Security fixes 21

interface/patient_file/upload_dialog.php

@@ -1,10 +1,25 @@
 <?php
-// Copyright (C) 2009-2010 Rod Roark <[email protected]>
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * This script upload image to file.
+ *
+ * Copyright (C) 2009-2010 Rod Roark <[email protected]>
+ *
+ * LICENSE: This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http:https://opensource.org/licenses/gpl-license.php>;.
+ *
+ * @package OpenEMR
+ * @author Rod Roark <[email protected]>
+ * @author Roberto Vasquez <[email protected]>
+ * @link http:https://www.open-emr.org
+ */
 
 require_once("../globals.php");
 
@@ -83,7 +98,7 @@
 
 </center>
 
-<form method="post" name="main" action="upload_dialog.php?patientid=<?php echo $patientid ?>&file=<?php echo $what ?>" enctype="multipart/form-data">
+<form method="post" name="main" action="upload_dialog.php?patientid=<?php echo attr($patientid) ?>&file=<?php echo attr($what) ?>" enctype="multipart/form-data">
 <input type="hidden" name="MAX_FILE_SIZE" value="4000000">
 
 <center>