Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Second merge from Julia Longtin repository

  • Loading branch information...
commit e392ac69977d0fd8e7e592a6d876c0724e107059 2 parents 9d857dc + c0f4842
@bradymiller bradymiller authored
View
46 gacl/gacl.class.php
@@ -234,18 +234,21 @@ function debug_db($function_name = '') {
}
/**
- * Wraps the actual acl_query() function.
+ *
+ * Check if the current user has a given type or types of access to an access control object.
*
- * It is simply here to return TRUE/FALSE accordingly.
- * @param string The ACO section value
- * @param string The ACO value
- * @param string The ARO section value
- * @param string The ARO section
- * @param string The AXO section value (optional)
- * @param string The AXO section value (optional)
- * @param integer The group id of the ARO ??Mike?? (optional)
- * @param integer The group id of the AXO ??Mike?? (optional)
- * @return boolean TRUE if the check succeeds, false if not.
+ * Implemented as a wrapper of acl_query().
+ * This function exists simply to return TRUE/FALSE accordingly.
+ *
+ * @param string $aco_section_value The ACO section value
+ * @param string $aco_value The ACO value
+ * @param string $aro_section_value The ARO section value
+ * @param string $aro_value The ARO value
+ * @param string $axo_section_value The AXO section value (optional)
+ * @param string $axo_value The AXO section value (optional)
+ * @param integer $root_aro_group The group id of the ARO (optional)
+ * @param integer $root_axo_group The group id of the AXO (optional)
+ * @return boolean true if the check succeeds, false if not.
*/
function acl_check($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL) {
$acl_result = $this->acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value, $root_aro_group, $root_axo_group);
@@ -312,12 +315,13 @@ function acl_check_array($aco_section_value, $aco_value, $aro_array) {
/**
* The Main function that does the actual ACL lookup.
+ *
* @param string The ACO section value
* @param string The ACO value
* @param string The ARO section value
- * @param string The ARO section
- * @param string The AXO section value (optional)
+ * @param string The ARO value
* @param string The AXO section value (optional)
+ * @param string The AXO value (optional)
* @param string The value of the ARO group (optional)
* @param string The value of the AXO group (optional)
* @param boolean Debug the operation if true (optional)
@@ -508,19 +512,17 @@ function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_valu
if ($return_all) {
foreach ($row as $single_row) {
+ $allow = FALSE;
if ( isset($single_row[1]) AND $single_row[1] == 1 ) {
$allow = TRUE;
- } else {
- $allow = FALSE;
}
$retarr[] = array('acl_id' => &$single_row[0], 'return_value' => &$single_row[2], 'allow' => $allow);
}
}
else {
+ $allow = FALSE;
if ( isset($row[1]) AND $row[1] == 1 ) {
$allow = TRUE;
- } else {
- $allow = FALSE;
}
$retarr = array('acl_id' => &$row[0], 'return_value' => &$row[2], 'allow' => $allow);
}
@@ -546,7 +548,15 @@ function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_valu
$this->put_cache($retarr, $cache_id);
}
- $this->debug_text("<b>acl_query():</b> ACO Section: $aco_section_value ACO Value: $aco_value ARO Section: $aro_section_value ARO Value $aro_value ACL ID: ". $retarr['acl_id'] .' Result: '. $retarr['allow']);
+ if ($return_all)
+ {
+ $this->debug_text("<b>acl_query():</b> ACO Section: $aco_section_value ACO Value: $aco_value ARO Section: $aro_section_value ARO Value $aro_value ACL ID: OMITTED due to return_all");
+ }
+ else
+ {
+ $this->debug_text("<b>acl_query():</b> ACO Section: $aco_section_value ACO Value: $aco_value ARO Section: $aro_section_value ARO Value $aro_value ACL ID: ". $retarr['acl_id'] .' Result: '. $retarr['allow']);
+ }
+
return $retarr;
}
View
10 interface/billing/billing_report.php
@@ -1,8 +1,10 @@
<?php
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ */
$fake_register_globals=false;
$sanitize_all_escapes=true;
View
4 interface/billing/edih_view.php
@@ -4,7 +4,6 @@
*
* Copyright 2012 Kevin McCormick Longview, Texas
*
- *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@@ -18,13 +17,12 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* <http://opensource.org/licenses/gpl-license.php>
*
- *
* @author Kevin McCormick
* @link: http://www.open-emr.org
* @package OpenEMR
* @subpackage ediHistory
*/
-
+
$sanitize_all_escapes=true;
$fake_register_globals=false;
require_once(dirname(__FILE__) . "/../globals.php");
View
54 interface/billing/new_payment.php
@@ -1,32 +1,30 @@
<?php
-// +-----------------------------------------------------------------------------+
-// Copyright (C) 2010 Z&H Consultancy Services Private Limited <sam@zhservices.com>
-//
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
-//
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-//
-// A copy of the GNU General Public License is included along with this program:
-// openemr/interface/login/GnuGPL.html
-// For more information write to the Free Software
-// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-//
-// Author: Eldho Chacko <eldho@zhservices.com>
-// Paul Simon K <paul@zhservices.com>
-//
-// +------------------------------------------------------------------------------+
-//===============================================================================
-//This screen handles the cash/cheque entry and its distribution to various charges.
