Entering Call Back Notes under Flow Board leads to Authentication Error

Ralf_Lukner · June 7, 2021, 3:44pm

Situation
Entering Call Back Notes under Flow Board leads to Authentication Error after pressing “Save”

OpenEMR Version
AWS OpenEMR Cloud 6.0.0(1) STANDARD

Browser:
I’m using: Reproduced on the latest Safari and Chrome browsers for Mac.

Operating System
I’m using: Ubuntu 16.04.7 LTS (GNU/Linux 4.4.0-1128-aws x86_64)

Logs
0691] OpenEMR CSRF token authentication error, referer: http://3.13xxxxx.xxx/interface/patient_tracker/patient_tracker.php?skip_timeout_reset=1

stephenwaite · June 7, 2021, 4:23pm

hi @Ralf_Lukner, do you mean this screen?

Ralf_Lukner · June 7, 2021, 5:29pm

That is the Recall Board. I’m referring to the “Flow Board” – which is one of the options on the main menu (see first image below). If someone enters comments about the call back in the white field and presses “Save,” the error in the second image appears.

stephenwaite · June 7, 2021, 6:00pm

ok thanks, is this a question for @ophthal since am unable to reproduce error without MedEx enabled?

Ralf_Lukner · June 7, 2021, 11:05pm

I suspect you are right

Ralf_Lukner · June 7, 2021, 11:15pm

He sent me the following fix:

./interface/patient_tracker/patient_tracker.php

line 556:

<input type='hidden' name='csrf_token_form' value='<?php echo attr(CsrfUtils::collectCsrfToken()); ?>' />

becomes:

<input type='hidden' name='csrf_token_form' value='" . attr(CsrfUtils::collectCsrfToken()) ."' />