diff --git a/interface/globals.php b/interface/globals.php index 7baac2f8927..85ea87007d5 100644 --- a/interface/globals.php +++ b/interface/globals.php @@ -42,7 +42,7 @@ function undoMagicQuotes($array, $topLevel=true) { $webserver_root = dirname(dirname(__FILE__)); if (IS_WINDOWS) { //convert windows path separators - $webserver_root = str_replace("\\","/",$webserver_root); + $webserver_root = str_replace("\\","/",$webserver_root); } // Collect the apache server document root (and convert to windows slashes, if needed) $server_document_root = realpath($_SERVER['DOCUMENT_ROOT']); @@ -121,7 +121,7 @@ function undoMagicQuotes($array, $topLevel=true) { // to set the correct html encoding. utf8 vs iso-8859-1. If flag is set // then set to iso-8859-1. require_once(dirname(__FILE__) . "/../library/sqlconf.php"); -if (!$disable_utf8_flag) { +if (!$disable_utf8_flag) { ini_set('default_charset', 'utf-8'); $HTML_CHARSET = "UTF-8"; mb_internal_encoding('UTF-8'); @@ -155,7 +155,7 @@ function undoMagicQuotes($array, $topLevel=true) { // Location of the login screen file $GLOBALS['login_screen'] = $GLOBALS['rootdir'] . "/login_screen.php"; -// Variable set for Eligibility Verification [EDI-271] path +// Variable set for Eligibility Verification [EDI-271] path $GLOBALS['edi_271_file_path'] = $GLOBALS['OE_SITE_DIR'] . "/edi/"; // Include the translation engine. This will also call sql.inc to @@ -226,7 +226,7 @@ function undoMagicQuotes($array, $topLevel=true) { $GLOBALS['language_menu_show'] = array(); $glres = sqlStatement("SELECT gl_name, gl_index, gl_value FROM globals " . "ORDER BY gl_name, gl_index"); - while ($glrow = sqlFetchArray($glres)) { + while ($glrow = sqlFetchArray($glres)) { $gl_name = $glrow['gl_name']; $gl_value = $glrow['gl_value']; // Adjust for user specific settings @@ -237,7 +237,7 @@ function undoMagicQuotes($array, $topLevel=true) { } } } - if ($gl_name == 'language_menu_other') { + if ($gl_name == 'language_menu_other') { $GLOBALS['language_menu_show'][] = $gl_value; } else if ($gl_name == 'css_header') { @@ -265,36 +265,36 @@ function undoMagicQuotes($array, $topLevel=true) { if ((count($GLOBALS['language_menu_show']) >= 1) || $GLOBALS['language_menu_showall']) { $GLOBALS['language_menu_login'] = true; } - - + + // Additional logic to override theme name. // For RTL languages we substitute the theme name with the name of RTL-adapted CSS file. $rtl_override = false; if( isset( $_SESSION['language_direction'] )) { - if( $_SESSION['language_direction'] == 'rtl' && + if( $_SESSION['language_direction'] == 'rtl' && !strpos($GLOBALS['css_header'], 'rtl') ) { // the $css_header_value is set above $rtl_override = true; } - } - - else { + } + + else { //$_SESSION['language_direction'] is not set, so will use the default language $default_lang_id = sqlQuery('SELECT lang_id FROM lang_languages WHERE lang_description = ?',array($GLOBALS['language_default'])); - + if ( getLanguageDir( $default_lang_id['lang_id'] ) === 'rtl' && !strpos($GLOBALS['css_header'], 'rtl')) { // @todo eliminate 1 SQL query $rtl_override = true; } } - + // change theme name, if the override file exists. if( $rtl_override ) { // the $css_header_value is set above $new_theme = 'rtl_' . $temp_css_theme_name; - // Check file existance + // Check file existance if( file_exists( $include_root.'/themes/'.$new_theme ) ) { $GLOBALS['css_header'] = $rootdir.'/themes/'.