From ec9f238540bb8759ac44abafb238ec9d87139f40 Mon Sep 17 00:00:00 2001
From: Kevin Yeh <kevinyeh@alum.mit.edu>
Date: Wed, 19 Dec 2012 15:53:11 -0500
Subject: [PATCH] Verfiy form_ss exists before trying to use it. (allows hiding
 SS field). Also only try to validate self/subscriber SS# relationships if
 both fields are valid SSN. Allow override of SS# validation like name
 comparison. Added xls to htmlspecialchars.  (addslashes version of xl for use
 with javascript literals).

---
 .../patient_file/summary/demographics_full.php     | 26 +++++++++++++++-------
 library/htmlspecialchars.inc.php                   |  6 +++++
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/interface/patient_file/summary/demographics_full.php b/interface/patient_file/summary/demographics_full.php
index b29fa6d62..8575458fe 100644
--- a/interface/patient_file/summary/demographics_full.php
+++ b/interface/patient_file/summary/demographics_full.php
@@ -122,7 +122,10 @@ function auto_populate_employer_address<?php echo $i ?>(){
     f.form_i<?php echo $i?>subscriber_country.value=f.form_country_code.value;
   f.i<?php echo $i?>subscriber_phone.value=f.form_phone_home.value;
   f.i<?php echo $i?>subscriber_DOB.value=f.form_DOB.value;
-  f.i<?php echo $i?>subscriber_ss.value=f.form_ss.value;
+  if(typeof f.form_ss!="undefined")
+    {
+        f.i<?php echo $i?>subscriber_ss.value=f.form_ss.value;  
+    }
   f.form_i<?php echo $i?>subscriber_sex.value = f.form_sex.value;
   f.i<?php echo $i?>subscriber_employer.value=f.form_em_name.value;
   f.i<?php echo $i?>subscriber_employer_street.value=f.form_em_street.value;
@@ -269,24 +272,31 @@ function validate(f) {
    f[subpfx + 'fname'].value == f.form_fname.value &&
    f[subpfx + 'mname'].value == f.form_mname.value &&
    f[subpfx + 'lname'].value == f.form_lname.value;
-  var samess = f[subpfx + 'ss'].value == f.form_ss.value;
+  var ss_regexp=/[0-9][0-9][0-9]-?[0-9][0-9]-?[0-9][0-9][0-9][0-9]/;
+  var samess=true;
+  var ss_valid=false;
+  if(typeof f.form_ss!="undefined")
+      {
+        samess = f[subpfx + 'ss'].value == f.form_ss.value;
+        ss_valid=ss_regexp.test(f[subpfx + 'ss'].value) && ss_regexp.test(f.form_ss.value);  
+      }
   if (subrelat.options[subrelat.selectedIndex].value == "self") {
    if (!samename) {
-    if (!confirm("<?php xl('Subscriber relationship is self but name is different! Is this really OK?','e'); ?>"))
+    if (!confirm("<?php echo xls('Subscriber relationship is self but name is different! Is this really OK?'); ?>"))
      return false;
    }
-   if (!samess) {
-    alert("<?php xl('Subscriber relationship is self but SS number is different!','e'); ?>");
+   if (!samess && ss_valid) {
+    if(!confirm("<?php echo xls('Subscriber relationship is self but SS number is different!')." ". xls("Is this really OK?"); ?>"))
     return false;
    }
   } // end self
   else {
    if (samename) {
-    if (!confirm("<?php xl('Subscriber relationship is not self but name is the same! Is this really OK?','e'); ?>"))
+    if (!confirm("<?php echo xls('Subscriber relationship is not self but name is the same! Is this really OK?'); ?>"))
      return false;
    }
-   if (samess) {
-    alert("<?php xl('Subscriber relationship is not self but SS number is the same!','e'); ?>");
+   if (samess && ss_valid)  {
+    if(!confirm("<?php echo xls('Subscriber relationship is not self but SS number is the same!') ." ". xls("Is this really OK?"); ?>"))
     return false;
    }
   } // end not self
diff --git a/library/htmlspecialchars.inc.php b/library/htmlspecialchars.inc.php
index d436a6ff7..44d5eae3f 100644
--- a/library/htmlspecialchars.inc.php
+++ b/library/htmlspecialchars.inc.php
@@ -85,6 +85,12 @@ function xla($key) {
 	return attr(hsc_private_xl_or_warn($key));
 }
 
+/*
+Translate via xl() and then escape via addslashes for use with javascript literals
+*/
+function xls($key){
+	return addslashes(hsc_private_xl_or_warn($key));
+}
 return; // Stop include / require from going any further (non-PHP)
 ?>
 This file is free software: you can redistribute it and/or modify
-- 
2.11.4.GIT