fix bug for sending documents and bug in ins search (#5015)

* add require, remove parens in button * fix ins search bugs * bug and php8 fix * Revert "bug and php8 fix" This reverts commit cebc202. * bug fix * simplify
openemr · Mar 23, 2022 · 89a299c · 89a299c
1 parent 5f88d86
commit 89a299c
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 45 deletions.
diff --git a/controllers/C_Document.class.php b/controllers/C_Document.class.php
@@ -11,6 +11,7 @@
  */
 
 require_once(__DIR__ . "/../library/forms.inc");
+require_once(__DIR__ . "/../library/patient.inc");
 
 use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Common\Crypto\CryptoGen;

diff --git a/interface/billing/get_claim_file.php b/interface/billing/get_claim_file.php
@@ -6,7 +6,9 @@
  * @package   OpenEMR
  * @link      http://www.open-emr.org
  * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @author    Ken Chapple <ken@mi-squared.com>
  * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2021 Ken Chapple <ken@mi-squared.com>
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
@@ -22,7 +24,7 @@
 $content_type = "text/plain";
 
 // The key contains the filename
-$fname = $_GET['key'];
+$fname = convert_safe_file_dir_name($_GET['key']);
 
 // Because of the way the billing tables are constructed (as of 2021)
 // We may not know exactly where the file is, so we need to try a couple
@@ -68,9 +70,6 @@
 
 if ($claim_file_found === false) {
     $claim_file_dir = $GLOBALS['OE_SITE_DIR'] . "/documents/edi/";
-    $fname = preg_replace("[/]", "", $fname);
-    $fname = preg_replace("[\.\.]", "", $fname);
-    $fname = preg_replace("[\\\\]", "", $fname);
 }
 
 $fname = $claim_file_dir . $fname;

diff --git a/interface/practice/ins_search.php b/interface/practice/ins_search.php
@@ -130,7 +130,7 @@ function validate(f) {
 <?php
  // If we are saving, then save and close the window.
  //
-if ($_POST['form_save']) {
+if ($_POST['form_save'] ?? '') {
     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
         CsrfUtils::csrfNotVerified();
     }
@@ -150,41 +150,37 @@ function validate(f) {
                 'ins_type_code' => $_POST['form_ins_type_code'],
                 'x12_receiver_id' => $_POST['form_partner'],
                 'x12_default_parter_id' => $_POST['form_partner'],
-                'alt_cms_id' => null
+                'alt_cms_id' => null,
+                'line1' => $_POST['form_addr1'],
+                'line2' => $_POST['form_addr2'],
+                'city' => $_POST['form_city'],
+                'state' => $_POST['form_state'],
+                'zip' => $_POST['form_zip'],
+                'country' => $_POST['form_country'],
+                'foreign_id' => $ins_id
             )
         );
 
-        sqlStatement("INSERT INTO addresses ( " .
-        "id, line1, line2, city, state, zip, country, foreign_id " .
-        ") VALUES ( " .
-        "'" . add_escape_custom(generate_id())          . "', " .
-        "'" . add_escape_custom($_POST['form_addr1'])   . "', " .
-        "'" . add_escape_custom($_POST['form_addr2'])   . "', " .
-        "'" . add_escape_custom($_POST['form_city'])    . "', " .
-        "'" . add_escape_custom($_POST['form_state'])   . "', " .
-        "'" . add_escape_custom($_POST['form_zip'])     . "', " .
-        "'" . add_escape_custom($_POST['form_country']) . "', " .
-        "'" . add_escape_custom($ins_id)                . "' " .
-        ")");
-
         $phone_parts = array();
         preg_match(
             "/(\d\d\d)\D*(\d\d\d)\D*(\d\d\d\d)/",
             $_POST['form_phone'],
             $phone_parts
         );
 
