search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: d04153a) | patch
Additional Sql-injection functions and techniques for escaping;
commitd56d58fcfbe04214f9df419901e766341a1b95d1
authorbradymiller <bradymiller@users.sourceforge.net>
Sun, 10 Mar 2013 09:35:20 +0000 (10 01:35 -0800)
committerbradymiller <bradymiller@users.sourceforge.net>
Mon, 18 Mar 2013 02:29:47 +0000 (17 19:29 -0700)
tree7c5e7670611aae3d4dc3594fc98eb3cd41b79daetree | snapshot (tar.gz zip)
parentd04153a06f647c020fe455a17d330f3f1cc6b0d3commit | diff
Additional Sql-injection functions and techniques for escaping;

 1. Improved/clarified the functions in library/formdata.inc.php
 2. Added mechanism for whitelisting openemr sql table names.
 3. Added mechanism for whitelisting openemr sql column names.
 4. Incorporated it into the messages module
 5. Incorporated into dictation form
 6. Incorporated into work/school form/note
14 files changed:
interface/forms/dictation/new.php diff | blob | blame | history
interface/forms/dictation/report.php diff | blob | blame | history
interface/forms/dictation/save.php diff | blob | blame | history
interface/forms/dictation/table.sql [deleted file] blob | blame | history
interface/forms/dictation/view.php diff | blob | blame | history
interface/forms/note/new.php diff | blob | blame | history
interface/forms/note/print.php diff | blob | blame | history
interface/forms/note/report.php diff | blob | blame | history
interface/forms/note/save.php diff | blob | blame | history
interface/forms/note/view.php diff | blob | blame | history
library/api.inc diff | blob | blame | history
library/formdata.inc.php diff | blob | blame | history
library/forms.inc diff | blob | blame | history
library/pnotes.inc diff | blob | blame | history
Mirror of official OpenEMR Sourceforge repository