[med-svn] [openemr] 01/01: Adding in patch 6 from upstream for latest fixes for 4.1.2
Ian Wallace
iankarlwallace-guest at moszumanska.debian.org
Thu Jun 19 05:56:55 UTC 2014
This is an automated email from the git hooks/post-receive script.
iankarlwallace-guest pushed a commit to branch master
in repository openemr.
commit 277d3465e5d9a8a2e6a968421b7dc463f3967243
Author: Ian Wallace <iankarlwallace at gmail.com>
Date: Mon Jun 16 21:21:25 2014 -0700
Adding in patch 6 from upstream for latest fixes for 4.1.2
---
.../convert_logcomments_perl_invocation_fix | 14 +
...oded.diff => correct_webroot_dirs_globals_conf} | 8 +-
debian/patches/series | 3 +
debian/patches/upstream_patch_6 | 1915 ++++++++++++++++++++
4 files changed, 1933 insertions(+), 7 deletions(-)
diff --git a/debian/patches/convert_logcomments_perl_invocation_fix b/debian/patches/convert_logcomments_perl_invocation_fix
new file mode 100644
index 0000000..b963db4
--- /dev/null
+++ b/debian/patches/convert_logcomments_perl_invocation_fix
@@ -0,0 +1,14 @@
+Description: Correct perl path for invocation
+Author: Ian Wallace <iankarlwallace at gmail.com>
+Origin: other
+Last-Update: 2014-06-15
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/contrib/util/undelete_from_log/convert_logcomments.pl
++++ b/contrib/util/undelete_from_log/convert_logcomments.pl
+@@ -1,4 +1,4 @@
+-#!/opt/local/bin/perl
++#!/usr/bin/perl
+
+ #######################################################################
+ # Copyright (C) 2010 - Medical Information Integration, LLC
diff --git a/debian/patches/globals_conf_hardcoded.diff b/debian/patches/correct_webroot_dirs_globals_conf
similarity index 54%
rename from debian/patches/globals_conf_hardcoded.diff
rename to debian/patches/correct_webroot_dirs_globals_conf
index ec28ecd..2dd513c 100644
--- a/debian/patches/globals_conf_hardcoded.diff
+++ b/debian/patches/correct_webroot_dirs_globals_conf
@@ -1,17 +1,11 @@
-Description: Hard code globals.php for webserverroot and webroot
-Author: Ian Wallace <iankarlwallace at gmail.com>
-Origin: upstream
-Last-Update: 2014-06-14
--- a/interface/globals.php
+++ b/interface/globals.php
-@@ -70,8 +70,10 @@ if (preg_match("/^[^\/]/",$web_root)) {
+@@ -70,8 +70,8 @@ if (preg_match("/^[^\/]/",$web_root)) {
// The webserver_root and web_root are now automatically collected in
// real time per above code. If above is not working, can uncomment and
// set manually here:
-// $webserver_root = "/var/www/openemr";
-// $web_root = "/openemr";
-+// TODO: FIX THE AUTO DETECTION RULES ABOVE FOR DEBIAN PACKAGE
-+// Debian Package sets b/c the auto method doesn't work correctly -- will need a permanent fix
+$webserver_root = "/usr/share/openemr";
+$web_root = "/openemr";
//
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..f5ef4f1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+correct_webroot_dirs_globals_conf
+convert_logcomments_perl_invocation_fix
+upstream_patch_6
diff --git a/debian/patches/upstream_patch_6 b/debian/patches/upstream_patch_6
new file mode 100644
index 0000000..bea8b2d
--- /dev/null
+++ b/debian/patches/upstream_patch_6
@@ -0,0 +1,1915 @@
+Description: Patch 6 for OpenEMR
+ Patch 6 from the OpenEMR website that includes all files for the 4.1.2 release.
+Author: Brady Miller <brady at sparmy.com>
+Origin: upstream, http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
+Reviewed-by: Ian Wallace <iankarlwallace at gmail.com>
+Last-Update: 2014-06-15
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/contrib/util/ubuntu_package_scripts/README
++++ b/contrib/util/ubuntu_package_scripts/README
+@@ -19,6 +19,7 @@ Directory structure of package.
+ /DEBIAN/postrm
+ /DEBIAN/config
+ /DEBIAN/templates
++/etc/apache2/sites-available/openemr.conf
+
+
+ DEVELOPMENT CVS PACKAGE
+@@ -26,11 +27,11 @@ development directory - hold the develop
+ Directory structure of package:
+ --Note the maintenance scripts need broad execution privileges
+ --Note when gzip something use --best switch
+-/usr/share/applications/cvs-openemr.desktop
+-/usr/share/doc/cvs-openemr/README.Debian
+-/usr/share/doc/cvs-openemr/changelog.Debian.gz
+-/usr/share/doc/cvs-openemr/copyright
+-/usr/share/man/man8/cvs-openemr.8.gz
++/usr/share/applications/git-openemr.desktop
++/usr/share/doc/git-openemr/README.Debian
++/usr/share/doc/git-openemr/changelog.Debian.gz
++/usr/share/doc/git-openemr/copyright
++/usr/share/man/man8/git-openemr.8.gz
+ /DEBIAN/control
+ /DEBIAN/preinst
+ /DEBIAN/postinst
+@@ -38,3 +39,4 @@ Directory structure of package:
+ /DEBIAN/postrm
+ /DEBIAN/config
+ /DEBIAN/templates
++/etc/apache2/sites-available/git-openemr.conf
+--- a/contrib/util/ubuntu_package_scripts/development/README.Debian
++++ b/contrib/util/ubuntu_package_scripts/development/README.Debian
+@@ -48,5 +48,5 @@ just installed it is very helpful.
+
+ Authors of debianized OpenEMR:
+ ------------------------------
+--- Brady Miller <brady at sparmy.com> Tue, 26 Jul 2011 17:40:00 -0700
+--- Amalu Obinna <amaluobinna at aol.com> Tue, 26 Jul 2011 17:40:00 -0700
++-- Brady Miller <brady at sparmy.com> Tue, 29 Apr 2014 18:59:45 -0700
++-- Amalu Obinna <amaluobinna at aol.com> Tue, 29 Apr 2014 18:59:45 -0700
+--- a/contrib/util/ubuntu_package_scripts/development/changelog.Debian
++++ b/contrib/util/ubuntu_package_scripts/development/changelog.Debian
+@@ -1,3 +1,9 @@
++git-openemr (1.0.0-2) stable; urgency=low
++
++ * Fixes to work on Ubuntu 14.04.
++
++ -- Brady Miller <brady at sparmy.com> Tue, 29 Apr 2014 18:59:45 -0700
++
+ git-openemr (1.0.0-1) stable; urgency=low
+
+ * Initial Release.
+--- a/contrib/util/ubuntu_package_scripts/development/control
++++ b/contrib/util/ubuntu_package_scripts/development/control
+@@ -1,5 +1,5 @@
+ Package: git-openemr
+-Version: 1.0.0-1
++Version: 1.0.0-2
+ Maintainer: Brady Miller <brady at sparmy.com>
+ Installed-Size: 46000
+ Priority: optional
+@@ -7,7 +7,7 @@ Section: web
+ Architecture: all
+ Homepage: http://www.open-emr.org/
+ Pre-Depends: debconf
+-Depends: mysql-server, apache2-mpm-prefork, makepasswd, libapache2-mod-php5, libdate-calc-perl, libdbd-mysql-perl, libdbi-perl, libhtml-parser-perl, libtiff-tools, libwww-mechanize-perl, libxml-parser-perl, php5, php5-mysql, php5-cli, php5-gd, php5-xsl, php5-curl, php5-mcrypt, php-soap, imagemagick, git-core
++Depends: mysql-server, apache2-mpm-prefork, makepasswd, libapache2-mod-php5, libdate-calc-perl, libdbd-mysql-perl, libdbi-perl, libhtml-parser-perl, libtiff-tools, libwww-mechanize-perl, libxml-parser-perl, php5, php5-mysql, php5-cli, php5-gd, php5-xsl, php5-curl, php5-mcrypt, php-soap, php5-json, imagemagick, git-core
+ Description: Comprehensive Medical Practice Management Application
+ OpenEMR provides office scheduling, electronic medical records,
+ prescriptions, insurance billing, accounting and access controls.
+--- a/contrib/util/ubuntu_package_scripts/development/copyright
++++ b/contrib/util/ubuntu_package_scripts/development/copyright
+@@ -1,14 +1,14 @@
+ This package was debianized by Brady Miller <brady at sparmy.com> on
+-Tue, 26 Jul 2011 17:40:00 -0700.
++Tue, 29 Apr 2014 18:59:45 -0700.
+
+ Upstream Author:
+ http://www.open-emr.org
+
+ Copyright:
+- Copyright (C) 2011 http://www.oemr.org
++ Copyright (C) 2014 http://www.oemr.org
+
+ License:
+ GPL
+
+-The Debian packaging is (C) 2011, Brady Miller <brady at sparmy.com> and
++The Debian packaging is (C) 2014, Brady Miller <brady at sparmy.com> and
+ is licensed under the GPL, see `/usr/share/common-licenses/GPL'.
