Skip to content

Commit

Permalink
bug fixins never stop (openemr#1976)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bradymiller
bradymiller authored Nov 15, 2018
1 parent 24c2d76 commit 718888c
Show file tree
Hide file tree
Showing 31 changed files with 442 additions and 677 deletions.
2 changes: 1 addition & 1 deletion contrib/forms/scanned_notes/new.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ function newEvt() {

// Process click on Delete button.
function deleteme() {
dlgopen('../../patient_file/deleter.php?formid=<?php echo $formrow['id'] ?>', '_blank', 500, 450);
dlgopen('../../patient_file/deleter.php?formid=' + <?php echo js_url($formrow['id']); ?> + '&csrf_token_form=' + <?php echo js_url(collectCsrfToken()); ?>, '_blank', 500, 450);
return false;
}

Expand Down
1 change: 1 addition & 0 deletions controllers/C_Document.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ function upload_action($patient_id, $category_id)
$this->assign("category_name", $category_name);
$this->assign("hide_encryption", $GLOBALS['hide_document_encryption']);
$this->assign("patient_id", $patient_id);
$this->assign("csrf_token_form", collectCsrfToken());

// Added by Rod to support document template download from general_upload.html.
// Cloned from similar stuff in manage_document_templates.php.
Expand Down
2 changes: 1 addition & 1 deletion interface/orders/single_order_results.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -428,7 +428,7 @@ function educlick(codetype, codevalue) {
dlgopen('<?php echo $GLOBALS['webroot']; ?>/interface/patient_file/education.php' +
'?type=' + encodeURIComponent(codetype) +
'&code=' + encodeURIComponent(codevalue) +
'&language=<?php echo attr_url($language); ?>',
'&language=' + <?php echo js_url($language); ?>,
'_blank', 1024, 750,true); // Force a new window instead of iframe to address cross site scripting potential
}

Expand Down
22 changes: 7 additions & 15 deletions interface/patient_file/addr_appt_label.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,16 @@
* Program for displaying Address Labels
* from the appointment report or the Recall Board
*
* Copyright (C) 2016 Terry Hill <[email protected]>
* The program example supplied with the Avery Label Print
* Class was used to produce this program
*
* LICENSE: This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
*
* @package OpenEMR
* @author Terry Hill <[email protected]>
* @link http://www.open-emr.org
* @package OpenEMR
* @link http://www.open-emr.org
* @author Terry Hill <[email protected]>
* @copyright 2016 Terry Hill <[email protected]>
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
*/
# I used the program example supplied with the Avery Label Print Class to produce this program


require_once("../globals.php");
Expand Down
10 changes: 5 additions & 5 deletions interface/patient_file/addr_label.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@
*
* Program for displaying Address Labels
*
* @package OpenEMR
* @link http://www.open-emr.org
* @author Terry Hill <[email protected]>
* @author Daniel Pflieger <[email protected]>
* @package OpenEMR
* @link http://www.open-emr.org
* @author Terry Hill <[email protected]>
* @author Daniel Pflieger <[email protected]>
* @copyright Copyright (c) 2014 Terry Hill <[email protected]>
* @copyright Copyright (c) 2017 Daniel Pflieger <[email protected]>
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
*/


Expand Down
25 changes: 7 additions & 18 deletions interface/patient_file/barcode_label.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,26 +5,15 @@
* Program for displaying Barcode Label
* via the popups on the left nav screen
*
* Copyright (C) 2014 Terry Hill <[email protected]>
* this is from the barcode-coder and FPDF website I used the examples and code snippets
* listed on the sites to create this program
*
* LICENSE: This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
*
* @package OpenEMR
* @author Terry Hill <[email protected]>
* @link http://www.open-emr.org
*
* this is from the barcode-coder and FPDF website I used the examples and code snippets listed on the sites
* to create this program
*
* @package OpenEMR
* @link http://www.open-emr.org
* @author Terry Hill <[email protected]>
* @copyright Copyright (c) 2014 Terry Hill <[email protected]>
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
*/


