From ad0e23a8026447728cbe24442c2a319fbef7cbfd Mon Sep 17 00:00:00 2001
From: bradymiller <bradymiller@users.sourceforge.net>
Date: Mon, 29 Nov 2010 23:58:48 -0800
Subject: [PATCH] CAMOS bug fix, which substitutes values for placeholders
 before submission of entry into the database. Will also continue to support
 placeholder substitution on report/note viewing to support previous
 functionality (previously, the placeholder were submitted into the database
 and then substituted on report or note viewing).

---
 interface/forms/CAMOS/ajax_save.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/interface/forms/CAMOS/ajax_save.php b/interface/forms/CAMOS/ajax_save.php
index 47fc06146..fe9c54df1 100755
--- a/interface/forms/CAMOS/ajax_save.php
+++ b/interface/forms/CAMOS/ajax_save.php
@@ -7,7 +7,7 @@ include_once("../../../library/sql.inc");
 include_once("content_parser.php");
 include_once("../../../library/formdata.inc.php");
 
-$field_names = array('category' => formData("category"), 'subcategory' => formData("subcategory"), 'item' => formData("item"), 'content' => formData("content"));
+$field_names = array('category' => formData("category"), 'subcategory' => formData("subcategory"), 'item' => formData("item"), 'content' => strip_escape_custom($_POST['content']));
 $camos_array = array();
 process_commands($field_names['content'],$camos_array); 
 
@@ -18,6 +18,12 @@ if ($encounter == "") {
 }
 
 if (preg_match("/^[\s\\r\\n\\\\r\\\\n]*$/",$field_names['content']) == 0) { //make sure blanks do not get submitted
+  // Replace the placeholders before saving the form. This was changed in version 4.0. Previous to this, placeholders
+  //   were submitted into the database and converted when viewing. All new notes will now have placeholders converted
+  //   before being submitted to the database. Will also continue to support placeholder conversion on report
+  //   views to support notes within database that still contain placeholders (ie. notes that were created previous to
+  //   version 4.0).
+  $field_names['content'] = add_escape_custom( replace($pid,$encounter,$field_names['content']) );
   reset($field_names);
   $newid = formSubmit("form_CAMOS", $field_names, $_GET["id"], $userauthorized);
   addForm($encounter, $CAMOS_form_name, $newid, "CAMOS", $pid, $userauthorized);
@@ -26,7 +32,12 @@ if (preg_match("/^[\s\\r\\n\\\\r\\\\n]*$/",$field_names['content']) == 0) { //ma
 foreach($camos_array as $val) {
   if (preg_match("/^[\s\\r\\n\\\\r\\\\n]*$/",$val['content']) == 0) { //make sure blanks not submitted
     foreach($val as $k => $v) {
-      $val[$k] = trim($v);  
+      // Replace the placeholders before saving the form. This was changed in version 4.0. Previous to this, placeholders
+      //   were submitted into the database and converted when viewing. All new notes will now have placeholders converted
+      //   before being submitted to the database. Will also continue to support placeholder conversion on report
+      //   views to support notes within database that still contain placeholders (ie. notes that were created previous to
+      //   version 4.0).
+      $val[$k] = trim( add_escape_custom( replace($pid,$encounter,$v) ) );
     } 
     $CAMOS_form_name = "CAMOS-".$val['category'].'-'.$val['subcategory'].'-'.$val['item'];
     reset($val);
-- 
2.11.4.GIT