-//===============================================================================
+/**
+ * This screen handles the cash/cheque entry and its distribution to various charges.
+ *
+ * Copyright (C) 2010 Z&H Consultancy Services Private Limited <sam@zhservices.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ *
+ * A copy of the GNU General Public License is included along with this program:
+ * openemr/interface/login/GnuGPL.html
+ * For more information write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Author: Eldho Chacko <eldho@zhservices.com>
+ * Paul Simon K <paul@zhservices.com>
+ *
+ */
require_once("../globals.php");
require_once("$srcdir/invoice_summary.inc.php");
require_once("$srcdir/sl_eob.inc.php");
View
2  interface/main/dated_reminders/dated_reminders.php
@@ -1,4 +1,4 @@
-<?php
+<?php
/**
* Used for displaying dated reminders.
*
View
71 interface/main/main_screen.php
@@ -1,33 +1,40 @@
<?php
- include_once("../globals.php");
- require_once("$srcdir/formdata.inc.php");
- $_SESSION["encounter"] = "";
-
- // Fetching the password expiration date
- $is_expired=false;
- if($GLOBALS['password_expiration_days'] != 0){
- $is_expired = false;
- $q=formData('authUser','P');
- $result = sqlStatement("select pwd_expiration_date from users where username = '".$q."'");
- $current_date = date("Y-m-d");
- $pwd_expires_date = $current_date;
- if($row = sqlFetchArray($result)) {
- $pwd_expires_date = $row['pwd_expiration_date'];
- }
-
-// Displaying the password expiration message (starting from 7 days before the password gets expired)
- $pwd_alert_date = date("Y-m-d", strtotime($pwd_expires_date . "-7 days"));
-
- if (strtotime($pwd_alert_date) != "" && strtotime($current_date) >= strtotime($pwd_alert_date) &&
- (!isset($_SESSION['expiration_msg']) or $_SESSION['expiration_msg'] == 0)) {
-
- $is_expired = true;
- $_SESSION['expiration_msg'] = 1; // only show the expired message once
- }
+/** The outside frame that holds all of the OpenEMR User Interface.
+ */
+
+/* Include our required headers */
+require_once('../globals.php');
+require_once("$srcdir/formdata.inc.php");
+
+$_SESSION["encounter"] = '';
+
+// Fetch the password expiration date
+$is_expired=false;
+if($GLOBALS['password_expiration_days'] != 0){
+ $is_expired=false;
+ $q=formData('authUser','P');
+ $result = sqlStatement("select pwd_expiration_date from users where username = '".$q."'");
+ $current_date = date('Y-m-d');
+ $pwd_expires_date = $current_date;
+ if($row = sqlFetchArray($result)) {
+ $pwd_expires_date = $row['pwd_expiration_date'];
+ }
+
+ // Display the password expiration message (starting from 7 days before the password gets expired)
+ $pwd_alert_date = date('Y-m-d', strtotime($pwd_expires_date . '-7 days'));
+
+ if (strtotime($pwd_alert_date) != '' &&
+ strtotime($current_date) >= strtotime($pwd_alert_date) &&
+ (!isset($_SESSION['expiration_msg'])
+ or $_SESSION['expiration_msg'] == 0)) {
+ $is_expired = true;
+ $_SESSION['expiration_msg'] = 1; // only show the expired message once
+ }
}
if ($is_expired) {
- $frame1url = "pwd_expires_alert.php"; //php file which display's password expiration message.
+ //display the php file containing the password expiration message.