Expand Down
14 changes: 8 additions & 6 deletions interface/patient_file/ccr_import.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,17 @@
*
* Functions to upload the CCR XML and to parse and insert it into audit tables.
*
* @package OpenEMR
* @link http://www.open-emr.org
* @author Eldho Chacko <[email protected]>
* @author Ajil P M <[email protected]>
* @author Jason 'Toolbox' Oettinger <[email protected]>
* @package OpenEMR
* @link http://www.open-emr.org
* @author Eldho Chacko <[email protected]>
* @author Ajil P M <[email protected]>
* @author Jason 'Toolbox' Oettinger <[email protected]>
* @copyright Copyright (c) 2013 Z&H Consultancy Services Private Limited <[email protected]>
* @copyright Copyright (c) 2017 Jason Oettinger
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
*/


require_once(dirname(__FILE__) . "../../globals.php");

use OpenEMR\Core\Header;
Expand Down
38 changes: 15 additions & 23 deletions interface/patient_file/ccr_pending_approval.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,34 +4,26 @@
*
* Approval screen for uploaded CCR XML.
*
* Copyright (C) 2013 Z&H Consultancy Services Private Limited <[email protected]>
*
* LICENSE: This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
*
* @package OpenEMR
* @author Eldho Chacko <[email protected]>
* @author Ajil P M <[email protected]>
* @link http://www.open-emr.org
* @package OpenEMR
* @link http://www.open-emr.org
* @author Eldho Chacko <[email protected]>
* @author Ajil P M <[email protected]>
* @copyright Copyright (c) 2013 Z&H Consultancy Services Private Limited <[email protected]>
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
*/



require_once(dirname(__FILE__) . "/../globals.php");
require_once(dirname(__FILE__) . "/../../library/options.inc.php");
require_once(dirname(__FILE__) . "/../../library/patient.inc");
require_once(dirname(__FILE__) . "/../../library/parse_patient_xml.php");

if ($_REQUEST['approve'] == 1) {
insert_patient($_REQUEST['am_id']);
if ($_GET['approve'] == 1) {
if (!verifyCsrfToken($_GET["csrf_token_form"])) {
csrfNotVerified();
}

insert_patient($_GET['am_id']);
?>
<html>
<head>
Expand Down Expand Up @@ -125,7 +117,7 @@

</style>
<script type="text/javascript" >

</script>
</head>
<body class="body_top" >
Expand Down Expand Up @@ -172,7 +164,7 @@
<?php echo xlt('Yes'); ?>
</td>
<td align="center" >
<a href="ccr_review_approve.php?revandapprove=1&amid=<?php echo attr($res['amid']); ?>&pid=<?php echo attr($dup_res['pid']); ?>" class="button-link" onclick="top.restoreSession()" ><?php echo xlt('Review & Approve'); ?></a>
<a href="ccr_review_approve.php?revandapprove=1&amid=<?php echo attr_url($res['amid']); ?>&pid=<?php echo attr_url($dup_res['pid']); ?>&csrf_token_form=<?php echo attr_url(collectCsrfToken()); ?>" class="button-link" onclick="top.restoreSession()" ><?php echo xlt('Review & Approve'); ?></a>
</td>
<?php
} else {
Expand All @@ -181,7 +173,7 @@
<?php echo xlt('No'); ?>
</td>
<td align="center" >
<a href="ccr_pending_approval.php?approve=1&am_id=<?php echo attr($res['amid']); ?>" class="button-link" onclick="top.restoreSession()" ><?php echo xlt('Approve'); ?></a>
<a href="ccr_pending_approval.php?approve=1&am_id=<?php echo attr_url($res['amid']); ?>&csrf_token_form=<?php echo attr_url(collectCsrfToken()); ?>" class="button-link" onclick="top.restoreSession()" ><?php echo xlt('Approve'); ?></a>
</td>
<?php
}
Expand Down
63 changes: 32 additions & 31 deletions interface/patient_file/ccr_review_approve.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,15 @@
*
* Approval screen for uploaded CCR XML.
*
* Copyright (C) 2013 Z&H Consultancy Services Private Limited <[email protected]>
*
* LICENSE: This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
*
* @package OpenEMR
* @author Eldho Chacko <[email protected]>
* @author Ajil P M <[email protected]>
* @link http://www.open-emr.org
* @package OpenEMR
* @link http://www.open-emr.org
* @author Eldho Chacko <[email protected]>
* @author Ajil P M <[email protected]>
* @copyright Copyright (c) 2013 Z&H Consultancy Services Private Limited <[email protected]>
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
*/



require_once(dirname(__FILE__) . "/../globals.php");
require_once(dirname(__FILE__) . "/../../library/parse_patient_xml.php");

