V5.0.1(2) CAMOS formatting problems

CAMOS notes preview shows everything on one line with “n” where line breaks belong and edit windows puts “/n”. Also, I have to refresh the encounter (button on tab) before the CAMOS note entry shows.

No problems until I upgraded to v. 5.0.1(2) on XAMPP but I rechecked and problem happens before patches, which includes:
Server version: 10.1.13-MariaDB - mariadb.org binary distribution,
Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.20,
PHP version: 5.6.20
Running on Win 2008r2 and Windows 10 (my laptop).

Update: In ajax_save.php I commented out: $field_names[‘content’] = add_escape_custom(replace($pid, $encounter, $field_names[‘content’])); (around line 23) - and the CAMOS saves/retrieves with the line breaks.

Errors produced after re-entering encounter screen: PHP Warning: fopen: failed to open stream: No such file or directory in \C_Document.class.php on line 633, referer: /interface/main/tabs/main.php
This error leads to this error: PHP Warning: fpassthru() expects parameter 1 to be resource, boolean given in \controllers\C_Document.class.php on line 653, referer: /interface/main/tabs/main.php

I’d like to +1 this one. My physician is upset at the camos formatting. Michael, you are saying that when you changed the php, it fixed the formatting but now causes errors?

Sequel needs the escaping for several reason. Try backing up in code to find where offending field is not being escaped properly.

Partial fix - add_escape_custom did not like it in array format but when I assigned it to a variable, it liked it just fine. I replaced the line I commented out with:
$content = $field_names[‘content’];
$content = add_escape_custom(replace($pid, $encounter, $content));

When I tried the same rationale for cloned notes, the formatting returns but the comments are also there…still working on it.

Here’s the final fix. Ignore the previous guess. I would appreciate someone checking this:

Edit library\formdata.inc.php:

function add_escape_custom($s)
{
//prepare for safe mysql insertion
//this was behaving erratically
// $s = mysqli_real_escape_string($GLOBALS[‘dbh’], $s);
// return $s;
//mikef borrowed from Trevor Herselman’s post on php.net
return mb_ereg_replace(’[\x00\x0A\x0D\x1A\x22\x27\x5C]’, ‘\\0’, $s);
}

hi @Michael_Farina ,

That looks kind of scary :slight_smile:
I’ll add it to my queue to see what damage we must of done with the escaping in the ajax_save.php script (I am betting we are over-escaping things (ie. double escaping or escaping things that should not be escaped)).

edit:
oh my goodness, that ajax save script is a bit of a mess :slight_smile:

another edit:
$field_names[‘content’] is getting double escaped (once in main script and then again in the formSubmit function)

yet another edit:
also line 8 on $field_names is essentially causing all other values to be double escaped (since are escaped in formSubmit function)

-brady

Thanks for the look. I just figured out it doesn’t work for removing apostrophes because I don’t usually use them but when one slipped in I couldn’t keep from circling a spot on the wall to bang my head.

The over-escaping makes sense now that you say it but I don’t think I would have figured it out.
Ain’t contractions great!

FYI - strip escape custom no longer does anything.

Update: So far, this code is behaving:
In ajax_save:
Line 8: $field_names = array(‘category’ => formData(“category”), ‘subcategory’ => formData(“subcategory”), ‘item’ => formData(“item”), ‘content’ => camos_add_escape(replace($pid,$encounter,$_POST[‘content’])));

at bottom:
function camos_add_escape($s)
{
//mikef borrowed from Trevor Herselman as posted on php.net/manual/en/mysqli.real-escape-string.php
return mb_ereg_replace(’[\x00\x0A\x0D\x1A\x22\x27\x5C]’, ‘\0’, $s);
}

I moved this to a new function because add_escape_custom is used in so many other places and I do not have time to play whack-a-mole…and then found it resolved the apostrophe problem. I think the apostrophe was the only problem. I am curious if changes to function fixquotes in CAMOS/new.php is related due to comments left there.

I dropped add_escape_custom and replace from the rest of the file. I am curious if we still need to trim because I think content_parser already does that so I will play with that soon.

I will use this fix attempt for a few days and see what happens.

hi @Michael_Farina ,

Sorry for the delay on this. Check out this more recent thread for the planned official fix for this:

-brady