Security Vulnerabilities

bradymiller wrote on Sunday, May 26, 2013:

Hi,

In order to keep some momentum going on the codebase security project, here is code that converts the Encounter form to the new security model (also added license/author headers to the files). Still a little more testing to do:

Feel free to test/review it and please feel free to convert other parts of the code to the new security model: http://www.open-emr.org/wiki/index.php/Codebase_Security#SQL-Injection_and_Cross-Scripting_Prevention

-brady
OpenEMR

bradymiller wrote on Friday, May 31, 2013:

Hi,

Committed above and here is a commit to convert the login screen to the new security model (along with a couple other related scripts):

Feel free to test/review it.

-brady
OpenEMR

bradymiller wrote on Friday, May 31, 2013:

Hi,

Had a bug in above commit, which fixed. Here is the new commit:

-brady
OpenEMR

bradymiller wrote on Saturday, June 15, 2013:

Hi,

Here are some initial wiki pages on the release process etc. Goal is to have this release be more of a group effort. Plan to create the branch once a translation iteration (and the login stuff) is complete. At that point, can then create the branch demos.

http://www.open-emr.org/wiki/index.php/Steps_for_an_official_release
http://www.open-emr.org/wiki/index.php/QA/Release_Process#Version_4.1.2

-brady
OpenEMR

bradymiller wrote on Saturday, June 15, 2013:

oops, wrong forum. will post this again in the proper forum.