interface/billing/get_claim_file.php

   1 <?php
   2 /**
   3  * get_claim_file.php
   4  *
   5  * @package   OpenEMR
   6  * @link      http://www.open-emr.org
   7  * @author    Brady Miller <brady.g.miller@gmail.com>
   8  * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
   9  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  10  */
  11
  12
  13 require_once(dirname(__FILE__) . "/../globals.php");
  14 require_once $GLOBALS['OE_SITE_DIR'] . "/config.php";
  15
  16 if (!verifyCsrfToken($_GET["csrf_token_form"])) {
  17     csrfNotVerified();
  18 }
  19
  20 $content_type = "text/plain";
  21 $claim_file_dir = $GLOBALS['OE_SITE_DIR'] . "/edi/";
  22
  23 $fname = $_GET['key'];
  24 $fname = preg_replace("[/]", "", $fname);
  25 $fname = preg_replace("[\.\.]", "", $fname);
  26 $fname = preg_replace("[\\\\]", "", $fname);
  27
  28 if (strtolower(substr($fname, (strlen($fname)-4))) == ".pdf") {
  29     $content_type = "application/pdf";
  30 }
  31
  32 $fname = $claim_file_dir . $fname;
  33
  34 if (!file_exists($fname)) {
  35     echo xlt("The claim file: ") . text($_GET['key']) . xlt(" could not be accessed.");
  36 } else {
  37     $fp = fopen($fname, 'r');
  38
  39     header("Pragma: public");
  40     header("Expires: 0");
  41     header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
  42     header("Content-Type: $content_type");
  43     header("Content-Length: " . filesize($fname));
  44     header("Content-Disposition: attachment; filename=" . basename($fname));
  45
  46     // dump the picture and stop the script
  47     fpassthru($fp);
  48 }
  49
  50 exit;