+ $frame1url = "pwd_expires_alert.php";
}
else if (!empty($_POST['patientID'])) {
$patientID = 0 + $_POST['patientID'];
@@ -79,12 +86,16 @@ function allFramesLoaded() {
</head>
-<?php if ($GLOBALS['concurrent_layout']) { // start new layout ?>
+<?php
-<?php if (empty($GLOBALS['gbl_tall_nav_area'])) { // not tall nav area ?>
+// Please keep in mind that border (mozilla) and framespacing (ie) are the
+// same thing. use both.
+// frameborder specifies a 3d look, not whether there are borders.
-<!-- border (mozilla) and framespacing (ie) are the same thing. -->
-<!-- frameborder specifies a 3d look, not whether there are borders. -->
+if ($GLOBALS['concurrent_layout']) {
+ // start new layout
+ if (empty($GLOBALS['gbl_tall_nav_area'])) {
+ // not tall nav area ?>
<frameset rows='<?php echo $GLOBALS['titleBarHeight'] + 5 ?>,*' frameborder='1' border='1' framespacing='1' onunload='imclosing()'>
<frame src='main_title.php' name='Title' scrolling='no' frameborder='1' noresize />
<frameset cols='<?php echo $nav_area_width; ?>,*' id='fsbody' frameborder='1' border='4' framespacing='4'>
View
9 interface/main/main_title.php
@@ -1,7 +1,10 @@
<?php
-include_once("../globals.php");
-?>
+/**
+ * main_title.php - The main titlebar, at the top of the 'concurrent' layout.
+ */
+include_once('../globals.php');
+?>
<html>
<head>
@@ -14,6 +17,7 @@
display:block;
}
</style>
+
<script type="text/javascript" language="javascript">
function toencounter(rawdata) {
//This is called in the on change event of the Encounter list.
@@ -64,7 +68,6 @@ function showhideMenu() {
</script>
</head>
<body class="body_title">
-
<?php
$res = sqlQuery("select * from users where username='".$_SESSION{"authUser"}."'");
?>
View
31 interface/main/messages/messages.php
@@ -1,19 +1,18 @@
<?php
-// Copyright (C) 2010 OpenEMR Support LLC
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
-
+/**
+ * Copyright (C) 2010 OpenEMR Support LLC
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ */
//SANITIZE ALL ESCAPES
$sanitize_all_escapes=true;
-//
//STOP FAKE REGISTER GLOBALS
$fake_register_globals=false;
-//
-require_once("../../globals.php");
+require_once('../../globals.php');
require_once("$srcdir/pnotes.inc");
require_once("$srcdir/patient.inc");
require_once("$srcdir/acl.inc");
@@ -237,14 +236,14 @@
<a class="patLink" onclick="goPid('<?php echo attr($result['pid']);?>')"><?php echo htmlspecialchars( xl('Patient'), ENT_NOQUOTES); ?>:</a>
<?php } else { ?>
<b class='<?php echo ($task=="addnew"?"required":"") ?>'><?php echo htmlspecialchars( xl('Patient'), ENT_NOQUOTES); ?>:</b>
- <?php } ?>
<?php
+ }
if ($reply_to) {
$prow = sqlQuery("SELECT lname, fname " .
"FROM patient_data WHERE pid = ?", array($reply_to) );
$patientname = $prow['lname'] . ", " . $prow['fname'];
}
- if ($patientname == "") {
+ if ($patientname == '') {
$patientname = xl('Click to select');
} ?>
<input type='text' size='10' name='form_patient' style='width:150px;<?php echo ($task=="addnew"?"cursor:pointer;cursor:hand;":"") ?>' value='<?php echo htmlspecialchars($patientname, ENT_QUOTES); ?>' <?php echo ($task=="addnew"?"onclick='sel_patient()' readonly":"disabled") ?> title='<?php echo ($task=="addnew"?(htmlspecialchars( xl('Click to select patient'), ENT_QUOTES)):"") ?>' />
@@ -284,7 +283,8 @@
<!-- This is for displaying a new note. -->
<input type="button" id="newnote" value="<?php echo htmlspecialchars( xl('Send message'), ENT_QUOTES); ?>">
<input type="button" id="cancel" value="<?php echo htmlspecialchars( xl('Cancel'), ENT_QUOTES); ?>">
-<?php } ?>
+<?php }
+?>
<br>
</form></center></div>
@@ -414,7 +414,7 @@ function addtolist(sel){
// Display the Messages table header.
