diff --git a/interface.php b/interface.php
index 68c34a9..7dfdd8d 100644
--- a/interface.php
+++ b/interface.php
@@ -18,6 +18,16 @@ require_once "groupmgr.php";
 require_once "gamemgr.php";
 require_once "testmgr.php";
 
+function patch_through_image(string $gameid, string $img_url)
+{
+    $game_dir = get_game_dir_by_gameid($gameid);
+    $image_fetch_url = $game_dir . DIRECTORY_SEPARATOR . $img_url;
+
+    $img_fp = fopen($image_fetch_url, "r");
+    fpassthru($img_fp);
+    fclose($img_fp);
+}
+
 $action = $_REQUEST["action"];
 
 $result = "";
@@ -114,7 +124,7 @@ switch ($action) {
 // test-related queries
 if (isset($_REQUEST["testid"]) && (($testid = trim($_REQUEST["testid"])) !== "") &&
     ((count($test_data = get_test($testid))) > 0) &&
-    (($test_data["nickname"] === $nickname) || $is_quizmaster)) {
+    (($test_data["nickname"] === $nickname) || $is_quizmaster || is_user_contributor_to_game($test_data["gameid"], $nickname))) {
 
     // update the test if timed
     update_timed_tests([$test_data]);
@@ -132,12 +142,7 @@ if (isset($_REQUEST["testid"]) && (($testid = trim($_REQUEST["testid"])) !== "")
                 $img_url = trim($_REQUEST["image_url"] ?: "");
                 if ($img_url !== "") {
                     $gameid = $test_data["gameid"];
-                    $game_dir = get_game_dir_by_gameid($gameid);
-                    $image_fetch_url = $game_dir . DIRECTORY_SEPARATOR . $img_url;
-
-                    $img_fp = fopen($image_fetch_url, "r");
-                    fpassthru($img_fp);
-                    fclose($img_fp);
+                    patch_through_image($gameid, $img_url);
                 }
             }
             break;
@@ -331,6 +336,14 @@ switch ($action) {
             $result = json_encode($stats);
         }
         break;
+
+    case "get_image":
+        {
+            $gameid = trim($_REQUEST["gameid"] ?: "");
+            $img_url = trim($_REQUEST["img_url"] ?: "");
+            patch_through_image($gameid, $img_url);
+        }
+        break;
 }
 
 // quizmaster actions
diff --git a/js/result_analyzer.js b/js/result_analyzer.js
index b34efab..5044709 100644
--- a/js/result_analyzer.js
+++ b/js/result_analyzer.js
@@ -110,7 +110,7 @@ function generate_report() {
                 let img_url = challenge["image_url"];
                 if (img_url !== "") {
                     let fig = document.createElement("img");
-                    fig.src = img_url;
+                    fig.src = `interface.php?action=get_image&gameid=${GAMEID}&img_url=${challenge["image_url"]}`;
                     fig.classList.add("question-image");
                     challenge_box.append(fig);
                 }
diff --git a/testground.php b/testground.php
index 7390347..6df803a 100644
--- a/testground.php
+++ b/testground.php
@@ -9,7 +9,7 @@ if (!get_autologin_state() || !isset($_REQUEST["testid"])) {
 }
 
 $testid = trim($_REQUEST["testid"] ?: "");
-$view_only = trim($_REQUEST["view_only"] ?: "false") === "true" ? "true" : "false";
+$view_only = trim($_REQUEST["view_only"] ?: "false") === "true" ? true : false;
 
 if ($testid === "") {
     exit();