Additional Sql-injection functions and techniques for escaping;
authorbradymiller <bradymiller@users.sourceforge.net>
Sun, 10 Mar 2013 09:35:20 +0000 (01:35 -0800)
committerbradymiller <bradymiller@users.sourceforge.net>
Mon, 18 Mar 2013 02:29:47 +0000 (19:29 -0700)
commitd56d58fcfbe04214f9df419901e766341a1b95d1
tree7c5e7670611aae3d4dc3594fc98eb3cd41b79dae
parentd04153a06f647c020fe455a17d330f3f1cc6b0d3
Additional Sql-injection functions and techniques for escaping;

 1. Improved/clarified the functions in library/formdata.inc.php
 2. Added mechanism for whitelisting openemr sql table names.
 3. Added mechanism for whitelisting openemr sql column names.
 4. Incorporated it into the messages module
 5. Incorporated into dictation form
 6. Incorporated into work/school form/note
14 files changed:
interface/forms/dictation/new.php
interface/forms/dictation/report.php
interface/forms/dictation/save.php
interface/forms/dictation/table.sql [deleted file]
interface/forms/dictation/view.php
interface/forms/note/new.php
interface/forms/note/print.php
interface/forms/note/report.php
interface/forms/note/save.php
interface/forms/note/view.php
library/api.inc
library/formdata.inc.php
library/forms.inc
library/pnotes.inc