-        sqlStatement("INSERT INTO phone_numbers ( " .
-        "id, country_code, area_code, prefix, number, type, foreign_id " .
-        ") VALUES ( " .
-        "'" . add_escape_custom(generate_id())   . "', " .
-        "'+1'"                . ", "  .
-        "'" . add_escape_custom($phone_parts[1]) . "', " .
-        "'" . add_escape_custom($phone_parts[2]) . "', " .
-        "'" . add_escape_custom($phone_parts[3]) . "', " .
-        "'2'"                 . ", "  .
-        "'" . add_escape_custom($ins_id)         . "' "  .
-        ")");
+        if (!empty($phone_parts)) {
+            sqlStatement("INSERT INTO phone_numbers ( " .
+            "id, country_code, area_code, prefix, number, type, foreign_id " .
+            ") VALUES ( " .
+            "'" . add_escape_custom(generate_id())   . "', " .
+            "'+1'"                . ", "  .
+            "'" . add_escape_custom($phone_parts[1] ?? '') . "', " .
+            "'" . add_escape_custom($phone_parts[2] ?? '') . "', " .
+            "'" . add_escape_custom($phone_parts[3] ?? '') . "', " .
+            "'2'"                 . ", "  .
+            "'" . add_escape_custom($ins_id)         . "' "  .
+            ")");
+        }
     }
 
   // Close this window and tell our opener to select the new company.

diff --git a/src/Services/AddressService.php b/src/Services/AddressService.php
@@ -16,7 +16,7 @@
 
 use Particle\Validator\Validator;
 
-class AddressService
+class AddressService extends BaseService
 {
     public function __construct()
     {
@@ -62,17 +62,9 @@ public function getAddressFromRecordAsString(array $addressRecord)
         return implode("", $address);
     }
 
-
-    public function getFreshId()
-    {
-        $id = sqlQuery("SELECT MAX(id)+1 AS id FROM addresses");
-
-        return $id['id'];
-    }
-
     public function insert($data, $foreignId)
     {
-        $freshId = $this->getFreshId();
+        $freshId = $this->getFreshId("id", "addresses");
 
         $addressesSql  = " INSERT INTO addresses SET";
         $addressesSql .= "     id=?,";

diff --git a/src/Services/InsuranceCompanyService.php b/src/Services/InsuranceCompanyService.php
@@ -29,8 +29,8 @@ class InsuranceCompanyService extends BaseService
     private const INSURANCE_TABLE = "insurance_companies";
     private $insuranceValidator;
     private $addressService = null;
-    const TYPE_FAX = 5;
-    const TYPE_WORK = 2;
+    public const TYPE_FAX = 5;
+    public const TYPE_WORK = 2;
 
 
     /**
@@ -235,7 +235,7 @@ public function insert($data)
                 $data["cms_id"],
                 $data["ins_type_code"],
                 $data["x12_receiver_id"],
-                $data["x12_default_partner_id"],
+                $data["x12_default_partner_id"] ?? '',
                 $data["alt_cms_id"]
             )
         );

diff --git a/templates/documents/general_view.html b/templates/documents/general_view.html
@@ -227,11 +227,11 @@ <h4>{$file->get_name()|text}
               <strong>{xlt t='Notes'}</strong>
             </div>
             <div class="float-none form-inline">
-              <a class="btn btn-primary btn-sm" href="javascript:;" onclick="document.notes.identifier.value='no';document.forms['notes'].submit();">({xlt t='Add Note'})</a>
+              <a class="btn btn-primary btn-sm" href="javascript:;" onclick="document.notes.identifier.value='no';document.forms['notes'].submit();">{xlt t='Add Note'}</a>
               &nbsp;&nbsp;&nbsp;<strong>{xlt t='Email'}</strong>&nbsp;
               <input type="text" class="form-control" size="25" name="provide_email" id="provide_email" />
               <input type="hidden" name="identifier" id="identifier" />
-              <a class="btn btn-primary btn-sm" href="javascript:;" onclick="javascript:document.notes.identifier.value='yes';document.forms['notes'].submit();">({xlt t='Send'})</a>
+              <a class="btn btn-primary btn-sm" href="javascript:;" onclick="javascript:document.notes.identifier.value='yes';document.forms['notes'].submit();">{xlt t='Send'}</a>
             </div>
             <div>
               <textarea cols="53" rows="8" wrap="virtual" name="note" class="form-control w-100"></textarea><br />