Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-33932

Multiple choice question submission in feedback module is not cleaned properly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.9, 2.1.6, 2.2.3, 2.3
    • Fix Version/s: 2.0.10, 2.1.7, 2.2.4, 2.3.1
    • Component/s: Feedback
    • Labels:
      None
    • Testing Instructions:
      Hide
      1. Create a new feedback, add a few questions to it
      2. Create a multiple choice question with multiple answer allowed and 5 possible answers
      3. As a student go to answer the questions
      4. Use the firebug inspector to change the value of the input type checkbox tags
      5. Set the same (existing value) for 4 of them
      6. Don't change the value for the 5th one
      7. Submit your form
      8. As an admin, check the submission
      9. Check the analysis page, the percentages should be correct calculated
      Show
      Create a new feedback, add a few questions to it Create a multiple choice question with multiple answer allowed and 5 possible answers As a student go to answer the questions Use the firebug inspector to change the value of the input type checkbox tags Set the same (existing value) for 4 of them Don't change the value for the 5th one Submit your form As an admin, check the submission Check the analysis page, the percentages should be correct calculated
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-33932_master

      Description

      While testing MDL-27675, I discovered that multiple same results could be injected via a multiple choice question with multiple anwsers, which leads to wrong statistics.

      1. Create a new feedback, add a few questions to it
      2. Create a multiple choice question with multiple answer allowed and 5 possible answers
      3. As a student go to answer the questions
      4. Use the inspector to change the value of the input type checkbox tags
      5. Set the same (existing value) for 4 of them
      6. Don't change the value for the 5th one
      7. Submit your form
      8. As an admin, check the submission, everything is correct, only two different answers appear
      9. On the analysis page, the data are wrong, the percentages exceed 100% for the hacked question

      Expected:

      • The analysis page does not exceed 100% per possible answer

      The fix must be an array_unique() or equivalent on the values gathered.

        Attachments

          Activity

            People

            • Assignee:
              grabs Andreas Grabs
              Reporter:
              fred Frédéric Massart
              Integrator:
              Sam Hemelryk
              Tester:
              Frédéric Massart
              Participants:
              Component watchers:
              Amaia Anabitarte, Bas Brands, Carlos Escobedo, Sara Arjona (@sarjona), Víctor Déniz Falcón
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Jul/12