+--- /dev/null
++++ b/contrib/util/ubuntu_package_scripts/development/git-openemr.conf
+@@ -0,0 +1,14 @@
++# OpenEMR default Apache configuration
++Alias /git-openemr /var/www/git-openemr
++<Directory "/var/www/git-openemr/sites/*/documents">
++ order deny,allow
++ Deny from all
++</Directory>
++<Directory "/var/www/git-openemr/sites/*/edi">
++ order deny,allow
++ Deny from all
++</Directory>
++<Directory "/var/www/git-openemr/sites/*/era">
++ order deny,allow
++ Deny from all
++</Directory>
+--- a/contrib/util/ubuntu_package_scripts/development/postinst
++++ b/contrib/util/ubuntu_package_scripts/development/postinst
+@@ -5,7 +5,7 @@
+ #the Free Software Foundation; either version 2 of the License, or
+ #(at your option) any later version.
+ #
+-# Copyright 2011
++# Copyright 2011-2014
+ # authors: Brady Miller <brady at sparmy.com>
+ # Amalu Obinna <amaluobinna at aol.com>
+ #
+@@ -258,6 +258,10 @@ case "$1" in
+ log_only "Done configuring OpenEMR"
+ fi
+
++ # Activate the OpenEMR conf file for apache
++ log_only "Activate OpenEMR config file for Apache"
++ a2ensite git-openemr.conf
++
+ log_only "Restarting Apache service..."
+ invoke-rc.d apache2 restart >> $LOG 2>&1
+
+--- a/contrib/util/ubuntu_package_scripts/development/prerm
++++ b/contrib/util/ubuntu_package_scripts/development/prerm
+@@ -5,7 +5,7 @@
+ #the Free Software Foundation; either version 2 of the License, or
+ #(at your option) any later version.
+ #
+-# Copyright 2011
++# Copyright 2011-2014
+ # authors: Brady Miller <brady at sparmy.com>
+ # Amalu Obinna <amaluobinna at aol.com>
+ #
+@@ -155,6 +155,10 @@ case "$1" in
+ mysql -f -u root -h "$SQLLOCATION" --password="$MPASS" -e "DELETE FROM mysql.user WHERE User = '$SQLUSER';FLUSH PRIVILEGES;" >> $LOG 2>&1
+ log_only "Removed OpenEMR MySQL user"
+
++ #remove OpenEMR apache set up as active config
++ log_only "Turn off apache conf for OpenEMR"
++ a2dissite git-openemr.conf
++
+ #stop db
+ db_stop
+
+--- a/contrib/util/ubuntu_package_scripts/production/README.Debian
++++ b/contrib/util/ubuntu_package_scripts/production/README.Debian
+@@ -46,5 +46,5 @@ just installed it is very helpful.
+
+ Authors of debianized OpenEMR:
+ ------------------------------
+--- Brady Miller <brady at sparmy.com> Sat, 02 Nov 2013 01:15:32 -0700
+--- Amalu Obinna <amaluobinna at aol.com> Sat, 02 Nov 2013 01:15:32 -0700
++-- Brady Miller <brady at sparmy.com> Tue, 29 Apr 2014 19:12:02 -0700
++-- Amalu Obinna <amaluobinna at aol.com> Tue, 29 Apr 2014 19:12:02 -0700
+--- a/contrib/util/ubuntu_package_scripts/production/changelog.Debian
++++ b/contrib/util/ubuntu_package_scripts/production/changelog.Debian
+@@ -1,3 +1,10 @@
++openemr (4.1.2-3) stable; urgency=low
++
++ * New upstream patch (patch number 6)
++ * Fixes to work with Ubuntu 12.10, 13.10 and 14.04
++
++ -- Brady Miller <brady at sparmy.com> Tue, 29 Apr 2014 19:12:02 -0700
++
+ openemr (4.1.2-2) stable; urgency=low
+
+ * New upstream patch (patch number 3)
+--- a/contrib/util/ubuntu_package_scripts/production/control
++++ b/contrib/util/ubuntu_package_scripts/production/control
+@@ -1,5 +1,5 @@
+ Package: openemr
+-Version: 4.1.2-2
++Version: 4.1.2-3
+ Maintainer: Brady Miller <brady at sparmy.com>
+ Installed-Size: 127000
+ Priority: optional
+@@ -8,7 +8,7 @@ Architecture: all
+ Source: openemr
+ Homepage: http://www.open-emr.org/
+ Pre-Depends: debconf
+-Depends: mysql-server, apache2-mpm-prefork, makepasswd, libapache2-mod-php5, libdate-calc-perl, libdbd-mysql-perl, libdbi-perl, libhtml-parser-perl, libtiff-tools, libwww-mechanize-perl, libxml-parser-perl, php5, php5-mysql, php5-cli, php5-gd, php5-xsl, php5-curl, php5-mcrypt, php-soap, imagemagick
++Depends: mysql-server, apache2-mpm-prefork, makepasswd, libapache2-mod-php5, libdate-calc-perl, libdbd-mysql-perl, libdbi-perl, libhtml-parser-perl, libtiff-tools, libwww-mechanize-perl, libxml-parser-perl, php5, php5-mysql, php5-cli, php5-gd, php5-xsl, php5-curl, php5-mcrypt, php-soap, php5-json, imagemagick
+ Description: Comprehensive Medical Practice Management Application
+ OpenEMR provides office scheduling, electronic medical records,
+ prescriptions, insurance billing, accounting and access controls.
+--- a/contrib/util/ubuntu_package_scripts/production/copyright
++++ b/contrib/util/ubuntu_package_scripts/production/copyright
+@@ -1,5 +1,5 @@
+ This package was debianized by Brady Miller <brady at sparmy.com> on
+-Sat, 02 Nov 2013 01:15:32 -0700.
++Tue, 29 Apr 2014 19:12:02 -0700.
+
+ It was downloaded from sourceforge.
+
+@@ -7,10 +7,10 @@ Upstream Author:
+ http://www.open-emr.org
+
+ Copyright:
+- Copyright (C) 2013 http://www.oemr.org
++ Copyright (C) 2014 http://www.oemr.org
+
+ License:
+ GPL
+
+-The Debian packaging is (C) 2013, Brady Miller <brady at sparmy.com> and
++The Debian packaging is (C) 2014, Brady Miller <brady at sparmy.com> and
+ is licensed under the GPL, see `/usr/share/common-licenses/GPL'.
+--- /dev/null
++++ b/contrib/util/ubuntu_package_scripts/production/openemr.conf
+@@ -0,0 +1,14 @@
++# OpenEMR default Apache configuration
++Alias /openemr /var/www/openemr
++<Directory "/var/www/openemr/sites/*/documents">
++ order deny,allow
++ Deny from all
++</Directory>
++<Directory "/var/www/openemr/sites/*/edi">
++ order deny,allow
++ Deny from all
++</Directory>
++<Directory "/var/www/openemr/sites/*/era">
++ order deny,allow
++ Deny from all
++</Directory>
+--- a/contrib/util/ubuntu_package_scripts/production/postinst
++++ b/contrib/util/ubuntu_package_scripts/production/postinst
+@@ -5,7 +5,7 @@
+ #the Free Software Foundation; either version 2 of the License, or
+ #(at your option) any later version.
+ #
+-# Copyright 2012
++# Copyright 2011-2014
+ # authors: Amalu Obinna <amaluobinna at aol.com>
+ # Brady Miller <brady at sparmy.com>
+ #
+@@ -65,7 +65,6 @@ case "$1" in
+ INSTTEMP=$OPENEMR/contrib/util/installScripts/InstallerAutoTemp.php
+ #php and apache files
+ PHP=/etc/php5/apache2/php.ini
+- APACHE=/etc/apache2/httpd.conf
+ #web user and group
+ WEB_GROUP=www-data
+ WEB_USER=www-data
+@@ -264,6 +263,12 @@ case "$1" in
+ sed -i "/^[ ]*.*sqldatabase[ =].*$/d" $CONFIG
+ sed -i "/^[ ]*.*sqlutfflag[ =].*$/d" $CONFIG
+
++ # Activate the OpenEMR conf file for apache and restart apache
++ log_only "Activate OpenEMR config file for Apache"
++ a2ensite openemr.conf
++ log_only "Restarting Apache service"
++ invoke-rc.d apache2 restart >> $LOG 2>&1
++
+ #done upgrading
+ prompt_input openemr/success_upgrade critical ret_result
+ log_only "OpenEMR upgrade is complete."
+@@ -275,6 +280,9 @@ case "$1" in
+ log_only "(We recommend you copy this somewhere protected since it"
+ log_only "contains confidential patient information)"
+
++ #stop db
++ db_stop
++
+ exit 0
+
+ elif [ "$PLAN" == "install" ] ; then
+@@ -284,167 +292,6 @@ case "$1" in
+ unable_exit "Error reading plan variable in configuration file."
