Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-33932

Multiple choice question submission in feedback module is not cleaned properly

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.0.10, 2.1.7, 2.2.4, 2.3.1
    • 2.0.9, 2.1.6, 2.2.3, 2.3
    • Feedback
    • None
    • MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • MDL-33932_master
    • Hide
      1. Create a new feedback, add a few questions to it
      2. Create a multiple choice question with multiple answer allowed and 5 possible answers
      3. As a student go to answer the questions
      4. Use the firebug inspector to change the value of the input type checkbox tags
      5. Set the same (existing value) for 4 of them
      6. Don't change the value for the 5th one
      7. Submit your form
      8. As an admin, check the submission
      9. Check the analysis page, the percentages should be correct calculated
      Show
      Create a new feedback, add a few questions to it Create a multiple choice question with multiple answer allowed and 5 possible answers As a student go to answer the questions Use the firebug inspector to change the value of the input type checkbox tags Set the same (existing value) for 4 of them Don't change the value for the 5th one Submit your form As an admin, check the submission Check the analysis page, the percentages should be correct calculated

      While testing MDL-27675, I discovered that multiple same results could be injected via a multiple choice question with multiple anwsers, which leads to wrong statistics.

      1. Create a new feedback, add a few questions to it
      2. Create a multiple choice question with multiple answer allowed and 5 possible answers
      3. As a student go to answer the questions
      4. Use the inspector to change the value of the input type checkbox tags
      5. Set the same (existing value) for 4 of them
      6. Don't change the value for the 5th one
      7. Submit your form
      8. As an admin, check the submission, everything is correct, only two different answers appear
      9. On the analysis page, the data are wrong, the percentages exceed 100% for the hacked question

      Expected:

      • The analysis page does not exceed 100% per possible answer

      The fix must be an array_unique() or equivalent on the values gathered.

            grabs Andreas Grabs
            fred Frédéric Massart
            Sam Hemelryk Sam Hemelryk
            Frédéric Massart Frédéric Massart
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.