forked from openemr/openemr
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Converted referrals_report.php to standard security model, take 2.
- Loading branch information
1 parent
3affb6d
commit 52a3323
Showing
1 changed file
with
35 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,6 +3,7 @@ | |
| * This report lists referrals for a given date range. | ||
| * | ||
| * Copyright (C) 2008-2016 Rod Roark <[email protected]> | ||
| * Copyright (C) 2016 Roberto Vasquez <[email protected]> | ||
| * | ||
| * LICENSE: This program is free software; you can redistribute it and/or | ||
| * modify it under the terms of the GNU General Public License | ||
|
|
@@ -21,20 +22,23 @@ | |
| * @link http:https://www.open-emr.org | ||
| */ | ||
|
|
||
| $fake_register_globals=false; | ||
| $sanitize_all_escapes=true; | ||
|
|
||
| require_once("../globals.php"); | ||
| require_once("$srcdir/patient.inc"); | ||
| require_once("$srcdir/formatting.inc.php"); | ||
| require_once "$srcdir/options.inc.php"; | ||
| require_once "$srcdir/formdata.inc.php"; | ||
|
|
||
| $from_date = fixDate($_POST['form_from_date'], date('Y-m-d')); | ||
| $to_date = fixDate($_POST['form_to_date'], date('Y-m-d')); | ||
| $from_date = (isset($_POST['form_from_date'])) ? fixDate($_POST['form_from_date'], date('Y-m-d')) : ''; | ||
| $to_date = (isset($_POST['form_to_date'])) ? fixDate($_POST['form_to_date'], date('Y-m-d')) : '';; | ||
| $form_facility = isset($_POST['form_facility']) ? $_POST['form_facility'] : ''; | ||
| ?> | ||
| <html> | ||
| <head> | ||
| <?php html_header_show();?> | ||
| <title><?php xl('Referrals','e'); ?></title> | ||
| <title><?php echo xlt('Referrals'); ?></title> | ||
|
|
||
| <style type="text/css">@import url(../../library/dynarch_calendar.css);</style> | ||
|
|
||
|
|
@@ -58,6 +62,7 @@ | |
| }); | ||
|
|
||
| // The OnClick handler for referral display. | ||
|
|
||
| function show_referral(transid) { | ||
| dlgopen('../patient_file/transaction/print_referral.php?transid=' + transid, | ||
| '_blank', 550, 400); | ||
|
|
@@ -102,10 +107,10 @@ function show_referral(transid) { | |
|
|
||
| <body class="body_top"> | ||
|
|
||
| <span class='title'><?php xl('Report','e'); ?> - <?php xl('Referrals','e'); ?></span> | ||
| <span class='title'><?php echo xlt('Report'); ?> - <?php echo xlt('Referrals'); ?></span> | ||
|
|
||
| <div id="report_parameters_daterange"> | ||
| <?php echo date("d F Y", strtotime($form_from_date)) ." to ". date("d F Y", strtotime($form_to_date)); ?> | ||
| <?php echo text(date("d F Y", strtotime($form_from_date))) ." to ". text(date("d F Y", strtotime($form_to_date))); ?> | ||
| </div> | ||
|
|
||
| <form name='theform' id='theform' method='post' action='referrals_report.php'> | ||
|
|
@@ -120,30 +125,30 @@ function show_referral(transid) { | |
| <table class='text'> | ||
| <tr> | ||
| <td class='label'> | ||
| <?php xl('Facility','e'); ?>: | ||
| <?php echo xlt('Facility'); ?>: | ||
| </td> | ||
| <td> | ||
| <?php dropdown_facility(strip_escape_custom($form_facility), 'form_facility', true); ?> | ||
| <?php dropdown_facility(($form_facility), 'form_facility', true); ?> | ||
| </td> | ||
| <td class='label'> | ||
| <?php xl('From','e'); ?>: | ||
| <?php echo xlt('From'); ?>: | ||
| </td> | ||
| <td> | ||
| <input type='text' name='form_from_date' id="form_from_date" size='10' value='<?php echo $form_from_date ?>' | ||
| onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)' title='yyyy-mm-dd'> | ||
| <input type='text' name='form_from_date' id="form_from_date" size='10' value='<?php echo attr($form_from_date) ?>' | ||
| onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)' title='<?php echo xla('yyyy-mm-dd') ?>'> | ||
| <img src='../pic/show_calendar.gif' align='absbottom' width='24' height='22' | ||
| id='img_from_date' border='0' alt='[?]' style='cursor:pointer' | ||