echo "
<table width=100%><tr><td><table border=0 cellpadding=1 cellspacing=0 width=90% style=\"border-left: 1px #000000 solid; border-right: 1px #000000 solid; border-top: 1px #000000 solid;\">
- <form name=wikiList action=\"messages.php?showall=$showall&sortby=$sortby&sortorder=$sortorder&begin=$begin&$activity_string_html\" method=post>
+ <form name=MessageList action=\"messages.php?showall=$showall&sortby=$sortby&sortorder=$sortorder&begin=$begin&$activity_string_html\" method=post>
<input type=hidden name=task value=delete>
<tr height=\"24\" style=\"background:lightgrey\">
<td align=\"center\" width=\"25\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><input type=checkbox id=\"checkAll\" onclick=\"selectAll()\"></td>
@@ -471,12 +471,13 @@ function addtolist(sel){
htmlspecialchars( xl('Delete'), ENT_NOQUOTES) . "</a></td>
<td align=right class=\"text\">$prevlink &nbsp; $end of $total &nbsp; $nextlink</td>
</tr>
- </table></td></tr></table><br>"; ?>
+ </table></td></tr></table><br>";
+?>
<script language="javascript">
// This is to confirm delete action.
function confirmDeleteSelected() {
if(confirm("<?php echo htmlspecialchars( xl('Do you really want to delete the selection?'), ENT_QUOTES); ?>")) {
- document.wikiList.submit();
+ document.MessageList.submit();
}
}
// This is to allow selection of all items in Messages table for deletion.
View
14 interface/orders/orders_results.php
@@ -1,10 +1,12 @@
<?php
-// Copyright (C) 2010-2013 Rod Roark <rod@sunsetsystems.com>
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * Copyright (C) 2010-2013 Rod Roark <rod@sunsetsystems.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ */
require_once("../globals.php");
require_once("$srcdir/acl.inc");
View
14 interface/orders/types.php
@@ -1,10 +1,12 @@
<?php
-// Copyright (C) 2010-2012 Rod Roark <rod@sunsetsystems.com>
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * Copyright (C) 2010-2012 Rod Roark <rod@sunsetsystems.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ */
require_once("../globals.php");
require_once("$srcdir/acl.inc");
View
14 interface/patient_file/transaction/record_request.php
@@ -1,10 +1,12 @@
<?php
-// Copyright (C) 2010 Brady Miller <brady@sparmy.com>
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * Copyright (C) 2010 Brady Miller <brady@sparmy.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ */
//SANITIZE ALL ESCAPES
$sanitize_all_escapes=true;
View
1  interface/reports/custom_report_range.php
@@ -7,7 +7,6 @@
require_once(dirname(__file__)."/../globals.php");
require_once("$srcdir/forms.inc");
require_once("$srcdir/billing.inc");
-require_once("$srcdir/pnotes.inc");
require_once("$srcdir/patient.inc");
require_once("$srcdir/report.inc");
require_once("$srcdir/classes/Document.class.php");
View
27 interface/super/manage_site_files.php
@@ -13,23 +13,26 @@
$sanitize_all_escapes = true;
$fake_register_globals = false;
-require_once("../globals.php");
-require_once("$srcdir/acl.inc");
+require_once('../globals.php');
+require_once($GLOBALS['srcdir'].'/acl.inc');
+require_once($GLOBALS['srcdir'].'/htmlspecialchars.inc.php');
+/* for formData() */
+require_once($GLOBALS['srcdir'].'/formdata.inc.php');
if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
// Prepare array of names of editable files, relative to the site directory.
$my_files = array(
- "clickoptions.txt",
- "config.php",
- "faxcover.txt",
- "faxtitle.eps",
- "referral_template.html",
- "statement.inc.php",
- "letter_templates/custom_pdf.php",
+ 'clickoptions.txt',
+ 'config.php',
+ 'faxcover.txt',
+ 'faxtitle.eps',
+ 'referral_template.html',
+ 'statement.inc.php',
+ 'letter_templates/custom_pdf.php',
);
// Append LBF plugin filenames to the array.
-$lres = sqlStatement("SELECT * FROM list_options " .
+$lres = sqlStatement('SELECT * FROM list_options ' .
