Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
commits for Rel 700 p2 (#5808) 
* Accept assign fix (#5701)

* Update Hcfa1500.php

* Update X125010837P.php

* additional CLM07 fix

* Bug fix (#5695)

* bug fix

* csrf

* modern syntax

* wrap with text() for html xss

* bring in 2023 icd10 (#5762)

* add eRx condition to primary business entity checkbox disable (#5781)

* check for allow portal in choices before displaying create creds (#5790)

* check for allow portal in choices

* styling

* Update X12Partner.class.php (#5793)

* ignore temporary css file for patch (#5814)

* fixes #5824, reorganize and simplify patient portal widget (#5825)

* fixes #5824, reorganize and simplify patient portal widget

* fixes

* better wording, remove needless else

* fix initially collapsed

* ok enough :)

* better name

* use isset() instead

* php8 fixes for batch payments (#5819)

* more php8 fixes for batch payments

* one more int cast

* broken link in search payments

* remove unused script

* merge

* merge

* invoice past encounter button Bug fix #5837 (#5840)

* edit billing note in invoice (#5843)

* fix #5849, handle all zeroes from old form_vitals date field; display date at top of table (#5850)

* handle all zeroes date plus place date at top of table

* misc php8 warning

* remove cmnt

* better conditional

* even better

* fix comment

* remove class from hidden input :)

* php8 fixes for growth chart

* play it again sam

* not needed since fixing in sql upgrade

* merge

* fixes for track anything (#5881)

* fix display and php8

* another null bites the dust

* simplify output and more php8 fixes

* fix for prior merge

Co-authored-by: surfacehazard <github@auldware.com>
Co-authored-by: Simon Quigley <squigley@altispeed.com>
Co-authored-by: Sherwin Gaddis <sherwin@affordablecustomehr.com>
  • Loading branch information
@stephenwaite @surfacehazard
@tsimonq2 @juggernautsei
4 people committed Oct 27, 2022
1 parent 5182298 commit d5eb416
Show file tree
Hide file tree
Showing 43 changed files with 609 additions and 392 deletions.
Binary file removed contrib/icd10/2022-Code Descriptions.zip
View file
Binary file not shown.
Binary file added contrib/icd10/2023 Code Descriptions in Tabular Order.zip
View file
Binary file not shown.
Binary file removed contrib/icd10/Zip File 3 2022 ICD-10-PCS Codes File.zip
View file
Binary file not shown.
Binary file added contrib/icd10/Zip File 3 2023 ICD-10-PCS Codes File.zip
View file
Binary file not shown.
33 changes: 16 additions & 17 deletions interface/billing/edit_payment.php
View file
Expand Up @@ -141,7 +141,7 @@
"'";

$where = "$where1 AND pay_amount > 0";
if (isset($_POST["Payment$CountRow"]) && $_POST["Payment$CountRow"] * 1 > 0) {
if (!empty($_POST["Payment$CountRow"])) {
if (trim($_POST['type_name']) == 'insurance') {
if (trim($_POST["HiddenIns$CountRow"]) == 1) {
$AccountCode = "IPP";
Expand Down Expand Up @@ -227,7 +227,7 @@
//==============================================================================================================================

$where = "$where1 AND (memo LIKE 'Deductable%' OR memo LIKE 'Deductible%')";
if (isset($_POST["Deductible$CountRow"]) && $_POST["Deductible$CountRow"] * 1 > 0) {
if (!empty($_POST["Deductible$CountRow"])) {
$resPayment = sqlStatement("SELECT * from ar_activity $where");
if (sqlNumRows($resPayment) > 0) {
sqlStatement("update ar_activity set deleted = NOW() $where");
Expand Down Expand Up @@ -259,7 +259,7 @@
//==============================================================================================================================

$where = "$where1 AND pay_amount < 0";
if (isset($_POST["Takeback$CountRow"]) && $_POST["Takeback$CountRow"] * 1 > 0) {
if (!empty($_POST["Takeback$CountRow"])) {
$resPayment = sqlStatement("SELECT * from ar_activity $where");
if (sqlNumRows($resPayment) > 0) {
sqlStatement("update ar_activity set deleted = NOW() $where");
Expand Down Expand Up @@ -337,7 +337,10 @@
}