+ fi
+
+- #collect the mysql root password (if applicable)
+- MPASS=""
+- if check_mysql "$MPASS" "mysql"; then
+- log_only "Passed the mysql check loop"
+- else
+- #the blank initial mysql password didn't work, so prompt for password
+- # (will give 3 chances to provide correct password)
+- COUNTDOWN=1
+- while true; do
+- prompt_input openemr/mysql_p_install_${COUNTDOWN} critical ret_result
+- MPASS="$ret_result"
+- if check_mysql "$MPASS" "mysql"; then
+- #the mysql root password works, so can exit loop
+- log_only "Passed the mysql check loop"
+- break
+- else
+- #the mysql root password did not work
+- if [ "$COUNTDOWN" -ge "3" ]; then
+- prompt_input openemr/no_configure_mysql_root high ret_result
+- log_only "Will install OpenEMR, however will not configure OpenEMR. (unable to provide root password)"
+- break
+- fi
+- fi
+- let "COUNTDOWN += 1"
+- done
+- fi
+-
+- #decide whether to configure OpenEMR after it is installed
+- configure_flag=true
+- if check_mysql "$MPASS" "mysql"; then
+- #before auto configuration, ensure the openemr user and database do not exist
+- # Check for openemr database in mysql, if exist then will not configure
+- if check_mysql "$MPASS" "$INSTALL_DATABASE"; then
+- prompt_input openemr/no_configure_mysql_database high ret_result
+- log_only "Will install OpenEMR, however will not automatically configure OpenEMR. (MySQL database already exists)"
+- configure_flag=false;
+- fi
+- # Check for OpenEMR user in mysql.user, if exist then will not configure
+- USER=$(mysql -s -u root -h localhost --password="$MPASS" -e "SELECT User from mysql.user where User='$INSTALL_USER'")
+- if [ "$USER" == "$INSTALL_USER" ]; then
+- prompt_input openemr/no_configure_mysql_user high ret_result
+- log_only "Will install OpenEMR, however will not automatically configure OpenEMR. (MySQL user already exists)"
+- configure_flag=false;
+- fi
+- else
+- #the mysql root password didn't work, so do not configure OpenEMR
+- log_only "Will install OpenEMR, however will not automatically configure OpenEMR. (root password did not work)"
+- configure_flag=false;
+- fi
+-
+- #go to openemr directory
+- cd $OPENEMR
+-
+- #secure openemr
+- chown -Rf root:root $OPENEMR
+-
+- #INSTALL/CONFIGURE OPENEMR
+- # Install openemr
+- if $configure_flag; then
+- log_only "Installing/Configuring OpenEMR..."
+- else
+- log_only "Installing OpenEMR ..."
+- fi
+-
+- # Set file and directory permissions (note use default site directory for new install)
+- chmod 666 $SITEDIR/default/sqlconf.php
+- chown -R $WEB_GROUP.$WEB_USER $SITEDIR/default/documents
+- chown -R $WEB_GROUP.$WEB_USER $SITEDIR/default/edi
+- chown -R $WEB_GROUP.$WEB_USER $SITEDIR/default/era
+- chown -R $WEB_GROUP.$WEB_USER $OPENEMR/library/freeb
+- chown -R $WEB_GROUP.$WEB_USER $SITEDIR/default/letter_templates
+- chown -R $WEB_GROUP.$WEB_USER $OPENEMR/interface/main/calendar/modules/PostCalendar/pntemplates/cache
+- chown -R $WEB_GROUP.$WEB_USER $OPENEMR/interface/main/calendar/modules/PostCalendar/pntemplates/compiled
+- chown -R $WEB_GROUP.$WEB_USER $OPENEMR/gacl/admin/templates_c
+-
+- if $configure_flag; then
+- # Create a random password for the openemr mysql user
+- password=$(makepasswd --char=12)
+-
+- # openemr installation VARIABLES
+- if [ "$MPASS" == "" ] ; then
+- rootpass="rootpass=BLANK" #MySQL server root password
+- else
+- rootpass="rootpass=$MPASS" #MySQL server root password
+- fi
+- login="login=$INSTALL_USER" #username to MySQL openemr database
+- pass="pass=$password" #password to MySQL openemr database
+- dbname="dbname=$INSTALL_DATABASE" #MySQL openemr database name
+-
+- #
+- # Run Auto Installer
+- #
+- sed -e 's@^exit;@ @' <$INST >$INSTTEMP
+- php -f $INSTTEMP $rootpass $login $pass $dbname >> $LOG 2>&1
+- rm -f $INSTTEMP
+-
+- #remove global permission to all setup scripts
+- chmod 600 $OPENEMR/acl_setup.php
+- chmod 600 $OPENEMR/acl_upgrade.php
+- chmod 600 $OPENEMR/sl_convert.php
+- chmod 600 $OPENEMR/setup.php
+- chmod 600 $OPENEMR/sql_upgrade.php
+- chmod 600 $OPENEMR/ippf_upgrade.php
+- chmod 600 $OPENEMR/gacl/setup.php
+-
+- log_only "Done configuring OpenEMR"
+- fi
+-
+- #This section configures Apache for OpenEMR
+- log_only "Configuring Apache for OpenEMR"
+-
+- #Check to ensure the apache configuration files exists
+- if [ -f $APACHE ]; then
+-
+- # First, backup the httpd.conf file before modifying
+- cp -f $APACHE $APACHE.BAK
+-
+- # Second, append information to secure selected directories in OpenEMR
+- echo "#This is the start of the Apache configuration for OpenEMR." >> $APACHE
+- echo "#Below will secure directories with patient information." >> $APACHE
+- echo "<Directory \"$SITEDIR/*/documents\">" >> $APACHE
+- echo " order deny,allow" >> $APACHE
+- echo " Deny from all" >> $APACHE
+- echo "</Directory>" >> $APACHE
+- echo "<Directory \"$SITEDIR/*/edi\">" >> $APACHE
+- echo " order deny,allow" >> $APACHE
+- echo " Deny from all" >> $APACHE
+- echo "</Directory>" >> $APACHE
+- echo "<Directory \"$SITEDIR/*/era\">" >> $APACHE
+- echo " order deny,allow" >> $APACHE
+- echo " Deny from all" >> $APACHE
+- echo "</Directory>" >> $APACHE
+- echo "#This is the end of the Apache configuration for OpenEMR." >> $APACHE
+-
+- #let user know the plan
+- prompt_input openemr/apache_configure high ret_result
+- log_only "Added entries to apache configuration to secure directories with patient information."
+- log_only "Placed backup of your original apache configuration file to $APACHE.BAK"
+-
+- else
+- #can't find apache config file, so just echo instructions
+- log_only "We recommend placing below lines into your apache configuration file:"
+- log_only "#This is the start of the Apache configuration for OpenEMR."
+- log_only "#Below will secure directories with patient information."
+- log_only "<Directory \"$SITEDIR/*/documents\">"
+- log_only " order deny,allow"
+- log_only " Deny from all"
+- log_only "</Directory>"
+- log_only "<Directory \"$SITEDIR/*/edi\">"
+- log_only " order deny,allow"
+- log_only " Deny from all"
+- log_only "</Directory>"
+- log_only "<Directory \"$SITEDIR/*/era\">"
+- log_only " order deny,allow"
+- log_only " Deny from all"
+- log_only "</Directory>"
+- log_only "#This is the end of the Apache configuration for OpenEMR."
