CAMOS notes preview shows everything on one line with “n” where line breaks belong and edit windows puts “/n”. Also, I have to refresh the encounter (button on tab) before the CAMOS note entry shows.
No problems until I upgraded to v. 5.0.1(2) on XAMPP but I rechecked and problem happens before patches, which includes:
Server version: 10.1.13-MariaDB - mariadb.org binary distribution,
Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.20,
PHP version: 5.6.20
Running on Win 2008r2 and Windows 10 (my laptop).
Update: In ajax_save.php I commented out: $field_names[‘content’] = add_escape_custom(replace($pid, $encounter, $field_names[‘content’])); (around line 23) - and the CAMOS saves/retrieves with the line breaks.
Errors produced after re-entering encounter screen: PHP Warning: fopen: failed to open stream: No such file or directory in \C_Document.class.php on line 633, referer: /interface/main/tabs/main.php
This error leads to this error: PHP Warning: fpassthru() expects parameter 1 to be resource, boolean given in \controllers\C_Document.class.php on line 653, referer: /interface/main/tabs/main.php
I’d like to +1 this one. My physician is upset at the camos formatting. Michael, you are saying that when you changed the php, it fixed the formatting but now causes errors?
Partial fix - add_escape_custom did not like it in array format but when I assigned it to a variable, it liked it just fine. I replaced the line I commented out with:
$content = $field_names[‘content’];
$content = add_escape_custom(replace($pid, $encounter, $content));
When I tried the same rationale for cloned notes, the formatting returns but the comments are also there…still working on it.
Here’s the final fix. Ignore the previous guess. I would appreciate someone checking this:
Edit library\formdata.inc.php:
function add_escape_custom($s)
{
//prepare for safe mysql insertion
//this was behaving erratically
// $s = mysqli_real_escape_string($GLOBALS[‘dbh’], $s);
// return $s;
//mikef borrowed from Trevor Herselman’s post on php.net
return mb_ereg_replace(’[\x00\x0A\x0D\x1A\x22\x27\x5C]’, ‘\\0’, $s);
}
That looks kind of scary
I’ll add it to my queue to see what damage we must of done with the escaping in the ajax_save.php script (I am betting we are over-escaping things (ie. double escaping or escaping things that should not be escaped)).
edit:
oh my goodness, that ajax save script is a bit of a mess
another edit:
$field_names[‘content’] is getting double escaped (once in main script and then again in the formSubmit function)
yet another edit:
also line 8 on $field_names is essentially causing all other values to be double escaped (since are escaped in formSubmit function)
Thanks for the look. I just figured out it doesn’t work for removing apostrophes because I don’t usually use them but when one slipped in I couldn’t keep from circling a spot on the wall to bang my head.
The over-escaping makes sense now that you say it but I don’t think I would have figured it out.
Ain’t contractions great!
FYI - strip escape custom no longer does anything.
Update: So far, this code is behaving:
In ajax_save:
Line 8: $field_names = array(‘category’ => formData(“category”), ‘subcategory’ => formData(“subcategory”), ‘item’ => formData(“item”), ‘content’ => camos_add_escape(replace($pid,$encounter,$_POST[‘content’])));
at bottom:
function camos_add_escape($s)
{
//mikef borrowed from Trevor Herselman as posted on php.net/manual/en/mysqli.real-escape-string.php
return mb_ereg_replace(’[\x00\x0A\x0D\x1A\x22\x27\x5C]’, ‘\0’, $s);
}
I moved this to a new function because add_escape_custom is used in so many other places and I do not have time to play whack-a-mole…and then found it resolved the apostrophe problem. I think the apostrophe was the only problem. I am curious if changes to function fixquotes in CAMOS/new.php is related due to comments left there.
I dropped add_escape_custom and replace from the rest of the file. I am curious if we still need to trim because I think content_parser already does that so I will play with that soon.
I will use this fix attempt for a few days and see what happens.