if ($_REQUEST['global_amount'] == 'yes') {
sqlStatement("update ar_session set global_amount=? where session_id =?", [(isset($_POST["HidUnappliedAmount"]) ? trim($_POST["HidUnappliedAmount"]) * 1 : ''), $payment_id]);
sqlStatement(
"update ar_session set global_amount=? where session_id =?",
[(isset($_POST["HidUnappliedAmount"]) ? floatval($_POST["HidUnappliedAmount"]) : 0), $payment_id]
);
} elseif ($_REQUEST['global_reset'] == '-0.00') {
sqlStatement("update ar_session set global_amount=? where session_id =?", [0, $payment_id]);
}
Expand All @@ -354,7 +357,7 @@
//==============================================================================
//Search Code
//===============================================================================
$payment_id = ($payment_id ?? null) * 1 > 0 ? $payment_id : $_REQUEST['payment_id'];
$payment_id = !empty($payment_id) ? (int) $payment_id : (int) $_REQUEST['payment_id'];
$ResultSearchSub = sqlStatement(
"SELECT DISTINCT encounter, code_type, code, modifier, pid " .
"FROM ar_activity WHERE deleted IS NULL AND session_id = ? " .
Expand Down Expand Up @@ -625,22 +628,22 @@ function DeletePaymentDistribution(DeleteId) {//Confirms deletion of payment dis
}
?>
<?php
if ($payment_id * 1 == 0) {
if (empty($payment_id)) {
$onclick = "top.restoreSession();return SavePayment();";
} else {
$onclick = "return false;";
}
?>
<form class="form" name='new_payment' method='post' action="edit_payment.php" onsubmit='<?php echo $onclick; ?>'>
<?php
if ($payment_id * 1 > 0) { ?>
if (!empty($payment_id)) { ?>
<fieldset>
<?php
require_once("payment_master.inc.php"); //Check/cash details are entered here.
?>
<?php }//End of if($payment_id*1>0) ?>
<?php
if ($payment_id * 1 > 0) {//Distribution rows already in the database are displayed.
if (!empty($payment_id)) {//Distribution rows already in the database are displayed.
?>
<?php //
$resCount = sqlStatement(
Expand Down Expand Up @@ -884,8 +887,7 @@ function DeletePaymentDistribution(DeleteId) {//Confirms deletion of payment dis
[$payment_id, $PId, $Encounter, $Codetype, $Code, $Modifier]
);
$rowPayment = sqlFetchArray($resPayment);
$PaymentDB = $rowPayment['pay_amount'] ?? null * 1;
$PaymentDB = $PaymentDB == 0 ? '' : $PaymentDB;
$PaymentDB = floatval($rowPayment['pay_amount'] ?? null);

$resPayment = sqlStatement(
"SELECT pay_amount FROM ar_activity WHERE " .
Expand All @@ -894,8 +896,7 @@ function DeletePaymentDistribution(DeleteId) {//Confirms deletion of payment dis
[$payment_id, $PId, $Encounter, $Codetype, $Code, $Modifier]
);
$rowPayment = sqlFetchArray($resPayment);
$TakebackDB = ($rowPayment['pay_amount'] ?? null) * -1;
$TakebackDB = $TakebackDB == 0 ? '' : $TakebackDB;
$TakebackDB = floatval($rowPayment['pay_amount'] ?? null);

$resPayment = sqlStatement(
"SELECT adj_amount FROM ar_activity WHERE " .
Expand All @@ -904,8 +905,7 @@ function DeletePaymentDistribution(DeleteId) {//Confirms deletion of payment dis
[$payment_id, $PId, $Encounter, $Codetype, $Code, $Modifier]
);
$rowPayment = sqlFetchArray($resPayment);
$AdjAmountDB = $rowPayment['adj_amount'] * 1;
$AdjAmountDB = $AdjAmountDB == 0 ? '' : $AdjAmountDB;
$AdjAmountDB = floatval($rowPayment['adj_amount'] ?? null);

$resPayment = sqlStatement(
"SELECT memo FROM ar_activity WHERE " .
Expand Down Expand Up @@ -943,7 +943,6 @@ function DeletePaymentDistribution(DeleteId) {//Confirms deletion of payment dis
} else {
$AllowedDB = 0;
}
$AllowedDB = $AllowedDB === 0 ? '' : $AllowedDB;

