From dd253aee4689cb5fc090f2f60a558e51ac571057 Mon Sep 17 00:00:00 2001 From: Roberto Vasquez Date: Sat, 3 Oct 2015 13:02:51 -0700 Subject: [PATCH] Security fixes 20 --- interface/forms/CAMOS/rx_print.php | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/interface/forms/CAMOS/rx_print.php b/interface/forms/CAMOS/rx_print.php index cc1890214..015c80607 100755 --- a/interface/forms/CAMOS/rx_print.php +++ b/interface/forms/CAMOS/rx_print.php @@ -87,8 +87,9 @@ if ($_POST['print_pdf'] || $_POST['print_html']) { $query = sqlStatement("select content from ".mitigateSqlTableUpperCase("form_CAMOS")." where id =" . substr($key,3)); if ($result = mysql_fetch_array($query, MYSQL_ASSOC)) { + if ($_POST['print_html']) { //do this change to formatting only for html output - $content = preg_replace('|\n|','
', $result['content']); + $content = preg_replace('|\n|','
', text($result['content'])); $content = preg_replace('|

|','
', $content); } else { $content = $result['content']; @@ -100,16 +101,16 @@ if ($_POST['print_pdf'] || $_POST['print_html']) { $rx = new Prescription(substr($key,5)); //$content = $rx->drug.' '.$rx->form.' '.$rx->dosage; $content = '' - . $rx->drug . ' ' - . $rx->size . '' - . $rx->unit_array[$rx->unit] . '
' - . $rx->quantity. ' ' - . $rx->form_array[$rx->form]. '
' - . $rx->dosage . ' ' - . $rx->form_array[$rx->form]. ' ' - . $rx->route_array[$rx->route] . ' ' - . $rx->interval_array[$rx->interval] . '
' - . $rx->note . '
' + . text($rx->drug) . ' ' + . text($rx->size) . '' + . text($rx->unit_array[$rx->unit]) . '
' + . text($rx->quantity). ' ' + . text($rx->form_array[$rx->form]). '
' + . text($rx->dosage) . ' ' + . text($rx->form_array[$rx->form]). ' ' + . text($rx->route_array[$rx->route]) . ' ' + . text($rx->interval_array[$rx->interval]) . '
' + . text($rx->note) . '
' . 'refills:' . $rx->refills . ''; // . $rx->substitute_array[$rx->substitute]. '' // . $rx->per_refill . ''; -- 2.11.4.GIT