+- fi
+-
+- log_only "Done configuring Apache"
+-
+ #This Section edits the php.ini file to accomodate the proper functioning of OpenEMR using php
+ log_only "Configuring PHP for OpenEMR"
+
+@@ -454,6 +301,9 @@ case "$1" in
+ collect_php () {
+ echo `grep -i "^[[:space:]]*$1[[:space:]=]" $PHP | cut -d \= -f 2 | cut -d \; -f 1 | sed 's/[ M]//gi'`
+ }
++ collect_php_commented_out () {
++ echo `grep -i "^;[[:space:]]*$1[[:space:]=]" $PHP | cut -d \= -f 2 | cut -d \; -f 1 | sed 's/[ M]//gi'`
++ }
+ TAG_TEXT="short_open_tag"
+ TAG=$(collect_php "$TAG_TEXT")
+ EXEC_TEXT="max_execution_time"
+@@ -476,6 +326,7 @@ case "$1" in
+ FILESIZE=$(collect_php "$FILESIZE_TEXT")
+ MAXINPUTVARS_TEXT="max_input_vars"
+ MAXINPUTVARS=$(collect_php "$MAXINPUTVARS_TEXT")
++ MAXINPUTVARS_IF_COMMENTED=$(collect_php_commented_out "$MAXINPUTVARS_TEXT")
+
+ # Second, backup the php.ini file before modifying
+ cp $PHP $PHP.BAK
+@@ -498,40 +349,56 @@ case "$1" in
+ log_only "Successfully set $1 = $2"
+ fi
+ }
++ process_php_commented_out () {
++ if [ "$3" -eq "1" ]; then
++ # make rec to php.ini
++ if [ "$FLAG_ON" -eq "0" ]; then
++ log_only "We changed the following setting(s) in your php configuration file at $PHP :"
++ fi
++ FLAG_ON=1
++ else
++ # modify php.ini
++ sed -i "s/^;[ ]*$1[ =].*$/$1 = $2/" $PHP
++ log_only "Successfully set $1 = $2"
++ fi
++ }
+ for i in `seq 1 2`; do
+- if [ "$TAG" != "On" ]; then
++ if [ ! -z "$TAG" ] && [ "$TAG" != "On" ]; then
+ process_php "$TAG_TEXT" "On" $i
+ fi
+- if [ "$EXEC" -lt "60" ]; then
++ if [ ! -z "$EXEC" ] && [ "$EXEC" -lt "60" ]; then
+ process_php "$EXEC_TEXT" "60" $i
+ fi
+- if [ "$INPUT" -lt "90" ]; then
++ if [ ! -z "$INPUT" ] && [ "$INPUT" -lt "90" ]; then
+ process_php "$INPUT_TEXT" "90" $i
+ fi
+- if [ "$MEM" -lt "128" ]; then
++ if [ ! -z "$MEM" ] && [ "$MEM" -lt "128" ]; then
+ process_php "$MEM_TEXT" "128M" $i
+ fi
+- if [ "$DISP" != "Off" ]; then
++ if [ ! -z "$DISP" ] && [ "$DISP" != "Off" ]; then
+ process_php "$DISP_TEXT" "Off" $i
+ fi
+- if [ "$LOGG" != "On" ]; then
++ if [ ! -z "$LOGG" ] && [ "$LOGG" != "On" ]; then
+ process_php "$LOGG_TEXT" "On" $i
+ fi
+- if [ "$GLOB" != "Off" ]; then
++ if [ ! -z "$GLOB" ] && [ "$GLOB" != "Off" ]; then
+ process_php "$GLOB_TEXT" "Off" $i
+ fi
+- if [ "$POST" -lt "30" ]; then
++ if [ ! -z "$POST" ] && [ "$POST" -lt "30" ]; then
+ process_php "$POST_TEXT" "30M" $i
+ fi
+- if [ "$UPLOAD" != "On" ]; then
++ if [ ! -z "$UPLOAD" ] && [ "$UPLOAD" != "On" ]; then
+ process_php "$UPLOAD_TEXT" "On" $i
+ fi
+- if [ "$FILESIZE" -lt "30" ]; then
++ if [ ! -z "$FILESIZE" ] && [ "$FILESIZE" -lt "30" ]; then
+ process_php "$FILESIZE_TEXT" "30M" $i
+ fi
+- if [ "$MAXINPUTVARS" -lt "3000" ]; then
++ if [ ! -z "$MAXINPUTVARS" ] && [ "$MAXINPUTVARS" -lt "3000" ]; then
+ process_php "$MAXINPUTVARS_TEXT" "3000" $i
+ fi
++ if [ ! -z "$MAXINPUTVARS_IF_COMMENTED" ] && [ "$MAXINPUTVARS_IF_COMMENTED" -lt "3000" ]; then
++ process_php_commented_out "$MAXINPUTVARS_TEXT" "3000" $i
++ fi
+ if [ "$FLAG_ON" -eq "0" ]; then
+ log_only "Your PHP configuration is perfect for OpenEMR."
+ break
+@@ -563,9 +430,122 @@ case "$1" in
+
+ log_only "Done configuring PHP"
+
++ # Activate the OpenEMR conf file for apache
++ log_only "Activate OpenEMR config file for Apache"
++ a2ensite openemr.conf
++
++ # Restart apache
+ log_only "Restarting Apache service"
+ invoke-rc.d apache2 restart >> $LOG 2>&1
+
++ #collect the mysql root password (if applicable)
++ MPASS=""
++ if check_mysql "$MPASS" "mysql"; then
++ log_only "Passed the mysql check loop"
++ else
++ #the blank initial mysql password didn't work, so prompt for password
++ # (will give 3 chances to provide correct password)
++ COUNTDOWN=1
++ while true; do
++ prompt_input openemr/mysql_p_install_${COUNTDOWN} critical ret_result
++ MPASS="$ret_result"
++ if check_mysql "$MPASS" "mysql"; then
++ #the mysql root password works, so can exit loop
++ log_only "Passed the mysql check loop"
++ break
++ else
++ #the mysql root password did not work
++ if [ "$COUNTDOWN" -ge "3" ]; then
++ prompt_input openemr/no_configure_mysql_root high ret_result
++ log_only "Will install OpenEMR, however will not configure OpenEMR. (unable to provide root password)"
++ break
++ fi
++ fi
++ let "COUNTDOWN += 1"
++ done
++ fi
++
++ #decide whether to configure OpenEMR after it is installed
++ configure_flag=true
++ if check_mysql "$MPASS" "mysql"; then
++ #before auto configuration, ensure the openemr user and database do not exist
++ # Check for openemr database in mysql, if exist then will not configure
++ if check_mysql "$MPASS" "$INSTALL_DATABASE"; then
++ prompt_input openemr/no_configure_mysql_database high ret_result
++ log_only "Will install OpenEMR, however will not automatically configure OpenEMR. (MySQL database already exists)"
++ configure_flag=false;
++ fi
++ # Check for OpenEMR user in mysql.user, if exist then will not configure
++ USER=$(mysql -s -u root -h localhost --password="$MPASS" -e "SELECT User from mysql.user where User='$INSTALL_USER'")
++ if [ "$USER" == "$INSTALL_USER" ]; then
++ prompt_input openemr/no_configure_mysql_user high ret_result
++ log_only "Will install OpenEMR, however will not automatically configure OpenEMR. (MySQL user already exists)"
++ configure_flag=false;
++ fi
++ else
++ #the mysql root password didn't work, so do not configure OpenEMR
++ log_only "Will install OpenEMR, however will not automatically configure OpenEMR. (root password did not work)"
++ configure_flag=false;
++ fi
++
++ #go to openemr directory
++ cd $OPENEMR
++
++ #secure openemr
++ chown -Rf root:root $OPENEMR
++
++ #INSTALL/CONFIGURE OPENEMR
++ # Install openemr
++ if $configure_flag; then
++ log_only "Installing/Configuring OpenEMR..."
++ else
++ log_only "Installing OpenEMR ..."
++ fi
++
++ # Set file and directory permissions (note use default site directory for new install)
++ chmod 666 $SITEDIR/default/sqlconf.php
++ chown -R $WEB_GROUP.$WEB_USER $SITEDIR/default/documents
++ chown -R $WEB_GROUP.$WEB_USER $SITEDIR/default/edi
++ chown -R $WEB_GROUP.$WEB_USER $SITEDIR/default/era
++ chown -R $WEB_GROUP.$WEB_USER $OPENEMR/library/freeb
++ chown -R $WEB_GROUP.$WEB_USER $SITEDIR/default/letter_templates
++ chown -R $WEB_GROUP.$WEB_USER $OPENEMR/interface/main/calendar/modules/PostCalendar/pntemplates/cache
++ chown -R $WEB_GROUP.$WEB_USER $OPENEMR/interface/main/calendar/modules/PostCalendar/pntemplates/compiled
++ chown -R $WEB_GROUP.$WEB_USER $OPENEMR/gacl/admin/templates_c
++
++ if $configure_flag; then
++ # Create a random password for the openemr mysql user
++ password=$(makepasswd --char=12)
++
++ # openemr installation VARIABLES
++ if [ "$MPASS" == "" ] ; then
++ rootpass="rootpass=BLANK" #MySQL server root password
++ else
++ rootpass="rootpass=$MPASS" #MySQL server root password
++ fi
++ login="login=$INSTALL_USER" #username to MySQL openemr database
++ pass="pass=$password" #password to MySQL openemr database
++ dbname="dbname=$INSTALL_DATABASE" #MySQL openemr database name
++
++ #
++ # Run Auto Installer
++ #
++ sed -e 's@^exit;@ @' <$INST >$INSTTEMP
++ php -f $INSTTEMP $rootpass $login $pass $dbname >> $LOG 2>&1
++ rm -f $INSTTEMP
++
++ #remove global permission to all setup scripts
++ chmod 600 $OPENEMR/acl_setup.php
++ chmod 600 $OPENEMR/acl_upgrade.php
++ chmod 600 $OPENEMR/sl_convert.php
++ chmod 600 $OPENEMR/setup.php
++ chmod 600 $OPENEMR/sql_upgrade.php
++ chmod 600 $OPENEMR/ippf_upgrade.php
++ chmod 600 $OPENEMR/gacl/setup.php
++
++ log_only "Done configuring OpenEMR"
++ fi
++
+ if $configure_flag; then
+ prompt_input openemr/success_install_config high ret_result
+ log_only "You can now use OpenEMR by browsing to:"
+--- a/contrib/util/ubuntu_package_scripts/production/prerm
++++ b/contrib/util/ubuntu_package_scripts/production/prerm
+@@ -5,7 +5,7 @@
+ #the Free Software Foundation; either version 2 of the License, or
+ #(at your option) any later version.