| title='<?php xl('Click here to choose a date','e'); ?>'> | ||
| title='<?php echo xla('Click here to choose a date'); ?>'> | ||
| </td> | ||
| <td class='label'> | ||
| <?php xl('To','e'); ?>: | ||
| <?php echo xlt('To'); ?>: | ||
| </td> | ||
| <td> | ||
| <input type='text' name='form_to_date' id="form_to_date" size='10' value='<?php echo $form_to_date ?>' | ||
| onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)' title='yyyy-mm-dd'> | ||
| <input type='text' name='form_to_date' id="form_to_date" size='10' value='<?php echo attr($form_to_date) ?>' | ||
| onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)' title='<?php echo xla('yyyy-mm-dd') ?>'> | ||
| <img src='../pic/show_calendar.gif' align='absbottom' width='24' height='22' | ||
| id='img_to_date' border='0' alt='[?]' style='cursor:pointer' | ||
| title='<?php xl('Click here to choose a date','e'); ?>'> | ||
| title='<?php echo xla('Click here to choose a date'); ?>'> | ||
| </td> | ||
| </tr> | ||
| </table> | ||
|
|
@@ -158,14 +163,14 @@ function show_referral(transid) { | |
| <div style='margin-left:15px'> | ||
| <a href='#' class='css_button' onclick='$("#form_refresh").attr("value","true"); $("#theform").submit();'> | ||
| <span> | ||
| <?php xl('Submit','e'); ?> | ||
| <?php echo xlt('Submit'); ?> | ||
| </span> | ||
| </a> | ||
|
|
||
| <?php if ($_POST['form_refresh']) { ?> | ||
| <a href='#' class='css_button' id='printbutton'> | ||
| <span> | ||
| <?php xl('Print','e'); ?> | ||
| <?php echo xlt('Print'); ?> | ||
| </span> | ||
| </a> | ||
| <?php } ?> | ||
|
|
@@ -184,12 +189,12 @@ function show_referral(transid) { | |
| <div id="report_results"> | ||
| <table width='98%' id='mymaintable'> | ||
| <thead> | ||
| <th> <?php xl('Refer To','e'); ?> </th> | ||
| <th> <?php xl('Refer Date','e'); ?> </th> | ||
| <th> <?php xl('Reply Date','e'); ?> </th> | ||
| <th> <?php xl('Patient','e'); ?> </th> | ||
| <th> <?php xl('ID','e'); ?> </th> | ||
| <th> <?php xl('Reason','e'); ?> </th> | ||
| <th> <?php echo xlt('Refer To'); ?> </th> | ||
| <th> <?php echo xlt('Refer Date'); ?> </th> | ||
| <th> <?php echo xlt('Reply Date'); ?> </th> | ||
| <th> <?php echo xlt('Patient'); ?> </th> | ||
| <th> <?php echo xlt('ID'); ?> </th> | ||
| <th> <?php echo xlt('Reason'); ?> </th> | ||
| </thead> | ||
| <tbody> | ||
| <?php | ||
|
|
@@ -231,7 +236,7 @@ function show_referral(transid) { | |
| <tr> | ||
| <td> | ||
| <?php if($row['organization']!=NULL || $row['organization']!='') { | ||
| echo $row['organization']; | ||
| echo text($row['organization']); | ||
| } | ||
| else { | ||
| echo text($row['referer_to']); | ||
|
|
@@ -240,18 +245,18 @@ function show_referral(transid) { | |
| ?> | ||
| </td> | ||
| <td> | ||
| <a href='#' onclick="return show_referral(<?php echo $row['id']; ?>)"> | ||
| <?php echo oeFormatShortDate($row['refer_date']); ?> | ||
| <a href='#' onclick="return show_referral(<?php echo attr($row['id']); ?>)"> | ||
| <?php echo text(oeFormatShortDate($row['refer_date'])); ?> | ||
| </a> | ||
| </td> | ||
| <td> | ||
| <?php echo oeFormatShortDate($row['reply_date']) ?> | ||
| <?php echo text(oeFormatShortDate($row['reply_date'])) ?> | ||
| </td> | ||
| <td> | ||
| <?php echo $row['patient_name'] ?> | ||
| <?php echo text($row['patient_name']) ?> | ||
| </td> | ||
| <td> | ||
| <?php echo $row['pubpid'] ?> | ||
| <?php echo text($row['pubpid']) ?> | ||
| </td> | ||
| <td> | ||
| <?php echo text($row['body']) ?> | ||
|
|
@@ -266,7 +271,7 @@ function show_referral(transid) { | |
| </div> <!-- end of results --> | ||
| <?php } else { ?> | ||
| <div class='text'> | ||
| <?php echo xl('Please input search criteria above, and click Submit to view results.', 'e' ); ?> | ||
| <?php echo xlt('Please input search criteria above, and click Submit to view results.'); ?> | ||
| </div> | ||
| <?php } ?> | ||
| </form> | ||
|
|
||