When sending an email using the following Document screen in OpenEMR5:
if we use an apostrophe in the body of the email message the patient sees html like such:
My solution was to not send the htmlspecialchars($_POST[‘body’]) in the document_send method, instead I just am sending the raw text. What are the potential issues I will into by doing this? Should this be OK? Please review the following code below:
@growlingflea,
Our suggestion would be you can send the raw text instead of using htmlspecialchars.
Thanks,
ViSolve
Hi @growlingflea ,
Agree with @visolveemr . The htmlspecialchars() is specifically to escape stuff for html output (to avoid xss attacks); for example, trying to include javascript code maliciously. When the output is only for text output, then html escaping is not needed and would actually be considered a bug since it mangles your output.
-brady
My main concern was if it were to be logged into the database and the " ’ " causes issues. I stepped through the code and tested it using apostrophes and it seemed to be OK. I just wanted to make sure since I am making the change on a live system.
I will submit my change to the community,