+ #
+-# Copyright 2012
++# Copyright 2011-2014
+ # authors: Amalu Obinna <amaluobinna at aol.com>
+ # Brady Miller <brady at sparmy.com>
+ #
+@@ -171,12 +171,18 @@ case "$1" in
+ log_only "Finished removing OpenEMR web directory"
+
+ #remove tmp directory
+- sudo rm -fr $TMPDIR
++ rm -fr $TMPDIR
+ log_only "Removed OpenEMR tmp directory"
+
+- #removes the configuration section for OpenEMR in Apache config file
+- sed -i '/#This is the start of the Apache configuration for OpenEMR./,/#This is the end of the Apache configuration for OpenEMR./d' /etc/apache2/httpd.conf
+- log_only "Removed OpenEMR Apache configuration"
++ #removes the configuration section for OpenEMR in Apache config file (deprecated, but keeping for older packages)
++ if [ -f /etc/apache2/httpd.conf ]; then
++ sed -i '/#This is the start of the Apache configuration for OpenEMR./,/#This is the end of the Apache configuration for OpenEMR./d' /etc/apache2/httpd.conf
++ log_only "Removed OpenEMR Apache configuration in /etc/apache2/httpd.conf"
++ fi
++
++ #remove OpenEMR apache set up as active config
++ log_only "Turn off apache conf for OpenEMR"
++ a2dissite openemr.conf
+
+ #stop db
+ db_stop
+--- a/controllers/C_Document.class.php
++++ b/controllers/C_Document.class.php
+@@ -335,8 +335,8 @@ class C_Document extends Controller {
+ // Added by Rod to support document issue update:
+ $issues_options = "<option value='0'>-- " . xl('Select Issue') . " --</option>";
+ $ires = sqlStatement("SELECT id, type, title, begdate FROM lists WHERE " .
+- "pid = $patient_id " . // AND enddate IS NULL " .
+- "ORDER BY type, begdate");
++ "pid = ? " . // AND enddate IS NULL " .
++ "ORDER BY type, begdate", array($patient_id) );
+ while ($irow = sqlFetchArray($ires)) {
+ $desc = $irow['type'];
+ if ($ISSUE_TYPES[$desc]) $desc = $ISSUE_TYPES[$desc][2];
+--- a/index.php
++++ b/index.php
+@@ -14,7 +14,7 @@ else
+ $site_id = 'default';
+
+ if (empty($site_id) || preg_match('/[^A-Za-z0-9\\-.]/', $site_id))
+- die("Site ID '$site_id' contains invalid characters.");
++ die("Site ID '".htmlspecialchars($site_id,ENT_NOQUOTES)."' contains invalid characters.");
+
+ require_once "sites/$site_id/sqlconf.php";
+
+--- /dev/null
++++ b/interface/forms/misc_billing_options/date_qualifier_options.php
+@@ -0,0 +1,53 @@
++<?php
++/**
++ * Reusable data entries for new Box 14 and Box 15 date qualifiers that are part of
++ * HCFA 1500 02/12 format
++ *
++ * For details on format refer to:
++ * <http://www.nucc.org/index.php?option=com_content&view=article&id=186&Itemid=138>
++ *
++ * Copyright (C) 2013 Kevin Yeh <kevin.y at integralemr.com> and OEMR <www.oemr.org>
++ *
++ * LICENSE: This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 3
++ * of the License, or (at your option) any later version.
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ * You should have received a copy of the GNU General Public License
++ * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
++ *
++ * @package OpenEMR
++ * @author Kevin Yeh <kevin.y at integralemr.com>
++ * @link http://www.open-emr.org
++ */
++
++$box_14_qualifier_options=array(array(xl("Onset of Current Symptoms or Illness"),"431"),
++ array(xl("Last Menstrual Period"),"484"));
++
++$box_15_qualifier_options=array(array(xl("Initial Treatment"),"454"),
++ array(xl("Latest Visit or Consultation"),"304"),
++ array(xl("Acute Manifestation of a Chronic Condition"),"453"),
++ array(xl("Accident"),"439"),
++ array(xl("Last X-ray"),"455"),
++ array(xl("Prescription"),"471"),
++ array(xl("Report Start (Assumed Care Date)"),"090"),
++ array(xl("Report End (Relinquished Care Date)"),"091"),
++ array(xl("First Visit or Consultation"),"444")
++ );
++$hcfa_date_quals=array("box_14_date_qual"=>$box_14_qualifier_options,"box_15_date_qual"=>$box_15_qualifier_options);
++function qual_id_to_description($qual_type,$value)
++{
++ $options=$GLOBALS['hcfa_date_quals'][$qual_type];
++ for($idx=0;$idx<count($options);$idx++)
++ {
++ if($options[$idx][1]==$value)
++ {
++ return $options[$idx][0];
++ }
++ }
++ return null;
++}
++?>
+\ No newline at end of file
+--- a/interface/forms/misc_billing_options/new.php
++++ b/interface/forms/misc_billing_options/new.php
+@@ -2,6 +2,8 @@
+ require_once("../../globals.php");
+ require_once("$srcdir/api.inc");
+ require_once("$srcdir/formdata.inc.php");
++require_once("date_qualifier_options.php");
++
+
+ if (! $encounter) { // comes from globals.php
+ die(xl("Internal error: we do not seem to be in an encounter!"));
+@@ -11,6 +13,18 @@ $formid = 0 + formData('id', 'G');
+ $obj = $formid ? formFetch("form_misc_billing_options", $formid) : array();
+
+ formHeader("Form: misc_billing_options");
++function generateDateQualifierSelect($name,$options,$obj)
++{
++ echo "<select name='".attr($name)."'>";
++ for($idx=0;$idx<count($options);$idx++)
++ {
++ echo "<option value='".attr($options[$idx][1])."'";
++ if($obj[$name]==$options[$idx][1]) echo " selected";
++ echo ">".text($options[$idx][0])."</option>";
++ }
++ echo "</select>";
++
++}
+ ?>
+ <html><head>
+ <?php html_header_show(); ?>
+@@ -27,8 +41,16 @@ echo "<form method='post' name='my_form'
+ <span class=text><?php xl('BOX 10 B. Auto Accident ','e'); ?>: </span><input type=checkbox name="auto_accident" value="1" <?php if ($obj['auto_accident'] == "1") echo "checked";?>>
+ <span class=text><?php xl('State','e'); ?>: </span><input type=entry name="accident_state" size=1 value="<?php echo $obj{"accident_state"};?>" ><br><br>
+ <span class=text><?php xl('BOX 10 C. Other Accident ','e'); ?>: </span><input type=checkbox name="other_accident" value="1" <?php if ($obj['other_accident'] == "1") echo "checked";?>><br><br>
+-<span class=text><?php xl('BOX 15. Date of same or similar illness (yyyy-mm-dd):','e');?> </span><input type='entry' size='9' name="date_initial_treatment" value="<?php echo $obj{"date_initial_treatment"};?>" /><br><br>
+-<span class=text><?php xl('BOX 16. Date unable to work from (yyyy-mm-dd):','e');?> </span><input type=entry size=9 name="off_work_from" value="<?php echo $obj{"off_work_from"};?>" >
++<span class="text" title="<?php echo xla("For HCFA 02/12 Onset date specified on the Encounter Form needs a qualifier");?>">
++ <?php echo xlt('BOX 14 Date Qualifier'); ?>: </span>
++ <?php generateDateQualifierSelect("box_14_date_qual",$box_14_qualifier_options,$obj); ?>
++ <br><br>
++<span class=text title="<?php echo xla('For HCFA 02/12 Box 15 is Other Date with a qualifier to specify what the date indicates');?>">
++ <?php xl('BOX 15. Date of same or similar illness/Other Date (yyyy-mm-dd):','e');?> </span><input type='entry' size='9' name="date_initial_treatment" value="<?php echo $obj{"date_initial_treatment"};?>" />
++
++<span class="text"><?php echo xlt('BOX 15 Other Date Qualifier'); ?>: </span>
++ <?php generateDateQualifierSelect("box_15_date_qual",$box_15_qualifier_options,$obj); ?>
++ <br><br><span class=text><?php xl('BOX 16. Date unable to work from (yyyy-mm-dd):','e');?> </span><input type=entry size=9 name="off_work_from" value="<?php echo $obj{"off_work_from"};?>" >
+ <span class=text><?php xl('BOX 16. Date unable to work to (yyyy-mm-dd):','e');?> </span><input type=entry size=9 name="off_work_to" value="<?php echo $obj{"off_work_to"};?>" ><br><br>
+ <span class=text><?php xl('BOX 18. Hospitalization date from (yyyy-mm-dd): ','e');?></span><input type=entry size=9 name="hospitalization_date_from" value="<?php echo $obj{"hospitalization_date_from"};?>" >
+ <span class=text><?php xl('BOX 18. Hospitalization date to (yyyy-mm-dd): ','e');?></span><input type=entry size=9 name="hospitalization_date_to" value="<?php echo $obj{"hospitalization_date_to"};?>" ><br><br>
+--- a/interface/forms/misc_billing_options/report.php
++++ b/interface/forms/misc_billing_options/report.php
+@@ -1,28 +1,32 @@
+ <?php
+ include_once("../../globals.php");
+ include_once($GLOBALS["srcdir"]."/api.inc");
