From a5437757fa25dd7c0cd96f9c9edb8b33a4bc591c Mon Sep 17 00:00:00 2001 From: Roberto Vasquez Date: Wed, 10 Jun 2015 13:23:20 -0700 Subject: [PATCH] Update fax_dispatch_newpid.php for new security model --- interface/fax/fax_dispatch_newpid.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/interface/fax/fax_dispatch_newpid.php b/interface/fax/fax_dispatch_newpid.php index 1091d9e30..f65353e07 100644 --- a/interface/fax/fax_dispatch_newpid.php +++ b/interface/fax/fax_dispatch_newpid.php @@ -11,12 +11,15 @@ // specific data when a patient is selected. Currently this data // is just the caller's selection list of recent encounters. +$fake_register_globals=false; +$sanitize_all_escapes=true; + require_once("../globals.php"); require_once("$srcdir/sql.inc"); $res = sqlStatement("SELECT date, encounter, reason FROM form_encounter " . - "WHERE pid = '" . $_GET['p'] . "' " . - "ORDER BY date DESC, encounter DESC LIMIT 10"); + "WHERE pid = ? " . + "ORDER BY date DESC, encounter DESC LIMIT 10", array($_GET['p'])); echo "var s = document.forms[0].form_copy_sn_visit;\n"; echo "s.options.length = 0;\n"; -- 2.11.4.GIT