From 106ade52561411736ce4250d0fc583be2a4feb4d Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Mon, 27 Aug 2018 09:28:21 +0200
Subject: [PATCH] Fix hotspot edition BT#14770

- Restore code previously removed
---
 main/exercise/admin.php             | 15 +++++++++++++++
 main/exercise/hotspot_admin.inc.php |  7 +++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/main/exercise/admin.php b/main/exercise/admin.php
index fc8a2c601d..14bc37cce0 100755
--- a/main/exercise/admin.php
+++ b/main/exercise/admin.php
@@ -64,6 +64,20 @@ if (empty($exerciseId)) {
     $exerciseId = isset($_GET['exerciseId']) ? intval($_GET['exerciseId']) : '0';
 }
 
+/*  stripslashes POST data  */
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+    foreach ($_POST as $key => $val) {
+        if (is_string($val)) {
+            $_POST[$key] = stripslashes($val);
+        } elseif (is_array($val)) {
+            foreach ($val as $key2 => $val2) {
+                $_POST[$key][$key2] = stripslashes($val2);
+            }
+        }
+        $GLOBALS[$key] = $_POST[$key];
+    }
+}
+
 $newQuestion = isset($_GET['newQuestion']) ? $_GET['newQuestion'] : 0;
 
 if (empty($modifyAnswers)) {
@@ -293,6 +307,7 @@ if ($modifyIn == 'thisExercise') {
         $modifyIn = 'allExercises';
     }
 }
+
 $htmlHeadXtra[] = api_get_js('jqueryui-touch-punch/jquery.ui.touch-punch.min.js');
 $htmlHeadXtra[] = api_get_js('jquery.jsPlumb.all.js');
 
diff --git a/main/exercise/hotspot_admin.inc.php b/main/exercise/hotspot_admin.inc.php
index b8e6d617fa..d162f03e10 100755
--- a/main/exercise/hotspot_admin.inc.php
+++ b/main/exercise/hotspot_admin.inc.php
@@ -11,7 +11,7 @@ use ChamiloSession as Session;
  *
  * @author Toon Keppens
  */
-$modifyAnswers = intval($_GET['hotspotadmin']);
+$modifyAnswers = (int) $_GET['hotspotadmin'];
 
 if (!is_object($objQuestion)) {
     $objQuestion = Question::read($modifyAnswers);
@@ -30,7 +30,7 @@ if ($modifyIn) {
         echo '$modifyIn was set'."<br />\n";
     }
     // if the user has chosen to modify the question only in the current exercise
-    if ($modifyIn == 'thisExercise') {
+    if ($modifyIn === 'thisExercise') {
         // duplicates the question
         $questionId = $objQuestion->duplicate();
 
@@ -71,14 +71,13 @@ $hotspot_admin_url = api_get_path(WEB_CODE_PATH).'exercise/admin.php?'.api_get_c
 // the answer form has been submitted
 $submitAnswers = isset($_POST['submitAnswers']) ? true : false;
 $buttonBack = isset($_POST['buttonBack']) ? true : false;
-$nbrAnswers = isset($_POST['nbrAnswers']) ? intval($_POST['nbrAnswers']) : 0;
+$nbrAnswers = isset($_POST['nbrAnswers']) ? (int) $_POST['nbrAnswers'] : 0;
 
 if ($submitAnswers || $buttonBack) {
     if ($answerType == HOT_SPOT) {
         if ($debug > 0) {
             echo '$submitAnswers or $buttonBack was set'."<br />\n";
         }
-
         $questionWeighting = $nbrGoodAnswers = 0;
         for ($i = 1; $i <= $nbrAnswers; $i++) {
             if ($debug > 0) {