_array($array) {
             if (!is_array($value) && !is_object($value)) {
                 // except for question explanation, we want to keep the HTML
                 if( $key === 'question_explanation' ) {
-                    $sanitized_array[$key] = wp_kses($value, 'post');
+                    // var_dump($sanitized_array[$value]);
+                    // might need to use another means of sanitization
+                    // like wp_json_encode or something
+                    // $sanitized_array[$key] = wp_kses($value, 'post'); // original wp_kses()
+                    $sanitized_array[$key] = wp_kses_post($value); // new wp_kses_post()
                 } else {
                     $sanitized_array[$key] = sanitize_text_field($value);
                 }

diff --git a/database/class-enp_quiz_save_quiz_take_response_question.php b/database/class-enp_quiz_save_quiz_take_response_question.php
@@ -287,7 +287,7 @@ protected function update_question_response_data($response) {
         $pdo = new enp_quiz_Db();
         // setup our SQL statement variables so we don't need to have a correct query, incorrect query, and a rebuild % query. A little convoluted, but fast.
         $question_responses = 'question_responses';
-        if($response['response_correct'] === '1') {
+        if($response['response_correct'] === 1) {
             $question_response_state = 'question_responses_correct';
 
         } else {

diff --git a/includes/class-enp_embed-domain.php b/includes/class-enp_embed-domain.php
@@ -92,11 +92,7 @@ protected function set_embed_domain_object_values($embed_domain_rows) {
 
         foreach($sites as $site) {
             $site_ids[] = $site->get_embed_site_id();
-            $site_quiz_ids = $site->get_embed_site_quiz_ids();
-
-            foreach($site_quiz_ids as $quiz_id) {
-                $quiz_ids[] = $quiz_id;
-            }
+            $quiz_ids[] = $site->get_embed_site_quiz_ids();
         }
 
 

diff --git a/includes/class-enp_quiz-activator.php b/includes/class-enp_quiz-activator.php
diff --git a/includes/class-enp_quiz-deactivator.php b/includes/class-enp_quiz-deactivator.php
diff --git a/includes/class-enp_quiz-question.php b/includes/class-enp_quiz-question.php
@@ -711,9 +711,8 @@ public function get_take_question_array() {
 
     public function get_take_question_json() {
         $question = $this->get_take_question_array();
-        // Return converted json: for possible achor links in question explanation  
+        // return json_encode( $question );
         return json_encode( $question, JSON_HEX_QUOT | JSON_HEX_TAG );
-        // return json_encode( $question ); // BEFORE - Return converted json
     }
 
     /**

diff --git a/includes/class-enp_quiz.php b/includes/class-enp_quiz.php
diff --git a/includes/css-tidy/class.csstidy.php b/includes/css-tidy/class.csstidy.php
diff --git a/includes/css-tidy/class.csstidy_optimise.php b/includes/css-tidy/class.csstidy_optimise.php
diff --git a/includes/css-tidy/class.csstidy_print.php b/includes/css-tidy/class.csstidy_print.php
diff --git a/includes/css-tidy/data.inc.php b/includes/css-tidy/data.inc.php
diff --git a/includes/index.php b/includes/index.php