++require_once("date_qualifier_options.php");
+ function misc_billing_options_report( $pid, $encounter, $cols, $id) {
+-$count = 0;
+-$data = formFetch("form_misc_billing_options", $id);
+-if ($data) {
+-print "<table><tr>";
+-foreach($data as $key => $value) {
+-if ($key == "id" || $key == "pid" || $key == "user" || $key == "groupname" || $key == "authorized" || $key == "activity" || $key == "date" || $value == "" || $value == "0" || $value == "0000-00-00 00:00:00" || $value =="0000-00-00") {
+- continue;
+-}
+-if ($value == "1") {
+-$value = "yes";
+-}
+-
+-$key=ucwords(str_replace("_"," ",$key));
+-print "<td><span class=bold>$key: </span><span class=text>$value</span></td>";
+-$count++;
+-if ($count == $cols) {
+-$count = 0;
+-print "</tr><tr>\n";
+-}
+-}
+-}
+-print "</tr></table>";
++ $count = 0;
++ $data = formFetch("form_misc_billing_options", $id);
++ if ($data) {
++ print "<table><tr>";
++ foreach($data as $key => $value) {
++ if ($key == "id" || $key == "pid" || $key == "user" || $key == "groupname" || $key == "authorized" || $key == "activity" || $key == "date" || $value == "" || $value == "0" || $value == "0000-00-00 00:00:00" || $value =="0000-00-00") {
++ continue;
++ }
++ if ($value == "1") {
++ $value = "yes";
++ }
++ if(($key==='box_14_date_qual')||$key==='box_15_date_qual')
++ {
++ $value=text(qual_id_to_description($key,$value));
++ }
++ $key=ucwords(str_replace("_"," ",$key));
++ print "<td><span class=bold>$key: </span><span class=text>$value</span></td>";
++ $count++;
++ if ($count == $cols) {
++ $count = 0;
++ print "</tr><tr>\n";
++ }
++ }
++ }
++ print "</tr></table>";
+ }
+ ?>
+--- a/interface/forms/misc_billing_options/save.php
++++ b/interface/forms/misc_billing_options/save.php
+@@ -39,6 +39,8 @@ $sets = "pid = {$_SESSION["pid"]},
+ medicaid_original_reference = '" . formData("medicaid_original_reference") . "',
+ prior_auth_number = '" . formData("prior_auth_number") . "',
+ replacement_claim = '" . formData("replacement_claim") . "',
++ box_14_date_qual = '" . formData("box_14_date_qual") . "',
++ box_15_date_qual = '" . formData("box_15_date_qual") . "',
+ comments = '" . formData("comments") . "'";
+
+ if (empty($id)) {
+--- a/interface/forms/misc_billing_options/table.sql
++++ b/interface/forms/misc_billing_options/table.sql
+@@ -24,5 +24,7 @@ CREATE TABLE IF NOT EXISTS `form_misc_bi
+ prior_auth_number varchar(20) default NULL,
+ comments varchar(255) default NULL,
+ replacement_claim tinyint(1) default 0,
++ box_14_date_qual char(3) default NULL,
++ box_15_date_qual char(3) default NULL,
+ PRIMARY KEY (id)
+ ) ENGINE=MyISAM;
+--- a/interface/globals.php
++++ b/interface/globals.php
+@@ -60,9 +60,19 @@ if (IS_WINDOWS) {
+ //convert windows path separators
+ $webserver_root = str_replace("\\","/",$webserver_root);
+ }
++// Collect the apache server document root (and convert to windows slashes, if needed)
++$server_document_root = $_SERVER['DOCUMENT_ROOT'];
++if (IS_WINDOWS) {
++ //convert windows path separators
++ $server_document_root = str_replace("\\","/",$server_document_root);
++}
+ // Auto collect the relative html path, i.e. what you would type into the web
+ // browser after the server address to get to OpenEMR.
+-$web_root = substr($webserver_root, strlen($_SERVER['DOCUMENT_ROOT']));
++// This removes the leading portion of $webserver_root that it has in common with the web server's document
++// root and assigns the result to $web_root. In addition to the common case where $webserver_root is
++// /var/www/openemr and document root is /var/www, this also handles the case where document root is
++// /var/www/html and there is an Apache "Alias" command that directs /openemr to /var/www/openemr.
++$web_root = substr($webserver_root, strspn($webserver_root ^ $server_document_root, "\0"));
+ // Ensure web_root starts with a path separator
+ if (preg_match("/^[^\/]/",$web_root)) {
+ $web_root = "/".$web_root;
+--- a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/ajax_template.html
++++ b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/ajax_template.html
+@@ -711,7 +711,7 @@ foreach ($providers as $provider) {
+
+ // output the DIV and content
+ // For "OUT" events, applying the background color in CSS.
+- $background_string= ($event['catid'] == 3) ? "" : "; background-color:".$event["catcolor"];
++ $background_string= ($event['catid'] == 3) ? "" : "; background-color:".$color;
+ echo "<div class='".$evtClass." event' style='top:".$evtTop."; height:".$evtHeight.
+ $background_string.
+ "; $divWidth".
+--- a/interface/main/finder/dynamic_finder_ajax.php
++++ b/interface/main/finder/dynamic_finder_ajax.php
+@@ -31,7 +31,7 @@ $iDisplayStart = isset($_GET['iDisplayS
+ $iDisplayLength = isset($_GET['iDisplayLength']) ? 0 + $_GET['iDisplayLength'] : -1;
+ $limit = '';
+ if ($iDisplayStart >= 0 && $iDisplayLength >= 0) {
+- $limit = "LIMIT $iDisplayStart, $iDisplayLength";
++ $limit = "LIMIT " . escape_limit($iDisplayStart) . ", " . escape_limit($iDisplayLength);
+ }
+
+ // Column sorting parameters.
+@@ -41,7 +41,7 @@ if (isset($_GET['iSortCol_0'])) {
+ for ($i = 0; $i < intval($_GET['iSortingCols']); ++$i) {
+ $iSortCol = intval($_GET["iSortCol_$i"]);
+ if ($_GET["bSortable_$iSortCol"] == "true" ) {
+- $sSortDir = add_escape_custom($_GET["sSortDir_$i"]); // ASC or DESC
++ $sSortDir = escape_sort_order($_GET["sSortDir_$i"]); // ASC or DESC
+ // We are to sort on column # $iSortCol in direction $sSortDir.
+ $orderby .= $orderby ? ', ' : 'ORDER BY ';
+ //
+@@ -49,7 +49,7 @@ if (isset($_GET['iSortCol_0'])) {
+ $orderby .= "lname $sSortDir, fname $sSortDir, mname $sSortDir";
+ }
+ else {
+- $orderby .= "`" . add_escape_custom($aColumns[$iSortCol]) . "` $sSortDir";
++ $orderby .= "`" . escape_sql_column_name($aColumns[$iSortCol],array('patient_data')) . "` $sSortDir";
+ }
+ }
+ }
+@@ -69,7 +69,7 @@ if (isset($_GET['sSearch']) && $_GET['sS
+ "mname LIKE '$sSearch%' ";
+ }
+ else {
+- $where .= "`" . add_escape_custom($colname) . "` LIKE '$sSearch%' ";
++ $where .= "`" . escape_sql_column_name($colname,array('patient_data')) . "` LIKE '$sSearch%' ";
+ }
+ }
+ if ($where) $where .= ")";
+@@ -89,7 +89,7 @@ for ($i = 0; $i < count($aColumns); ++$i
+ "mname LIKE '$sSearch%' )";
+ }
+ else {
+- $where .= " `" . add_escape_custom($colname) . "` LIKE '$sSearch%'";
++ $where .= " `" . escape_sql_column_name($colname,array('patient_data')) . "` LIKE '$sSearch%'";
+ }
+ }
+ }
+@@ -105,7 +105,7 @@ foreach ($aColumns as $colname) {
+ $sellist .= "lname, fname, mname";
+ }
+ else {
+- $sellist .= "`" . add_escape_custom($colname) . "`";
++ $sellist .= "`" . escape_sql_column_name($colname,array('patient_data')) . "`";
+ }
+ }
+
+--- a/interface/main/left_nav.php
++++ b/interface/main/left_nav.php
+@@ -157,7 +157,7 @@
+ acl_check('admin', 'database') || acl_check('admin', 'forms') ||
+ acl_check('admin', 'practice') || acl_check('admin', 'users') ||
+ acl_check('admin', 'acl') || acl_check('admin', 'super') ||
+- acl_check('admin', 'superbill'));
++ acl_check('admin', 'superbill') || acl_check('admin', 'drugs'));
+
+ $disallowed['bil'] = !(acl_check('acct', 'rep') || acl_check('acct', 'eob') ||
+ acl_check('acct', 'bill'));
+--- a/interface/new/new_comprehensive_save.php
++++ b/interface/new/new_comprehensive_save.php
+@@ -14,7 +14,7 @@ $alertmsg = '';
+ if (!empty($_POST["form_pubpid"])) {
+ $form_pubpid = trim($_POST["form_pubpid"]);
+ $result = sqlQuery("SELECT count(*) AS count FROM patient_data WHERE " .
+- "pubpid = '$form_pubpid'");
++ "pubpid = '" . formDataCore($form_pubpid) . "'");
+ if ($result['count']) {
+ // Error, not unique.
+ $alertmsg = xl('Warning: Patient ID is not unique!');
+--- a/interface/patient_file/deleter.php
++++ b/interface/patient_file/deleter.php
+@@ -130,11 +130,11 @@ function form_delete($formdir, $formid)
+ // Delete a specified document including its associated relations and file.