"WHERE list_id = 'lbfnames' ORDER BY seq, title");
while ($lrow = sqlFetchArray($lres)) {
$option_id = $lrow['option_id']; // should start with LBF
@@ -37,7 +40,7 @@
$my_files[] = "LBF/$option_id.plugin.php";
}
-$form_filename = $_REQUEST['form_filename'];
+$form_filename = formData('form_filename');
// Sanity check to prevent evildoing.
if (!in_array($form_filename, $my_files)) $form_filename = '';
$filepath = "$OE_SITE_DIR/$form_filename";
@@ -80,7 +83,7 @@
<html>
<head>
-<title><?php echo htmlspecialchars(xl('File management')); ?></title>
+<title><?php echo xlt('File management'); ?></title>
<link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
<style type="text/css">
View
31 library/formdata.inc.php
@@ -1,17 +1,24 @@
<?php
-// Copyright (C) 2009 Rod Roark <rod@sunsetsystems.com>
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
-//
-// These functions will be used to globally validate and prepare
-// data for sql database insertion.
-//
+/**
+ * Copyright (C) 2009 Rod Roark <rod@sunsetsystems.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * These functions should be used to globally validate and prepare
+ * data for sql database insertion.
+ *
+ */
-// Main function that will manage POST, GET, and
-// REQUEST variables
+/** Main function that will manage POST, GET, and REQUEST variables
+ *
+ * @param string $name name of the variable requested.
+ * @param string $type 'P', 'G' for post or get data, otherwise uses request.
+ * @param bool $istrim whether to use trim() on the data.
+ * @return string variable requested, or empty string
+ */
function formData($name, $type='P', $isTrim=false) {
if ($type == 'P')
$s = isset($_POST[$name]) ? $_POST[$name] : '';
View
47 library/htmlspecialchars.inc.php
@@ -1,24 +1,31 @@
<?php
-/*
-Copyright © 2011 Boyd Stephen Smith Jr.
-
-Copyright license terms appear at the end of this file.
-*/
-
-/*
-This function uses htmlspecialchars() to escape a PHP string for use as
-(part of) an HTML / XML text node (in DOM terms).
-
-It only escapes a few special chars: the ampersand (&) and both the left-
-pointing angle bracket (<) and the right-pointing angle bracket (>), since
-these are the only characters that are special in a text node. Minimal quoting
-is preferred because it produces smaller and more easily human-readable output.
-
-Some characters simply cannot appear in valid XML documents, even
-as entities but, this function does not attempt to handle them.
-
-NOTE: Attribute values are NOT text nodes, and require additional escaping.
-*/
+/**
+ * library/htmlspecialchars.inc.php Escaping Functions
+ *
+ * Copyright © 2011 Boyd Stephen Smith Jr.
+ * Copyright license terms appear at the end of this file.
+ *
+ * @package OpenEMR
+ * @author Boyd Stephen Smith Jr.
+ */
+
+/**
+ * Escape a PHP string for use as (part of) an HTML / XML text node.
+ *
+ * It only escapes a few special chars: the ampersand (&) and both the left-
+ * pointing angle bracket (<) and the right-pointing angle bracket (>), since
+ * these are the only characters that are special in a text node. Minimal
+ * quoting is preferred because it produces smaller and more easily human-
+ * readable output.
+ *
+ * Some characters simply cannot appear in valid XML documents, even
+ * as entities but, this function does not attempt to handle them.
+ *
+ * NOTE: Attribute values are NOT text nodes, and require additional escaping.
+ *
+ * @param string The string to escape, possibly including "&", "<", or ">".
+ * @return string The string, with "&", "<", and ">" escaped.
+ */
function text($text) {
return htmlspecialchars($text, ENT_NOQUOTES);
}
View
12 library/patient.inc
@@ -1,8 +1,12 @@
<?php
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * patient.inc includes functions for manipulating patient information.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ */
require_once("{$GLOBALS['srcdir']}/sql.inc");
require_once(dirname(__FILE__) . "/classes/WSWrapper.class.php");
View
56 library/pnotes.inc
@@ -1,21 +1,28 @@
<?php
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
-
-require_once("{$GLOBALS['srcdir']}/sql.inc");
-
-// 06-2009, BM migrated the patient_note_types array to the list_options table
-
+/**
+ * This file contains functions for handling notes attached to patient files.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ */
+
+require_once($GLOBALS['srcdir'].'/sql.inc');
+
+/**
+ * Retrieve a note, given its ID
+ *
+ * @param string $id the ID of the note to retrieve.
+ * @param string $cols A list of columns to retrieve. defaults to '*' for all.