if ($Ins == 1) {
$bgcolor = '#ddddff';
Expand Down Expand Up @@ -1072,8 +1071,8 @@ function DeletePaymentDistribution(DeleteId) {//Confirms deletion of payment dis
<input type='hidden' name='global_amount' id='global_amount' value='' />
<input type='hidden' name='DeletePaymentDistributionId' id='DeletePaymentDistributionId' value='' />
<input type="hidden" name="ActionStatus" id="ActionStatus" value="<?php echo attr($Message ?? ''); ?>" />
<input type='hidden' name='CountIndexAbove' id='CountIndexAbove' value='<?php echo attr($CountIndexAbove * 1); ?>' />
<input type='hidden' name='CountIndexBelow' id='CountIndexBelow' value='<?php echo attr($CountIndexBelow * 1); ?>' />
<input type='hidden' name='CountIndexAbove' id='CountIndexAbove' value='<?php echo (int) attr($CountIndexAbove); ?>' />
<input type='hidden' name='CountIndexBelow' id='CountIndexBelow' value='<?php echo (int) attr($CountIndexBelow); ?>' />
<input type="hidden" name="ParentPage" id="ParentPage" value="<?php echo attr($_REQUEST['ParentPage'] ?? ''); ?>" />
</div>
</form>
Expand Down
8 changes: 4 additions & 4 deletions interface/billing/payment_pat_sel.inc.php
View file
Expand Up @@ -25,7 +25,7 @@
//===============================================================================
if (isset($_POST["mode"])) {
if (
($_POST["mode"] == "search") || ($_POST["default_search_patient"] == "default_search_patient") &&
($_POST["mode"] == "search") || (($_POST["default_search_patient"] ?? null) == "default_search_patient") &&
isset($_REQUEST['hidden_patient_code']) &&
(int)$_REQUEST['hidden_patient_code'] > 0
) {
Expand All @@ -46,9 +46,9 @@
$res = sqlStatement("SELECT fname,lname,mname FROM patient_data
where pid =?", array($hidden_patient_code));
$row = sqlFetchArray($res);
$fname = $row['fname'];
$lname = $row['lname'];
$mname = $row['mname'];
$fname = $row['fname'] ?? '';
$lname = $row['lname'] ?? '';
$mname = $row['mname'] ?? '';
$NameNew = $lname . ' ' . $fname . ' ' . $mname;
}
}
Expand Down
7 changes: 1 addition & 6 deletions interface/billing/search_payments.php
View file
Expand Up @@ -533,7 +533,7 @@ function SearchPayingEntityAction() {
</td>
<td>
<!--<a class='iframe medium_modal' href="edit_payment.php?payment_id=<?php echo htmlspecialchars($RowSearch['session_id']); ?>"><?php echo $Payer == '' ? '&nbsp;' : htmlspecialchars($Payer); ?></a>-->
<a class="medium_modal" data-target="#myModal1" data-toggle="modal" onclick="loadiframe('edit_payment.php?payment_id=<?php echo attr_url($RowSearch['session_id']); ?>"><?php echo $Payer == '' ? '&nbsp;' : text($Payer); ?></a><!--link to iframe-->
<a class="medium_modal" href='edit_payment.php?payment_id=<?php echo attr_url($RowSearch['session_id']); ?>')"><?php echo $Payer == '' ? '&nbsp;' : text($Payer); ?></a><!--link to iframe-->
</td>
<td>
<a class="medium_modal" href='edit_payment.php?payment_id=<?php echo attr_url($RowSearch['session_id']); ?>'><?php echo $RowSearch['payer_id'] * 1 > 0 ? text($RowSearch['payer_id']) : '&nbsp;'; ?></a>
Expand Down Expand Up @@ -608,10 +608,5 @@ function SearchPayingEntityAction() {
</div>
</div><!--end of container div-->
<?php $oemr_ui->oeBelowContainerDiv(); ?>
<script>
function loadiframe(htmlHref) { //load iframe
document.getElementById('targetiframe1').src = htmlHref;
}
</script>
</body>
</html>
18 changes: 12 additions & 6 deletions interface/billing/sl_eob_invoice.php
View file
Expand Up @@ -69,10 +69,10 @@ function setins(istr) {
return true;
}

function goEncounterSummary(pid) {
function goEncounterSummary(e, pid) {
if(pid) {
if(typeof opener.toEncSummary === 'function') {
opener.toEncSummary(pid);
opener.toEncSummary(e, pid);
}
}
doClose();
Expand Down Expand Up @@ -295,7 +295,7 @@ function updateFields(payField, adjField, balField, coPayField, isFirstProcCode)
$payer_type = $matches[1];
}

if (!empty($_POST['form_save']) || !empty($_POST['form_cancel']) || !empty($_POST['isLastClosed'])) {
if (!empty($_POST['form_save']) || !empty($_POST['form_cancel']) || !empty($_POST['isLastClosed']) || !empty($_POST['billing_note'])) {
if (!empty($_POST['form_save'])) {
if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
CsrfUtils::csrfNotVerified();
Expand Down Expand Up @@ -426,7 +426,7 @@ function updateFields(payField, adjField, balField, coPayField, isFirstProcCode)
if (!$debug && !$save_stay && !$_POST['isLastClosed']) {
echo "doClose();\n";
}
if (!$debug && ($save_stay || $_POST['isLastClosed'])) {
if (!$debug && ($save_stay || $_POST['isLastClosed'] || $_POST['billing_note'])) {
if ($_POST['isLastClosed']) {
// save last closed level
$form_done = 0 + $_POST['form_done'];
Expand All @@ -438,6 +438,12 @@ function updateFields(payField, adjField, balField, coPayField, isFirstProcCode)
SLEOB::arSetupSecondary($patient_id, $encounter_id, $debug);
}
}