+ //
+ function delete_document($document) {
+- $trow = sqlQuery("SELECT url FROM documents WHERE id = '$document'");
++ $trow = sqlQuery("SELECT url FROM documents WHERE id = ?", array($document));
+ $url = $trow['url'];
+- row_delete("categories_to_documents", "document_id = '$document'");
+- row_delete("documents", "id = '$document'");
+- row_delete("gprelations", "type1 = 1 AND id1 = '$document'");
++ row_delete("categories_to_documents", "document_id = '" . add_escape_custom($document) . "'");
++ row_delete("documents", "id = '" . add_escape_custom($document) . "'");
++ row_delete("gprelations", "type1 = 1 AND id1 = '" . add_escape_custom($document) . "'");
+ if (substr($url, 0, 7) == 'file://') {
+ @unlink(substr($url, 7));
+ }
+@@ -374,7 +374,7 @@ function popup_close() {
+ }
+ ?>
+
+-<form method='post' name="deletefrm" action='deleter.php?patient=<?php echo $patient ?>&encounterid=<?php echo $encounterid ?>&formid=<?php echo $formid ?>&issue=<?php echo $issue ?>&document=<?php echo $document ?>&payment=<?php echo $payment ?>&billing=<?php echo $billing ?>&transaction=<?php echo $transaction ?>' onsubmit="javascript:alert('1');document.deleform.submit();">
++<form method='post' name="deletefrm" action='deleter.php?patient=<?php echo $patient ?>&encounterid=<?php echo $encounterid ?>&formid=<?php echo $formid ?>&issue=<?php echo $issue ?>&document=<?php echo attr($document) ?>&payment=<?php echo $payment ?>&billing=<?php echo $billing ?>&transaction=<?php echo $transaction ?>' onsubmit="javascript:alert('1');document.deleform.submit();">
+
+ <p class="text"> <br><?php xl('Do you really want to delete','e'); ?>
+
+@@ -388,7 +388,7 @@ function popup_close() {
+ } else if ($issue) {
+ echo xl('issue') . " $issue";
+ } else if ($document) {
+- echo xl('document') . " $document";
++ echo xl('document') . " " . text($document);
+ } else if ($payment) {
+ echo xl('payment') . " $payment";
+ } else if ($billing) {
+--- a/interface/patient_file/letter.php
++++ b/interface/patient_file/letter.php
+@@ -143,6 +143,7 @@ if ($_POST['formaction']=="generate") {
+ exit;
+ }
+ else { // $form_format = html
++ $cpstring = text($cpstring); //escape to prevent stored cross script attack
+ $cpstring = str_replace("\n", "<br>", $cpstring);
+ $cpstring = str_replace("\t", " ", $cpstring);
+ ?>
+--- a/interface/patient_file/summary/shot_record.php
++++ b/interface/patient_file/summary/shot_record.php
+@@ -72,9 +72,14 @@ function convertToDataArray($data_array)
+ $data[$current][xl('Amount') . "\n" . xl('Admin')] = "";
+ }
+
+- //expiration date
++ //expiration date fixed by checking for empty value, smw 040214
++ if (isset($row['expiration_date'])) {
+ $temp_date = new DateTime($row['expiration_date']);
+ $data[$current][xl('Expiration') . "\n" . xl('Date')] = $temp_date->format('Y-m-d');
++ }
++ else{
++ $data[$current][xl('Expiration') . "\n" . xl('Date')] = '';//$temp_date->format('Y-m-d');
++ }
+
+ //Manufacturer
+ $data[$current][xl('Manufacturer')] = $row['manufacturer'];
+--- a/library/Claim.class.php
++++ b/library/Claim.class.php
+@@ -38,6 +38,7 @@ class Claim {
+ var $encounter_id; // encounter id
+ var $procs; // array of procedure rows from billing table
+ var $diags; // array of icd9 codes from billing table
++ var $diagtype= "ICD9"; // diagnosis code_type.Assume ICD9 unless otherwise specified.
+ var $x12_partner; // row from x12_partners table
+ var $encounter; // row from form_encounter table
+ var $facility; // row from facility table
+@@ -831,6 +832,11 @@ class Claim {
+ return $this->payers[$ins]['object']->get_freeb_claim_type();
+ }
+
++ function claimTypeRaw($ins=0) {
++ if (empty($this->payers[$ins]['object'])) return 0;
++ return $this->payers[$ins]['object']->get_freeb_type();
++ }
++
+ function insuredLastName($ins=0) {
+ return x12clean(trim($this->payers[$ins]['data']['subscriber_lname']));
+ }
+@@ -1123,21 +1129,58 @@ class Claim {
+ return cleanDate($this->billing_options['date_initial_treatment']);
+ }
+
+- // Returns an array of unique diagnoses. Periods are stripped.
+- function diagArray() {
++ function box14qualifier()
++ {
++ // If no box qualifier specified use "431" indicating Onset
++ return empty($this->billing_options['box_14_date_qual']) ? '431' :
++ $this->billing_options['box_14_date_qual'];
++ }
++
++ function box15qualifier()
++ {
++ // If no box qualifier specified use "454" indicating Initial Treatment
++ return empty($this->billing_options['box_15_date_qual']) ? '454' :
++ $this->billing_options['box_15_date_qual'];
++ }
++ // Returns an array of unique diagnoses. Periods are stripped by default
++ // Option to keep periods is to support HCFA 1500 02/12 version
++ function diagArray($strip_periods=true) {
+ $da = array();
+ foreach ($this->procs as $row) {
+ $atmp = explode(':', $row['justify']);
+ foreach ($atmp as $tmp) {
+ if (!empty($tmp)) {
+ $code_data = explode('|',$tmp);
++
++ // If there was a | in the code data, the the first part of the array is the type, and the second is the identifier
+ if (!empty($code_data[1])) {
+- //Strip the prepended code type label
+- $diag = str_replace('.', '', $code_data[1]);
++
++ // This is the simplest way to determine if the claim is using ICD9 or ICD10 codes
++ // a mix of code types is generally not allowed as there is only one specifier for all diagnoses on HCFA-1500 form
++ // and there would be ambiguity with E and V codes
++ $this->diagtype=$code_data[0];
++
++ //code is in the second part of the $code_data array.
++ if($strip_periods==true)
++ {
++ $diag = str_replace('.', '', $code_data[1]);
++
++ }
++ else
++ {
++ $diag=$code_data[1];
++ }
++
+ }
+ else {
+ //No prepended code type label
+- $diag = str_replace('.', '', $code_data[0]);
++ if($strip_periods) {
++ $diag = str_replace('.', '', $code_data[0]);
++ }
++ else
++ {
++ $diag=$code_data[1];
++ }
+ }
+ $da[$diag] = $diag;
+ }
+@@ -1148,7 +1191,7 @@ class Claim {
+ // or not, to make sure they all get into the claim. We do it this way
+ // so that the more important diagnoses appear first.
+ foreach ($this->diags as $diag) {
+- $diag = str_replace('.', '', $diag);
++ if($strip_periods) {$diag = str_replace('.', '', $diag);}
+ $da[$diag] = $diag;
+ }
+ return $da;
+--- a/library/adodb/tests/testsessions.php
++++ b/library/adodb/tests/testsessions.php
+@@ -1,5 +1,7 @@
+ <?php
+
++exit();
++
+ /*
+ V4.80 8 Mar 2006 (c) 2000-2011 John Lim (jlim#natsoft.com). All rights reserved.
+ Released under both BSD license and Lesser GPL library license.
+@@ -96,4 +98,4 @@ default:
+ $rr = $DB->qstr(rand());
+ $DB->Execute("insert into {$options['table']} (sesskey,expiry,expireref,sessdata,created,modified) values ($sessk,$olddate, $rr,'',$olddate,$olddate)");
+ }
+-?>
+\ No newline at end of file
++?>
+--- a/library/clinical_rules.php
++++ b/library/clinical_rules.php
+@@ -1053,7 +1053,7 @@ function set_plan_activity_patient($plan
+ }
+
+ // Update patient specific row
+- $query = "UPDATE `clinical_plans` SET `" . add_escape_custom($type) . "_flag`= ? WHERE id = ? AND pid = ?";
++ $query = "UPDATE `clinical_plans` SET `" . escape_sql_column_name($type."_flag",array("clinical_plans")) . "`= ? WHERE id = ? AND pid = ?";
+ sqlStatementCdrEngine($query, array($setting,$plan,$patient_id) );
+
+ }
+--- a/library/gen_hcfa_1500.inc.php
++++ b/library/gen_hcfa_1500.inc.php
+@@ -7,13 +7,28 @@
+ // of the License, or (at your option) any later version.
