diff --git a/interface/patient_file/summary/demographics.php b/interface/patient_file/summary/demographics.php index 46710771e56..daeeb915ea5 100644 --- a/interface/patient_file/summary/demographics.php +++ b/interface/patient_file/summary/demographics.php @@ -4,6 +4,14 @@ // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// + require_once("../../globals.php"); require_once("$srcdir/patient.inc"); require_once("$srcdir/acl.inc"); @@ -56,7 +64,7 @@ function print_as_money($money) { } //Visolve - sync the radio buttons - End - var mypcc = ''; + var mypcc = ''; function oldEvt(eventid) { dlgopen('../../main/calendar/add_edit_event.php?eid=' + eventid, '_blank', 550, 270); @@ -73,7 +81,7 @@ function refreshme() { // Process click on Delete link. function deleteme() { - dlgopen('../deleter.php?patient=', '_blank', 500, 450); + dlgopen('../deleter.php?patient=', '_blank', 500, 450); return false; } @@ -93,11 +101,11 @@ function validate() { if ($GLOBALS['athletic_team']) { echo " if (f.form_userdate1.value != f.form_original_userdate1.value) {\n"; $irow = sqlQuery("SELECT id, title FROM lists WHERE " . - "pid = '$pid' AND enddate IS NULL ORDER BY begdate DESC LIMIT 1"); + "pid = ? AND enddate IS NULL ORDER BY begdate DESC LIMIT 1", array($pid)); if (!empty($irow)) { ?> - if (confirm('Do you wish to also set this new return date in the issue titled ""?')) { - f.form_issue_id.value = ''; + if (confirm('Do you wish to also set this new return date in the issue titled ""?')) { + f.form_issue_id.value = ''; } else { alert('OK, you will need to manually update the return date in any affected issue(s).'); } @@ -112,7 +120,7 @@ function validate() { } function newEvt() { - dlgopen('../../main/calendar/add_edit_event.php?patientid=', '_blank', 550, 270); + dlgopen('../../main/calendar/add_edit_event.php?patientid=', '_blank', 550, 270); return false; } @@ -130,11 +138,11 @@ function sendimage(pid, what) { function toggle( target, div ) { $mode = $(target).find(".indicator").text(); - if ( $mode == "" ) { - $(target).find(".indicator").text( "" ); + if ( $mode == "" ) { + $(target).find(".indicator").text( "" ); $(div).hide(); } else { - $(target).find(".indicator").text( "" ); + $(target).find(".indicator").text( "" ); $(div).show(); } @@ -225,7 +233,7 @@ function toggle( target, div ) { } if (!$thisauth) { - echo "
(" . xl('Demographics not authorized') . ")
\n"; + echo "(" . htmlspecialchars(xl('Demographics not authorized'),ENT_NOQUOTES) . ")
\n"; echo "