if ($_POST['billing_note']) {
// save last closed level
sqlStatement("UPDATE form_encounter SET billing_note = ? WHERE pid = ? AND encounter = ?", array($_POST['billing_note'], $patient_id, $encounter_id));
}

// will reload page w/o reposting
echo "location.replace(location)\n";
}
Expand Down Expand Up @@ -513,7 +519,7 @@ function updateFields(payField, adjField, balField, coPayField, isFirstProcCode)
<div class="form-row">
<div class="form-group col-lg">
<label class="col-form-label" for="billing_note"><?php echo xlt('Billing Note'); ?>:</label>
<textarea name="billing_note" id="billing_note" class="form-control" cols="5" rows="2" readonly><?php echo text(($pdrow['billing_note'] ?? '')) . "\n" . text(($bnrow['billing_note'] ?? '')); ?></textarea>
<textarea name="billing_note" id="billing_note" class="form-control" cols="5" rows="2"><?php echo text(($pdrow['billing_note'] ?? '')) . "\n" . text(($bnrow['billing_note'] ?? '')); ?></textarea>
</div>
</div>
<div class="form-row">
Expand Down Expand Up @@ -767,7 +773,7 @@ class="form-control"
</div>
<?php if ($from_posting) { ?>
<button type='button' class="btn btn-secondary btn-view float-right" name='form_goto' id="btn-goto"
onclick="goEncounterSummary(<?php echo attr_js($patient_id) ?>)"><?php echo xlt("Past Encounters"); ?></button>
onclick="goEncounterSummary(event, <?php echo attr_js($patient_id) ?>)"><?php echo xlt("Past Encounters"); ?></button>
<?php } ?>
</div>
</div>
Expand Down
20 changes: 6 additions & 14 deletions interface/forms/LBF/printable.php
View file
Expand Up @@ -108,15 +108,6 @@
'keep_table_proportions' => true
);
$pdf = new mPDF($config_mpdf);
$pdf->SetHTMLHeader('
<div style="text-align: right; font-weight: bold;">
' . $patientname . ' DOB: ' . oeFormatShortDate($patientdob["DOB"]) . ' DOS: ' . oeFormatShortDate($dateofservice) . '
</div>');
$pdf->SetHTMLFooter('
<div style="float: right; width:33% text-align: left;">' . oeFormatDateTime(date("Y-m-d H:i:s")) . '</div>
<div style="float: right; width:33%; text-align: center; ">{PAGENO}/{nbpg}</div>
<div style="float: right; width:33%; text-align: right; ">' . $patientname . '</div>
');
$pdf->SetDisplayMode('real');
if ($_SESSION['language_direction'] == 'rtl') {
$pdf->SetDirectionality('rtl');
Expand Down Expand Up @@ -280,13 +271,14 @@
$logo = '';
$ma_logo_path = "sites/" . $_SESSION['site_id'] . "/images/ma_logo.png";
if (is_file("$webserver_root/$ma_logo_path")) {
// Would use max-height here but html2pdf does not support it.
// TODO - now use mPDF, so should test if still need this fix
$logo = "<img src='$web_root/$ma_logo_path' style='height:" . attr(round($FONTSIZE * 5.14)) . "pt' />";
} else {
$logo = "<!-- '$ma_logo_path' does not exist. -->";
$logo = "$web_root/$ma_logo_path";
}

echo genFacilityTitle($formtitle, -1, $logo);

if ($PDF_OUTPUT) {
echo genPatientHeaderFooter($pid, $DOS = $dateofservice);
}
?>

<?php if ($isblankform) { ?>
Expand Down
11 changes: 10 additions & 1 deletion interface/forms/fee_sheet/new.php
View file
Expand Up @@ -512,7 +512,16 @@ function echoProductLines()
if ($_POST['form_checksum'] != $current_checksum) {
$alertmsg = xl('Someone else has just changed this visit. Please cancel this page and try again.');
$comment = "CHECKSUM ERROR, expecting '{$_POST['form_checksum']}'";
EventAuditLogger::instance()->newEvent("checksum", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $comment, $pid);
EventAuditLogger::instance()->newEvent(
"checksum",
$_SESSION['authUser'],
$_SESSION['authProvider'],
1,
$comment,
$pid,
'open-emr',
'fee sheet'
);
}
}

