From 08137b2749ade50d58c79a3e475f642b7b01143f Mon Sep 17 00:00:00 2001 From: Brady Miller Date: Tue, 18 Oct 2022 23:30:43 -0700 Subject: [PATCH] bug fixes (#5846) --- interface/main/messages/messages.php | 4 ++-- interface/main/messages/save.php | 2 +- interface/patient_file/front_payment_cc.php | 2 +- library/classes/TreeMenu.php | 10 +++++----- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/interface/main/messages/messages.php b/interface/main/messages/messages.php index 19714b0d6..6863f8945 100644 --- a/interface/main/messages/messages.php +++ b/interface/main/messages/messages.php @@ -115,7 +115,7 @@ if (!empty($_REQUEST['go'])) { ?> echo "" . xlt('MedEx Setup') . ""; $stage = $_REQUEST['stage']; if (!is_numeric($stage)) { - echo "
$stage " . xlt('Warning') . ": " . xlt('This is not a valid request') . "."; + echo "
" . text($stage) . " " . xlt('Warning') . ": " . xlt('This is not a valid request') . "."; } else { $MedEx->setup->MedExBank($stage); } @@ -975,7 +975,7 @@ if (!empty($_REQUEST['go'])) { ?> delete collectvalidation.assigned_to; } - if(document.getElementById("form_message_status").value == 'Done'){ + if(document.getElementById("form_message_status").value == 'Done'){ delete collectvalidation.note; } diff --git a/interface/main/messages/save.php b/interface/main/messages/save.php index 730535c28..d349397cd 100644 --- a/interface/main/messages/save.php +++ b/interface/main/messages/save.php @@ -248,7 +248,7 @@ if ($_REQUEST['action'] == "process") { sqlQuery($sql, array('recall_' . $pid, $_POST['item'], $_SESSION['authUserID'], 'Label printed locally')); } } - echo json_encode($pidList); + echo text(json_encode($pidList)); exit; } if ($_REQUEST['go'] == "Messages") { diff --git a/interface/patient_file/front_payment_cc.php b/interface/patient_file/front_payment_cc.php index 749f53c3e..7abde7d65 100644 --- a/interface/patient_file/front_payment_cc.php +++ b/interface/patient_file/front_payment_cc.php @@ -53,7 +53,7 @@ if ($_POST['mode'] == 'AuthorizeNet') { exit(); } - echo $ccaudit; + echo text($ccaudit); exit(); } diff --git a/library/classes/TreeMenu.php b/library/classes/TreeMenu.php index c4c1d71f2..b25458be9 100755 --- a/library/classes/TreeMenu.php +++ b/library/classes/TreeMenu.php @@ -680,17 +680,17 @@ class HTML_TreeMenu_DHTML extends HTML_TreeMenu_Presentation $expanded = $this->isDynamic ? ($nodeObj->expanded ? 'true' : 'false') : 'true'; $isDynamic = $this->isDynamic ? ($nodeObj->isDynamic ? 'true' : 'false') : 'false'; $html = sprintf( - "\t %s = %s.addItem(new TreeNode('%s', %s, %s, %s, %s, '%s', '%s', %s));\n", + "\t %s = %s.addItem(new TreeNode(jsAttr(%s), jsAttr(%s), jsAttr(%s), %s, %s, '%s', '%s', jsAttr(%s)));\n", $return, $prefix, - attr($nodeObj->text), - !empty($nodeObj->icon) ? "'" . $nodeObj->icon . "'" : 'null', - !empty($nodeObj->link) ? "'" . attr($nodeObj->link) . "'" : 'null', + js_escape($nodeObj->text), + !empty($nodeObj->icon) ? js_escape($nodeObj->icon) : 'null', + !empty($nodeObj->link) ? js_escape($nodeObj->link) : 'null', $expanded, $isDynamic, $nodeObj->cssClass, $nodeObj->linkTarget, - !empty($nodeObj->expandedIcon) ? "'" . $nodeObj->expandedIcon . "'" : 'null' + !empty($nodeObj->expandedIcon) ? js_escape($nodeObj->expandedIcon) : 'null' ); foreach ($nodeObj->events as $event => $handler) { -- 2.11.4.GIT