From 123632fa5ae0813dd8cc42118f37df5541422a44 Mon Sep 17 00:00:00 2001 From: bradymiller Date: Wed, 12 Feb 2014 18:34:49 -0800 Subject: [PATCH] security fix for sql-injection and cross-scripting of document var in delete script --- interface/patient_file/deleter.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/interface/patient_file/deleter.php b/interface/patient_file/deleter.php index 5b79b4c44..95aa57f74 100644 --- a/interface/patient_file/deleter.php +++ b/interface/patient_file/deleter.php @@ -130,11 +130,11 @@ function form_delete($formdir, $formid) { // Delete a specified document including its associated relations and file. // function delete_document($document) { - $trow = sqlQuery("SELECT url FROM documents WHERE id = '$document'"); + $trow = sqlQuery("SELECT url FROM documents WHERE id = ?", array($document)); $url = $trow['url']; - row_delete("categories_to_documents", "document_id = '$document'"); - row_delete("documents", "id = '$document'"); - row_delete("gprelations", "type1 = 1 AND id1 = '$document'"); + row_delete("categories_to_documents", "document_id = '" . add_escape_custom($document) . "'"); + row_delete("documents", "id = '" . add_escape_custom($document) . "'"); + row_delete("gprelations", "type1 = 1 AND id1 = '" . add_escape_custom($document) . "'"); if (substr($url, 0, 7) == 'file://') { @unlink(substr($url, 7)); } @@ -374,7 +374,7 @@ function popup_close() { } ?> -
+

 
@@ -388,7 +388,7 @@ function popup_close() { } else if ($issue) { echo xl('issue') . " $issue"; } else if ($document) { - echo xl('document') . " $document"; + echo xl('document') . " " . text($document); } else if ($payment) { echo xl('payment') . " $payment"; } else if ($billing) { -- 2.11.4.GIT