$new_theme; } else { @@ -304,7 +304,7 @@ function undoMagicQuotes($array, $topLevel=true) { } unset( $temp_css_theme_name, $new_theme,$rtl_override); // end of RTL section - + // // End of globals table processing. } @@ -408,10 +408,10 @@ function undoMagicQuotes($array, $topLevel=true) { // 1 = send email message to given id for Emergency Login user activation, // else 0. -$GLOBALS['Emergency_Login_email'] = $GLOBALS['Emergency_Login_email_id'] ? 1 : 0; +$GLOBALS['Emergency_Login_email'] = empty($GLOBALS['Emergency_Login_email_id']) ? 0 : 1; //set include_de_identification to enable De-identification (currently de-identification works fine only with linux machines) -//Run de_identification_upgrade.php script to upgrade OpenEMR database to include procedures, +//Run de_identification_upgrade.php script to upgrade OpenEMR database to include procedures, //functions, tables for de-identification(Mysql root user and password is required for successful //execution of the de-identification upgrade script) $GLOBALS['include_de_identification']=0; diff --git a/interface/super/edit_globals.php b/interface/super/edit_globals.php index 43a4c113d58..532ff11e367 100644 --- a/interface/super/edit_globals.php +++ b/interface/super/edit_globals.php @@ -34,24 +34,26 @@ require_once("$srcdir/classes/CouchDB.class.php"); require_once(dirname(__FILE__)."/../../myportal/soap_service/portal_connectivity.php"); -if ($_GET['mode'] != "user") { +$userMode = (array_key_exists('mode', $_GET) && $_GET['mode'] == 'user'); + +if (!$userMode) { // Check authorization. $thisauth = acl_check('admin', 'super'); if (!$thisauth) die(xlt('Not authorized')); } function checkCreateCDB(){ - $globalsres = sqlStatement("SELECT gl_name, gl_index, gl_value FROM globals WHERE gl_name IN + $globalsres = sqlStatement("SELECT gl_name, gl_index, gl_value FROM globals WHERE gl_name IN ('couchdb_host','couchdb_user','couchdb_pass','couchdb_port','couchdb_dbase','document_storage_method')"); $options = array(); while($globalsrow = sqlFetchArray($globalsres)){ $GLOBALS[$globalsrow['gl_name']] = $globalsrow['gl_value']; } $directory_created = false; - if($GLOBALS['document_storage_method'] != 0){ + if( !empty($GLOBALS['document_storage_method']) ) { // /documents/temp/ folder is required for CouchDB if(!is_dir($GLOBALS['OE_SITE_DIR'] . '/documents/temp/')){ - $directory_created = mkdir($GLOBALS['OE_SITE_DIR'] . '/documents/temp/',0777,true); + $directory_created = mkdir($GLOBALS['OE_SITE_DIR'] . '/documents/temp/',0777,true); if(!$directory_created){ echo htmlspecialchars( xl("Failed to create temporary folder. CouchDB will not work."),ENT_NOQUOTES); } @@ -101,10 +103,10 @@ function checkBackgroundServices(){ $GLOBALS[$globalsrow['gl_name']] = $globalsrow['gl_value']; } - //Set up phimail service - $phimail_active = $GLOBALS['phimail_enable'] ? '1' : '0'; - $phimail_interval = max(0,(int)$GLOBALS['phimail_interval']); - updateBackgroundService('phimail',$phimail_active,$phimail_interval); + //Set up phimail service + $phimail_active = empty($GLOBALS['phimail_enable']) ? '0' : '1'; + $phimail_interval = max(0, (int) $GLOBALS['phimail_interval']); + updateBackgroundService('phimail', $phimail_active, $phimail_interval); } ?