bug fix 4

interface/billing/edi_271.php

@@ -21,6 +21,7 @@
 require_once("$srcdir/calendar.inc");
 
 use OpenEMR\Billing\EDI270;
+use OpenEMR\Common\Crypto\CryptoGen;
 use OpenEMR\Common\Csrf\CsrfUtils;
 use OpenEMR\Core\Header;
 
@@ -40,14 +41,24 @@
     if ($_FILES['uploaded']['size'] > 350000) {
         $message .=  xlt('Your file is too large') . "<br />";
     }
-    if ($_FILES['uploaded']['type'] != "text/plain") {
+    if (mime_content_type($_FILES['uploaded']['tmp_name']) != "text/plain") {
         $message .= xlt('You may only upload .txt files') . "<br />";
     }
+    if (preg_match("/(.*)\.(inc|php|php7|php8)$/i", $_FILES['uploaded']['name']) !== 0) {
+        $message .= xlt('Invalid file type.') . "<br />";
+    }
     if (!isset($message)) {
-        $file_moved = move_uploaded_file($_FILES['uploaded']['tmp_name'], $target);
-        if ($file_moved) {
+        $cryptoGen = new CryptoGen();
+        $uploadedFile = file_get_contents($_FILES['uploaded']['tmp_name']);
+        if ($GLOBALS['drive_encryption']) {
+            $uploadedFile = $cryptoGen->encryptStandard($uploadedFile, null, 'database');
+        }
+        if (file_put_contents($target, $uploadedFile)) {
             $message = xlt('The following EDI file has been uploaded') . ': "' . text(basename($_FILES['uploaded']['name'])) . '"';
-            $Response271 = file($target);
+            $Response271 = file_get_contents($target);
+            if ($cryptoGen->cryptCheckStandard($Response271)) {
+                $Response271 = $cryptoGen->decryptStandard($Response271, null, 'database');
+            }
             if ($Response271) {
                 $batch_log = EDI270::parseEdi271($Response271);
             } else {

interface/forms/LBF/new.php

@@ -201,7 +201,7 @@ function end_row()
 }
 
 if (!$from_trend_form) {
-    $fname = $GLOBALS['OE_SITE_DIR'] . "/LBF/$formname.plugin.php";
+    $fname = $GLOBALS['OE_SITE_DIR'] . "/LBF/" . check_file_dir_name($formname) . ".plugin.php";
     if (file_exists($fname)) {
         include_once($fname);
     }

library/globals.inc.php

@@ -972,10 +972,10 @@ function gblTimeZones()
         ),
 
         'drive_encryption' => array(
-            xl('Enable Encryption of Items Stored on Drive'),
+            xl('Enable Encryption of Items Stored on Drive (Strongly recommend keeping this on)'),
             'bool',                           // data type
             '1',                              // default = true
-            xl('This will enable encryption of items that are stored on the drive.')
+            xl('This will enable encryption of items that are stored on the drive. Strongly recommend keeping this setting on for security purposes.')
         ),
 
         'couchdb_encryption' => array(