calendar fixes and unserialize fixes (openemr#2457)

DiscoverAndChange · Jun 5, 2019 · 7685b08 · 7685b08
1 parent 896f0b2
commit 7685b08
Show file tree

Hide file tree

Showing 122 changed files with 379 additions and 16,547 deletions.
diff --git a/interface/cmsportal/portal.inc.php b/interface/cmsportal/portal.inc.php
@@ -48,7 +48,7 @@ function cms_portal_call($args)
 
  curl_close($phandle);
  // With JSON-over-HTTP we would use json_decode($presult,TRUE) here.
- return unserialize($presult);
+ return unserialize($presult, ['allowed_classes' => false]);
 }
 
 // Look up the OpenEMR patient matching this request. More or less than 1 is an error.

diff --git a/interface/main/calendar/add_edit_event.php b/interface/main/calendar/add_edit_event.php
@@ -466,7 +466,7 @@ function setEventDate($start_date, $recurrence)
  // get the original event's repeat specs
  $origEvent = sqlQuery("SELECT pc_recurrspec FROM openemr_postcalendar_events ".
  " WHERE pc_aid = ? AND pc_multiple=?", array($provider,$row['pc_multiple']));
- $oldRecurrspec = unserialize($origEvent['pc_recurrspec']);
+ $oldRecurrspec = unserialize($origEvent['pc_recurrspec'], ['allowed_classes' => false]);
  $selected_date = date("Ymd", strtotime($_POST['selected_date']));
  if ($oldRecurrspec['exdate'] != "") {
  $oldRecurrspec['exdate'] .= ",".$selected_date;
@@ -636,7 +636,7 @@ function setEventDate($start_date, $recurrence)
  if ($_POST['recurr_affect'] == 'current') {
  // get the original event's repeat specs
  $origEvent = sqlQuery("SELECT pc_recurrspec FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
- $oldRecurrspec = unserialize($origEvent['pc_recurrspec']);
+ $oldRecurrspec = unserialize($origEvent['pc_recurrspec'], ['allowed_classes' => false]);
  $selected_date = date("Ymd", strtotime($_POST['selected_date']));
  if ($oldRecurrspec['exdate'] != "") {
  $oldRecurrspec['exdate'] .= ",".$selected_date;
@@ -767,7 +767,7 @@ function setEventDate($start_date, $recurrence)
  // get the original event's repeat specs
  $origEvent = sqlQuery("SELECT pc_recurrspec FROM openemr_postcalendar_events ".
  " WHERE pc_aid <=> ? AND pc_multiple=?", array($provider,$row['pc_multiple']));
- $oldRecurrspec = unserialize($origEvent['pc_recurrspec']);
+ $oldRecurrspec = unserialize($origEvent['pc_recurrspec'], ['allowed_classes' => false]);
  $selected_date = date("Y-m-d", strtotime($_POST['selected_date']));
  if ($oldRecurrspec['exdate'] != "") {
  $oldRecurrspec['exdate'] .= ",".$selected_date;
@@ -808,7 +808,7 @@ function setEventDate($start_date, $recurrence)
 
  // get the original event's repeat specs
  $origEvent = sqlQuery("SELECT pc_recurrspec FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
- $oldRecurrspec = unserialize($origEvent['pc_recurrspec']);
+ $oldRecurrspec = unserialize($origEvent['pc_recurrspec'], ['allowed_classes' => false]);
  $selected_date = date("Ymd", strtotime($_POST['selected_date']));
  if ($oldRecurrspec['exdate'] != "") {
  $oldRecurrspec['exdate'] .= ",".$selected_date;
@@ -924,7 +924,7 @@ function setEventDate($start_date, $recurrence)
  $multiple_value = $row['pc_multiple'];
 
  // parse out the repeating data, if any
- $rspecs = unserialize($row['pc_recurrspec']); // extract recurring data
+ $rspecs = unserialize($row['pc_recurrspec'], ['allowed_classes' => false]); // extract recurring data
  $repeattype = $rspecs['event_repeat_freq_type'];
  $repeatfreq = $rspecs['event_repeat_freq'];
  $repeatexdate = $rspecs['exdate']; // repeating date exceptions

diff --git a/interface/main/calendar/config.php b/interface/main/calendar/config.php
@@ -32,7 +32,6 @@
 
 $pnconfig['modname'] = "PostCalendar";
 $pnconfig['startpage'] = "PostCalendar";
-$pnconfig['language'] = "eng";
 $pnconfig['dbtype'] = 'mysqli_mod';
 $pnconfig['dbtabletype'] = 'MyISAM';
 $pnconfig['dbhost'] = $host;
@@ -42,49 +41,6 @@
 $pnconfig['dbname'] = $dbase;
 $pnconfig['system'] = '0';
 $pnconfig['prefix'] = 'openemr';
-$pnconfig['encoded'] = '0';
-
-
-$pntable = array();
-$session_info = $prefix . '_session_info';
-$pntable['session_info'] = $session_info;
-$pntable['session_info_column'] = array (
- 'sessid' => $session_info .
- '.pn_sessid', 'ipaddr' => $session_info .
- '.pn_ipaddr','firstused' => $session_info .
- '.pn_firstused','lastused' => $session_info .
- '.pn_lastused','uid' => $session_info .
- '.pn_uid','vars' => $session_info .
- '.pn_vars');
-// ----------------------------------------------------------------------
-// For debugging (Pablo Roca)
-//
-// $debug - debugger windows active
-// 0 = No
-// 1 = Yes
-//
-// $debug_sql - show SQL in lens debug
-// 0 = No
-// 1 = Yes
-// ----------------------------------------------------------------------
-global $pndebug;
-$pndebug['debug'] = 0;
-$pndebug['debug_sql'] = 0;
-
-// ----------------------------------------------------------------------
-// You have finished configuring the database. Now you can start to
-// change your site settings in the Administration Section.
-//
-// Thanks for choosing PostNuke.
-// ----------------------------------------------------------------------
-
-// ----------------------------------------------------------------------
-// if there is a personal_config.php in the folder where is config.php
-// we add it. (This HAS to be at the end, after all initialization.)
-// ----------------------------------------------------------------------
-if (@file_exists("personal_config.php")) {
- include("personal_config.php");
-}
 
 // ----------------------------------------------------------------------
 // Make config file backwards compatible (deprecated)

diff --git a/interface/main/calendar/findfirstapp.php b/interface/main/calendar/findfirstapp.php