Security fixes 17

DiscoverAndChange · Sep 21, 2015 · 425a74b · 425a74b
1 parent b63b5cd
commit 425a74b
Showing 1 changed file with 31 additions and 14 deletions.
diff --git a/controllers/C_Prescription.class.php b/controllers/C_Prescription.class.php
@@ -1,8 +1,25 @@
 <?php
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * This script print Prescriptions.
+ *
+ * Copyright (C) 2015 Roberto Vasquez <[email protected]>
+ *
+ * LICENSE: This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http:https://opensource.org/licenses/gpl-license.php>;.
+ *
+ * @package OpenEMR
+ * @author Roberto Vasquez <[email protected]>
+ * @link http:https://www.open-emr.org
+ */
+
 
 require_once($GLOBALS['fileroot'] . "/library/classes/Controller.class.php");
 require_once($GLOBALS['fileroot'] . "/library/classes/Prescription.class.php");
@@ -475,26 +492,26 @@ function multiprintcss_postfooter() {
  }
 
  function get_prescription_body_text($p) {
- $body = '<b>' . xl('Rx') . ': ' . $p->get_drug() . ' ' . $p->get_size() . ' ' . $p->get_unit_display();
- if ($p->get_form()) $body .= ' [' . $p->form_array[$p->get_form()] . "]";
+ $body = '<b>' . xlt('Rx') . ': ' . text($p->get_drug()) . ' ' . text($p->get_size()) . ' ' . text($p->get_unit_display());
+ if ($p->get_form()) $body .= ' [' . text($p->form_array[$p->get_form()]) . "]";
  $body .= "</b> <i>" .
- $p->substitute_array[$p->get_substitute()] . "</i>\n" .
- '<b>' . xl('Disp #') . ':</b> <u>' . $p->get_quantity() . "</u>\n" .
- '<b>' . xl('Sig') . ':</b> ' . $p->get_dosage() . ' ' . $p->form_array[$p->get_form()] . ' ' .
- $p->route_array[$p->get_route()] . ' ' . $p->interval_array[$p->get_interval()] . "\n";
+ text($p->substitute_array[$p->get_substitute()]) . "</i>\n" .
+ '<b>' . xlt('Disp #') . ':</b> <u>' . text($p->get_quantity()) . "</u>\n" .
+ '<b>' . xlt('Sig') . ':</b> ' . text($p->get_dosage()) . ' ' . text($p->form_array[$p->get_form()]) . ' ' .
+ text($p->route_array[$p->get_route()]) . ' ' . text($p->interval_array[$p->get_interval()]) . "\n";
  if ($p->get_refills() > 0) {
- $body .= "\n<b>" . xl('Refills') . ":</b> <u>" . $p->get_refills();
+ $body .= "\n<b>" . xlt('Refills') . ":</b> <u>" . text($p->get_refills());
  if ($p->get_per_refill()) {
- $body .= " " . xl('of quantity') . " " . $p->get_per_refill();
+ $body .= " " . xlt('of quantity') . " " . text($p->get_per_refill());
  }
  $body .= "</u>\n";
  }
  else {
- $body .= "\n<b>" . xl('Refills') . ":</b> <u>0 (" . xl('Zero') . ")</u>\n";
+ $body .= "\n<b>" . xlt('Refills') . ":</b> <u>0 (" . xlt('Zero') . ")</u>\n";
  }
  $note = $p->get_note();
  if ($note != '') {
- $body .= "\n$note\n";
+ $body .= "\n" . text($note) . "\n";
  }
  return $body;
  }