Expand Down
20 changes: 17 additions & 3 deletions interface/forms/fee_sheet/review/fee_sheet_ajax.php
View file
Expand Up @@ -14,13 +14,18 @@
require_once("fee_sheet_queries.php");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;

if (!AclMain::aclCheckCore('acct', 'bill')) {
header("HTTP/1.0 403 Forbidden");
echo "Not authorized for billing";
return false;
}

if (!CsrfUtils::verifyCsrfToken($_REQUEST["csrf_token_form"])) {
CsrfUtils::csrfNotVerified();
}

if (isset($_REQUEST['pid'])) {
$req_pid = $_REQUEST['pid'];
}
Expand Down Expand Up @@ -62,7 +67,7 @@
}

$retval['issues'] = $issues;
echo json_encode($retval);
echo text(json_encode($retval));
return;
}

Expand All @@ -73,7 +78,7 @@

$diags = array();
foreach ($json_diags as $diag) {
$diags[] = new code_info($diag->{'code'}, $diag->{'code_type'}, $diag->{'description'});
$diags[] = new code_info($diag->code, $diag->code_type, $diag->description);
}

$procs = array();
Expand All @@ -82,7 +87,16 @@
}

foreach ($json_procs as $proc) {
$procs[] = new procedure($proc->{'code'}, $proc->{'code_type'}, $proc->{'description'}, $proc->{'fee'}, $proc->{'justify'}, $proc->{'modifiers'}, $proc->{'units'}, 0);
$procs[] = new procedure(
$proc->code,
$proc->code_type,
$proc->description,
$proc->fee,
$proc->justify,
$proc->modifiers,
$proc->units,
0
);
}

$database->StartTrans();
Expand Down
6 changes: 4 additions & 2 deletions interface/forms/fee_sheet/review/fee_sheet_review_view_model.js
View file
Expand Up @@ -111,7 +111,8 @@ function request_encounter_data(model_data, mode, prev_encounter) {
pid: pid,
encounter: enc,
mode: mode,
task: "retrieve"
task: "retrieve",
csrf_token_form: csrf_token_js
};
if (prev_encounter != null) {
request.prev_encounter = prev_encounter;
Expand Down Expand Up @@ -205,7 +206,8 @@ function add_review(data, event) {
encounter: enc,
task: 'add_diags',
diags: JSON.stringify(diag_list),
procs: JSON.stringify(proc_list)
procs: JSON.stringify(proc_list),
csrf_token_form: csrf_token_js
},
function (data) {
refresh_codes();
Expand Down
7 changes: 6 additions & 1 deletion interface/forms/fee_sheet/review/initialize_review.php
View file
Expand Up @@ -12,6 +12,8 @@
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
*/

use OpenEMR\Common\Csrf\CsrfUtils;

if (!$isBilled) {
require_once("code_check.php");
?>
Expand All @@ -22,8 +24,11 @@
var review_tag = <?php echo xlj('Review'); ?>;
var justify_click_title = <?php echo xlj('Click to choose diagnoses to justify.'); ?>;
var fee_sheet_options = [];
var diag_code_types = <?php echo diag_code_types('json');?>; // This is a list of diagnosis code types to present for as options in the justify dialog, for now, only "internal codes" included.
// This is a list of diagnosis code types to present for as options in the justify dialog,
// for now, only "internal codes" included.
var diag_code_types = <?php echo diag_code_types('json');?>;
var ippf_specific = <?php echo $GLOBALS['ippf_specific'] ? 'true' : 'false'; ?>;
var csrf_token_js = <?php echo js_escape(CsrfUtils::collectCsrfToken()); ?>;
</script>
<script>
function fee_sheet_option(code,code_type,description,fee)
Expand Down
10 changes: 5 additions & 5 deletions interface/forms/track_anything/create.php
View file
Expand Up @@ -132,11 +132,11 @@
// user clicked some buttons...
$the_item = isset($_POST['typeid']) ? trim($_POST['typeid']) : '';
if ($the_item) {
$add = $_POST['add'];
$edit = $_POST['edit'];
$delete = $_POST['delete'];
$deactivate = $_POST['deact'];
$activate = $_POST['act'];
$add = $_POST['add'] ?? null;
$edit = $_POST['edit'] ?? null;
$delete = $_POST['delete'] ?? null;
$deactivate = $_POST['deact'] ?? null;
$activate = $_POST['act'] ?? null;

// add a new item to track
//------------------------
Expand Down

0 comments on commit d5eb416

Please sign in to comment.