From: bradymiller <bradymiller@users.sourceforge.net>
Date: Sun, 16 Dec 2012 10:42:24 +0000 (-0800)
Subject: Support new security model in the formSubmit function - bug fix
X-Git-Tag: whats-been-changed~474
X-Git-Url: https://repo.or.cz/w/openemr.git/commitdiff_plain/dddd9ca766c5cb9e39be4fb506a746a168566a63

Support new security model in the formSubmit function - bug fix
---

diff --git a/library/api.inc b/library/api.inc
index 274ae416f..c4b14cf71 100644
--- a/library/api.inc
+++ b/library/api.inc
@@ -34,6 +34,10 @@ function formFooter ()
 //   Otherwise, this function expects the $values to already be escaped(original and legacy behavior).
 function formSubmit ($tableName, $values, $id, $authorized = "0")
 {
+        // Bring in $sanitize_all_escapes variable, which will decide
+        // the variable escaping method.
+        global $sanitize_all_escapes;
+
 	$sql = "insert into $tableName set pid = {$_SESSION['pid']},groupname='".$_SESSION['authProvider']."',user='".$_SESSION['authUser']."',authorized=$authorized,activity=1, date = NOW(),";
 	foreach ($values as $key => $value)
 		if (strpos($key,"openemr_net_cpt") === 0) {