Leaving a call to eval() with user supplied input, no matter how well filtered, seems like way too big of a risk.
Sounds like they should just not be eval()ing user input regardless of how much sanitization they throw at it.
Speaking of parsing simplicity and software design in general, you've coincidentally found a great example of how not to (ab)use OOP... one line of actual work wrapped in a dozen lines of boilerplate and replicated across multiple files with tiny variations:
To put things into perspective, a precedence-climber for 13 levels of precedence from C's grammar, including a tokeniser, fits comfortably in <300 LoC of C, the bulk of that being the tokeniser. PHP's higher level nature (especially around string handling) would probably make a corresponding implementation even smaller.
This seems to disprove that, no?
Installing and configuring your environment to your needs should be entry level stuff for a developer, so what was the point of your reply?
I’m not a PHP developer. Nice try to deflect though! You obvious have an agenda you are trying to push at all costs and don’t want to learn, so have a great day!
My partner works in higher education and they give her blank stares when she mentions how out of date they are. It's a culmination of "Not my problem" and "It works so why fix it?"
At least in the olden days, the DB migrations were not super solid, so you'd run into issues later due to that. But worse, it seems like every school has a few pet plugins that are absolute garbage but they have to have - and either aren't maintained, or have horribly broken upgrades.
And most schools started to get unhappy with moodle because it was hardly updated. IIRC they left the free moodle running at one major version and offered the service contract on the next major version up as a carrot.
I did look at putting up on my partners domain just so she's got an instance that doesn't rely on a client (she works for Universities). Last time I looked it was all "dump this .tar.gz php stuff into a directory", it was like going back ten years. No standard containers, debs, rpms, anything. Maybe I didn't look hard enough...
Drive + classroom is free as it the MS answer, I don't see moodle as a wise investment in time.
But... why? What's the practical use for such a quiz?
I never came up with anything to use that for (thankfully, since I would have gotten caught and punished). It required the person viewing to try to edit my post (which teachers could do but rarely did) and then bring up the hidden HTML editor. But it was the first time I ever found a security vulnerability and I remember it fondly.
This was over ten years ago. I hope it's been patched.