> @@ -117,7 +119,7 @@ function checkBackgroundServices(){ // If we are saving user_specific globals. // -if ($_POST['form_save'] && $_GET['mode'] == "user") { +if (array_key_exists('form_save', $_POST) && $_POST['form_save'] && $userMode) { $i = 0; foreach ($GLOBALS_METADATA as $grpname => $grparr) { if (in_array($grpname, $USER_SPECIFIC_TABS)) { @@ -147,8 +149,8 @@ function checkBackgroundServices(){ echo ""; } -if ($_POST['form_download']) { - $client = portal_connection(); +if (array_key_exists('form_download', $_POST) && $_POST['form_download']) { + $client = portal_connection(); try { $response = $client->getPortalConnectionFiles($credentials); } @@ -160,22 +162,22 @@ function checkBackgroundServices(){ error_log('Exception Error'); error_log(var_dump(get_object_vars($e))); } - if($response['status'] == "1") {//WEBSERVICE RETURNED VALUE SUCCESSFULLY - $tmpfilename = realpath(sys_get_temp_dir())."/".date('YmdHis').".zip"; + if(array_key_exists('status', $response) && $response['status'] == "1") {//WEBSERVICE RETURNED VALUE SUCCESSFULLY + $tmpfilename = realpath(sys_get_temp_dir())."/".date('YmdHis').".zip"; $fp = fopen($tmpfilename,"wb"); fwrite($fp,base64_decode($response['value'])); fclose($fp); - $practice_filename = $response['file_name'];//practicename.zip - ob_clean(); + $practice_filename = $response['file_name'];//practicename.zip + ob_clean(); // Set headers header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=".$practice_filename); header("Content-Type: application/zip"); - header("Content-Transfer-Encoding: binary"); + header("Content-Transfer-Encoding: binary"); // Read the file from disk - readfile($tmpfilename); - unlink($tmpfilename); + readfile($tmpfilename); + unlink($tmpfilename); exit; } else{//WEBSERVICE CALL FAILED AND RETURNED AN ERROR MESSAGE @@ -184,7 +186,7 @@ function checkBackgroundServices(){ - @@ -194,7 +196,7 @@ function checkBackgroundServices(){ // If we are saving main globals. // -if ($_POST['form_save'] && $_GET['mode'] != "user") { +if (array_key_exists('form_save', $_POST) && $_POST['form_save'] && !$userMode) { $force_off_enable_auditlog_encryption = true; // Need to force enable_auditlog_encryption off if the php mycrypt module // is not installed. @@ -210,7 +212,7 @@ function checkBackgroundServices(){ * Compare form values with old database values. * Only save if values differ. Improves speed. */ - + // Get all the globals from DB $old_globals = sqlGetAssoc( 'SELECT gl_name, gl_index, gl_value FROM `globals` ORDER BY gl_name, gl_index',false,true ); @@ -227,9 +229,9 @@ function checkBackgroundServices(){ if (!is_array($fldtype) && substr($fldtype, 0, 2) == 'm_') { if (isset($_POST["form_$i"])) { $fldindex = 0; - + sqlStatement("DELETE FROM globals WHERE gl_name = ?", array( $fldid ) ); - + foreach ($_POST["form_$i"] as $fldvalue) { $fldvalue = trim($fldvalue); sqlStatement('INSERT INTO `globals` ( gl_name, gl_index, gl_value ) VALUES ( ?,?,?)', array( $fldid, $fldindex, $fldvalue ) ); @@ -239,7 +241,7 @@ function checkBackgroundServices(){ } else { /* check value of single field. Don't update if the database holds the same value */ - if (isset($_POST["form_$i"])) { + if (isset($_POST["form_$i"])) { $fldvalue = trim($_POST["form_$i"]); } else { @@ -248,10 +250,10 @@ function checkBackgroundServices(){ if($fldtype=='pwd') $fldvalue = $fldvalue ? SHA1($fldvalue) : $fldvalueold; // TODO: salted passwords? // We rely on the fact that set of keys in globals.inc === set of keys in `globals` table! - - if( + + if( !isset( $old_globals[$fldid]) // if the key not found in database - update database - || + || ( isset($old_globals[$fldid]) && $old_globals[ $fldid ]['gl_value'] !== $fldvalue ) // if the value in database is different ) { // Need to force enable_auditlog_encryption off if the php mcrypt module @@ -310,7 +312,7 @@ function checkBackgroundServices(){ - +