+ */
function getPnoteById($id, $cols = "*")
{
return sqlQuery("SELECT $cols FROM pnotes WHERE id=? " .
- " AND deleted != 1 ". // exclude ALL deleted notes
- "order by date DESC limit 0,1", array($id) );
+ ' AND deleted != 1 '. // exclude ALL deleted notes
+ 'order by date DESC limit 0,1', array($id) );
}
-
// activity can be 0, 1, or 'all'
function getPnotesByUser($activity="1",$show_all="no",$user='',$count=false,$sortby='',$sortorder='',$begin='',$listnumber='')
{
@@ -67,7 +74,6 @@ function getPnotesByUser($activity="1",$show_all="no",$user='',$count=false,$sor
}
}
-
function getPnotesByDate($date, $activity = "1", $cols = "*", $pid = "%",
$limit = "all", $start = 0, $username = '', $docid = 0, $status = "")
{
@@ -112,7 +118,7 @@ $sqlParameterArray = array();
return $all;
}
-// activity can only be 0, 1, or 'all
+// activity can only be 0, 1, or 'all'
function getSentPnotesByDate($date, $activity = "1", $cols = "*", $pid = "%",
$limit = "all", $start = 0, $username = '', $docid = 0, $status = "")
{
@@ -297,20 +303,34 @@ function getPnotesByPid ($pid, $activity = "1", $cols = "*", $limit=10, $start=0
return $all;
}
+/** Add a note to a patient's medical record.
+ *
+ * @param int $pid the ID of the patient whos medical record this note is going to be attached to.
+ * @param string $newtext the note contents.
+ * @param int $authorized
+ * @param int $activity
+ * @param string $title
+ * @param string $assigned_to
+ * @param string $datetime
+ * @param string $message_status
+ * @return int the ID of the added note.
+ */
function addPnote($pid, $newtext, $authorized = '0', $activity = '1',
- $title='Unassigned', $assigned_to = '', $datetime = '', $message_status = "New")
+ $title= 'Unassigned', $assigned_to = '', $datetime = '',
+ $message_status = 'New')
{
if (empty($datetime)) $datetime = date('Y-m-d H:i:s');
// make inactive if set as Done
- if ($message_status == "Done") $activity = 0;
+ if ($message_status == 'Done') $activity = 0;
$body = date('Y-m-d H:i') . ' (' . $_SESSION['authUser'];
if ($assigned_to) $body .= " to $assigned_to";
$body = $body . ') ' . $newtext;
- return sqlInsert("INSERT INTO pnotes (date, body, pid, user, groupname, " .
- "authorized, activity, title, assigned_to, message_status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
+ return sqlInsert('INSERT INTO pnotes (date, body, pid, user, groupname, ' .
+ 'authorized, activity, title, assigned_to, message_status) VALUES ' .
+ '(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
array($datetime, $body, $pid, $_SESSION['authUser'], $_SESSION['authProvider'], $authorized, $activity, $title, $assigned_to, $message_status) );
}
View
4 myportal/index.php
@@ -70,7 +70,7 @@ function md5_pass($length = 8)
?>
<html>
<head>
- <?php include_once($GLOBALS['fileroot']."/library/sha1.js");?>
+ <?php require_once($GLOBALS['fileroot'].'/library/sha1.js');?>
<script type="text/javascript">
function getshansubmit(){
randkey = "<?php echo $randkey;?>";
@@ -82,7 +82,7 @@ function getshansubmit(){
</script>
</head>
-<title><?php echo htmlspecialchars(xl("Redirection"),ENT_QUOTES);?></title>
+<title><?php echo xlt('Redirection');?></title>
<body onload="getshansubmit()">
<form name="portal" method="post" action="<?php echo htmlspecialchars($GLOBALS['portal_offsite_address'],ENT_QUOTES);?>">
<input type="hidden" name="user" value="<?php echo htmlspecialchars($GLOBALS['portal_offsite_username'],ENT_QUOTES);?>">
View
2  patients/index.php
@@ -90,7 +90,7 @@
<html>
<head>
- <title><?php echo htmlspecialchars( xl('Patient Portal Login'), ENT_NOQUOTES); ?></title>
+ <title><?php echo xlt('Patient Portal Login'); ?></title>
<script type="text/javascript" src="../library/js/jquery-1.5.js"></script>
<script type="text/javascript" src="../library/js/jquery.gritter.min.js"></script>
Please sign in to comment.
Something went wrong with that request. Please try again.