Expand All @@ -38,6 +26,10 @@
);

if ($_POST["setval"] == 'approve') {
if (!verifyCsrfToken($_POST["csrf_token_form"])) {
csrfNotVerified();
}

insertApprovedData($_REQUEST);
$query = "UPDATE audit_master SET approval_status = '2' WHERE id=?";
sqlQuery($query, array($_REQUEST['amid']));
Expand All @@ -54,6 +46,10 @@
<?php
exit;
} elseif ($_POST["setval"] == 'discard') {
if (!verifyCsrfToken($_POST["csrf_token_form"])) {
csrfNotVerified();
}

$query = "UPDATE audit_master SET approval_status = '3' WHERE id=?";
sqlQuery($query, array($_REQUEST['amid']));
?>
Expand All @@ -70,6 +66,10 @@
exit;
}

if (!verifyCsrfToken($_GET["csrf_token_form"])) {
csrfNotVerified();
}

?>
<html>
<head>
Expand Down Expand Up @@ -118,6 +118,7 @@ function submit_form(val){
<p><b><?php echo xlt('CCR Patient Review');?></b></p>
</center>
<form method="post" name="approveform" "onsubmit='return top.restoreSession()'" >
<input type="hidden" name="csrf_token_form" value="<?php echo attr(collectCsrfToken()); ?>" />
<table border="0" width="90%;" >
<tr>
<td>
Expand All @@ -135,21 +136,21 @@ function submit_form(val){
while ($res_pd = sqlFetchArray($query_pd)) {
if ($res_pd['field_name'] != 'lname' && $res_pd['field_name'] != 'fname' && $res_pd['field_name'] != 'DOB') {
$i++;
$query_oldpd = sqlQuery("SELECT ".$res_pd['field_name']." AS val FROM patient_data WHERE pid = ?", array($_REQUEST['pid']));
$query_oldpd = sqlQuery("SELECT " . escape_sql_column_name($res_pd['field_name'], array("patient_data")) . " AS val FROM patient_data WHERE pid = ?", array($_REQUEST['pid']));
if ($res_pd['field_name'] == 'sex') {
echo "<td>" . ($patient_data[$res_pd['field_name']] ? text($patient_data[$res_pd['field_name']]): text($res_pd['field_name'])) . "</td>" .
"<td><select name='" . $res_pd['table_name'] . "-" . $res_pd['field_name'] . "' style='width:150px;' >" .
"<td><select name='" . attr($res_pd['table_name']) . "-" . attr($res_pd['field_name']) . "' style='width:150px;' >" .
"<option value='Male' " . ($res_pd['field_value'] == 'Male' ? 'selected' : '' ) . " >" . xlt('Male') . "</option>" .
"<option value='Female' ".($res_pd['field_value'] == 'Female' ? 'selected' : '' )." >".xlt('Female')."</option></select>" .
"<option value='Female' " . ($res_pd['field_value'] == 'Female' ? 'selected' : '' ) . " >" . xlt('Female') . "</option></select>" .
"<span style='color:red;padding-left:25px;' >" . text($query_oldpd['val']) . "</span></td>" .
"<td><select name='" . $res_pd['table_name'] . "-" . $res_pd['field_name'] . "-sel'>" .
"<td><select name='" . attr($res_pd['table_name']) . "-" . attr($res_pd['field_name']) . "-sel'>" .
"<option value='ignore' >" . xlt('Ignore') . "</option> " .
"<option value='update' >" . xlt('Update') . "</option></select></td>";
} else {
echo "<td>" . ($patient_data[$res_pd['field_name']] ? text($patient_data[$res_pd['field_name']]): text($res_pd['field_name'])) . "</td>" .
"<td><input type='text' name='" . $res_pd['table_name'] . "-" . $res_pd['field_name'] . "' value='" . attr($res_pd['field_value']) . "' >" .
"<td><input type='text' name='" . attr($res_pd['table_name']) . "-" . attr($res_pd['field_name']) . "' value='" . attr($res_pd['field_value']) . "' >" .
"<span style='color:red;padding-left:25px;' >" . text($query_oldpd['val']) . "</span></td>" .
"<td><select name='" . $res_pd['table_name'] . "-" . $res_pd['field_name'] . "-sel' >" .
"<td><select name='" . attr($res_pd['table_name']) . "-" . attr($res_pd['field_name']) . "-sel' >" .
"<option value='ignore' >" . xlt('Ignore') . "</option><option value='update' >" . xlt('Update') . "</option></select></td>";
}

Expand Down Expand Up @@ -210,11 +211,11 @@ function submit_form(val){

if (in_array($res_existing_prob['diagnosis'], $aud_res['lists1'][$k])) {
$set = 1;
echo "<tr class='$class' ><td>" . xlt('Title') . "</td><td><input type='text' name='lists1-title[]' value='' ></td>" .
echo "<tr class='" . attr($class) . "' ><td>" . xlt('Title') . "</td><td><input type='text' name='lists1-title[]' value='' ></td>" .
"<td>" . xlt('Code') . "</td>" .
"<td><input type='text' name='lists1-diagnosis[]' value='" . attr($aud_res['lists1'][$k]['diagnosis']) . "' >" .
"<input type='hidden' name='lists1-old-diagnosis[]' value='" . attr($res_existing_prob['diagnosis']) . "' ></td>" .
"<td>" . xlt('Status') . "</td><td><input type='text' name='lists1-activity[]' value='" . $activity . "' ></td>" .
"<td>" . xlt('Status') . "</td><td><input type='text' name='lists1-activity[]' value='" . attr($activity) . "' ></td>" .
"<td rowspan='2' ><select name='lists1-sel[]'><option value='ignore' >" . xlt('Ignore') . "</option>" .
"<option value='update' >" . xlt('Update') . "</option></select></td></tr>" .
"<tr style='color:red' ><td>&nbsp;</td><td>" . text($res_existing_prob['title']) . "</td><td>&nbsp;</td>" .
Expand Down Expand Up @@ -242,7 +243,7 @@ function submit_form(val){

echo "<tr><td>" . xlt('Title') . "</td><td><input type='text' name='lists1-title[]' value='' ></td>" .
"<td>" . xlt('Code') . "</td><td><input type='text' name='lists1-diagnosis[]' value='" . attr($val['diagnosis']) . "' ></td>" .
"<td>" . xlt('Status') . "</td><td><input type='text' name='lists1-activity[]' value='" . $activity . "' ></td>" .
"<td>" . xlt('Status') . "</td><td><input type='text' name='lists1-activity[]' value='" . attr($activity) . "' ></td>" .
"<td><select name='lists1-sel[]'><option value='ignore' >" . xlt('Ignore') . "</option>" .
"<option value='insert' >" . xlt('Insert') . "</option></select></td></tr>";
}
Expand Down Expand Up @@ -352,7 +353,7 @@ function submit_form(val){

echo "<tr><td>" . xlt('Name') . "</td><td><input type='text' name='prescriptions-drug[]' value='" . attr($val['drug']) . "' ></td>" .
"<td>" . xlt('Date') . "</td><td><input type='text' name='prescriptions-date_added[]' value='" . attr($val['date_added']) . "' ></td>" .
"<td>" . xlt('Status') . "</td><td><input type='text' name='prescriptions-active[]' value='" . $activity . "' ></td><td rowspan='2' >" .
"<td>" . xlt('Status') . "</td><td><input type='text' name='prescriptions-active[]' value='" . attr($activity) . "' ></td><td rowspan='2' >" .
"<select name='prescriptions-sel[]'><option value='ignore' >" . xlt('Ignore') . "</option>" .
"<option value='insert' >" . xlt('Insert') . "</option></select></td></tr><tr><td>" . xlt('Form') . "</td>" .
"<td><input type='text' size='8' name='prescriptions-form[]' value='" . attr($val['form']) . "' >" .
Expand Down Expand Up @@ -455,12 +456,12 @@ function submit_form(val){
</tr>
<tr>
<td align="center" >
<input type="button" name="approve" value="<?php echo xlt('Approve'); ?>" onclick="top.restoreSession();submit_form('approve');" >
<input type="button" name="discard" value="<?php echo xlt('Discard'); ?>" onclick="top.restoreSession();submit_form('discard');" >
<input type="button" name="approve" value="<?php echo xla('Approve'); ?>" onclick="top.restoreSession();submit_form('approve');" >
<input type="button" name="discard" value="<?php echo xla('Discard'); ?>" onclick="top.restoreSession();submit_form('discard');" >
<?php
$aud_res = createAuditArray($_REQUEST['amid'], 'documents');
?>
<input type="hidden" name="doc_id" id="doc_id" value="<?php echo $aud_res['documents']['']['id']; ?>" >
<input type="hidden" name="doc_id" id="doc_id" value="<?php echo attr($aud_res['documents']['']['id']); ?>" >
<input type="hidden" name="setval" id="setval" value="" >
</td>
</tr>
Expand Down
Loading

0 comments on commit 718888c

Please sign in to comment.