+
+ require_once("Claim.class.php");
++require_once("gen_hfca_1500_02_12.inc.php");
+
+ $hcfa_curr_line = 1;
+ $hcfa_curr_col = 1;
+ $hcfa_data = '';
+ $hcfa_proc_index = 0;
+
+-function put_hcfa($line, $col, $maxlen, $data) {
++
++/**
++ * take the data element and place it at the correct coordinates on the page
++ *
++ * @global int $hcfa_curr_line
++ * @global type $hcfa_curr_col
++ * @global type $hcfa_data
++ * @param type $line
++ * @param type $col
++ * @param type $maxlen
++ * @param type $data
++ * @param type $strip regular expression for what to strip from the data. period and has are the defaults
++ * 02/12 version needs to include periods in the diagnoses hence the need to override
++ */
++function put_hcfa($line, $col, $maxlen, $data,$strip='/[.#]/') {
+ global $hcfa_curr_line, $hcfa_curr_col, $hcfa_data;
+ if ($line < $hcfa_curr_line)
+ die("Data item at ($line, $col) precedes current line.");
+@@ -28,7 +43,7 @@ function put_hcfa($line, $col, $maxlen,
+ $hcfa_data .= " ";
+ ++$hcfa_curr_col;
+ }
+- $data = preg_replace('/[.#]/', '', strtoupper($data));
++ $data = preg_replace($strip, '', strtoupper($data));
+ $len = min(strlen($data), $maxlen);
+ $hcfa_data .= substr($data, 0, $len);
+ $hcfa_curr_col += $len;
+@@ -82,14 +97,17 @@ function gen_hcfa_1500_page($pid, $encou
+ put_hcfa(5, 41, 31, $tmp . $claim->payerState() . ' ' . $claim->payerZip());
+
+ // Box 1. Insurance Type
+- $ct = $claim->claimType();
+- $tmpcol = 45; // Other
+- if ($ct === 'MB') $tmpcol = 1; // Medicare
+- else if ($ct === 'MC') $tmpcol = 8; // Medicaid
+- else if ($ct === 'CH') $tmpcol = 15; // Champus
+- else if ($ct === 'CH') $tmpcol = 24; // Champus VA (why same code?)
+- else if ($ct === 'BL') $tmpcol = 31; // Group Health Plan (only BCBS?)
+- else if ($ct === '16') $tmpcol = 39; // FECA
++ // claimTypeRaw() gets the integer value from insurance_companies.freeb_type.
++ // Previous version of this code called claimType() which maps freeb_type to
++ // a 2-character code and that was not specific enough.
++ $ct = $claim->claimTypeRaw();
++ $tmpcol = 45; // Other
++ if ($ct == 2) $tmpcol = 1; // Medicare
++ else if ($ct == 3) $tmpcol = 8; // Medicaid
++ else if ($ct == 5) $tmpcol = 15; // TriCare (formerly CHAMPUS)
++ else if ($ct == 4) $tmpcol = 24; // Champus VA
++ else if ($ct == 6) $tmpcol = 31; // Group Health Plan (only BCBS?)
++ else if ($ct == 7) $tmpcol = 39; // FECA
+ put_hcfa(8, $tmpcol, 1, 'X');
+
+ // Box 1a. Insured's ID Number
+@@ -133,12 +151,15 @@ function gen_hcfa_1500_page($pid, $encou
+ put_hcfa(14, 26, 2, $claim->patientState());
+
+ // Box 8. Patient (Marital) Status
+- $tmp = $claim->patientStatus();
+- $tmpcol = 47; // Other
+- if ($tmp === 'S') $tmpcol = 35; // Single
+- else if ($tmp === 'M') $tmpcol = 41; // Married
+- put_hcfa(14, $tmpcol, 1, 'X');
+-
++ if(!hcfa_1500_version_02_12()) // Box 8 Reserved for NUCC Use in 02/12
++ {
++ $tmp = $claim->patientStatus();
++ $tmpcol = 47; // Other
++ if ($tmp === 'S') $tmpcol = 35; // Single
++ else if ($tmp === 'M') $tmpcol = 41; // Married
++ put_hcfa(14, $tmpcol, 1, 'X');
++ }
++
+ // Box 7 continued. Insured's City and State
+ put_hcfa(14, 50, 20, $claim->insuredCity());
+ put_hcfa(14, 74, 2, $claim->insuredState());
+@@ -150,10 +171,13 @@ function gen_hcfa_1500_page($pid, $encou
+ put_hcfa(16, 19, 7, substr($tmp,3));
+
+ // Box 8 continued. Patient (Employment) Status
+- $tmp = $claim->patientOccupation();
+- if ($tmp === 'STUDENT' ) put_hcfa(16, 41, 1, 'X');
+- else if ($tmp === 'PT STUDENT') put_hcfa(16, 47, 1, 'X');
+- else if ($tmp !== 'UNEMPLOYED') put_hcfa(16, 35, 1, 'X');
++ if(!hcfa_1500_version_02_12()) // Box 8 Reserved for NUCC Use in 02/12
++ {
++ $tmp = $claim->patientOccupation();
++ if ($tmp === 'STUDENT' ) put_hcfa(16, 41, 1, 'X');
++ else if ($tmp === 'PT STUDENT') put_hcfa(16, 47, 1, 'X');
++ else if ($tmp !== 'UNEMPLOYED') put_hcfa(16, 35, 1, 'X');
++ }
+
+ // Box 7 continued. Insured's Zip Code and Telephone
+ put_hcfa(16, 50, 10, $claim->insuredZip());
+@@ -220,19 +244,22 @@ function gen_hcfa_1500_page($pid, $encou
+ }
+
+ // Box 9b. Other Insured's Birth Date and Sex
+- if ($new_medicare_logic) {
+- // TBD: Medigap stuff?
+- }
+- else {
+- if ($claim->payerCount() > 1) {
+- $tmp = $claim->insuredDOB(1);
+- put_hcfa(22, 2, 2, substr($tmp,4,2));
+- put_hcfa(22, 5, 2, substr($tmp,6,2));
+- put_hcfa(22, 8, 4, substr($tmp,0,4));
+- put_hcfa(22, $claim->insuredSex(1) == 'M' ? 18 : 24, 1, 'X');
++ if(!hcfa_1500_version_02_12()) // Box 9b Reserved for NUCC Use in 02/12
++ {
++ if ($new_medicare_logic) {
++ // TBD: Medigap stuff?
++ }
++ else {
++ if ($claim->payerCount() > 1) {
++ $tmp = $claim->insuredDOB(1);
++ put_hcfa(22, 2, 2, substr($tmp,4,2));
++ put_hcfa(22, 5, 2, substr($tmp,6,2));
++ put_hcfa(22, 8, 4, substr($tmp,0,4));
++ put_hcfa(22, $claim->insuredSex(1) == 'M' ? 18 : 24, 1, 'X');
++ }
+ }
+ }
+-
++
+ // Box 10b. Auto Accident
+ put_hcfa(22, $claim->isRelatedAuto() ? 35 : 41, 1, 'X');
+ if ($claim->isRelatedAuto())
+@@ -248,15 +275,18 @@ function gen_hcfa_1500_page($pid, $encou
+ put_hcfa(22, 50, 30, $tmp);
+
+ // Box 9c. Other Insured's Employer/School Name
+- if ($new_medicare_logic) {
+- // TBD: Medigap stuff?
+- }
+- else {
+- if ($claim->payerCount() > 1) {
+- put_hcfa(24, 1, 28, $claim->groupName(1));
++ if(!hcfa_1500_version_02_12()) // Box 9c Reserved for NUCC Use in 02/12
++ {
++ if ($new_medicare_logic) {
++ // TBD: Medigap stuff?
++ }
++ else {
++ if ($claim->payerCount() > 1) {
++ put_hcfa(24, 1, 28, $claim->groupName(1));
++ }
+ }
+ }
+-
++
+ // Box 10c. Other Accident
+ put_hcfa(24, $claim->isRelatedOther() ? 35 : 41, 1, 'X');
+
+@@ -300,12 +330,26 @@ function gen_hcfa_1500_page($pid, $encou
+ put_hcfa(32, 2, 2, substr($tmp,4,2));
+ put_hcfa(32, 5, 2, substr($tmp,6,2));
+ put_hcfa(32, 8, 4, substr($tmp,0,4));
+-
++
++ if(hcfa_1500_version_02_12() && !empty($tmp))
++ {
++ // Only include the Box 14 qualifier if there we are using version 02/12 and there is a Box 14 date.
++ put_hcfa(32, 16, 3, $claim->box14qualifier());
++
++ }
+ // Box 15. First Date of Same or Similar Illness, if applicable
+ $tmp = $claim->dateInitialTreatment();
+- put_hcfa(32,36, 2, substr($tmp,4,2));
+- put_hcfa(32,39, 2, substr($tmp,6,2));
+- put_hcfa(32,42, 4, substr($tmp,0,4));
++ if(hcfa_1500_version_02_12() && !empty($tmp))
++ {
++ // Only include the Box 15 qualifier if there we are using version 02/12 and there is a Box 15 date.
++ put_hcfa(32, 31, 3, $claim->box15qualifier());
++ }
++
++
++ put_hcfa(32,37, 2, substr($tmp,4,2));
++ put_hcfa(32,40, 2, substr($tmp,6,2));
++ put_hcfa(32,43, 4, substr($tmp,0,4));
++
+
+ // Box 16. Dates Patient Unable to Work in Current Occupation
+ if ($claim->isUnableToWork()) {
+@@ -327,10 +371,14 @@ function gen_hcfa_1500_page($pid, $encou
+ (empty($GLOBALS['MedicareReferrerIsRenderer']) || $claim->claimType() != 'MB'))
+ {
+ // Box 17a. Referring Provider Alternate Identifier
++ // Commented this out because UPINs are obsolete, leaving the code as an
++ // example in case some other identifier needs to be supported.
++ /*****************************************************************
+ if ($claim->referrerUPIN() && $claim->claimType() != 'MB') {
+ put_hcfa(33, 30, 2, '1G');
+ put_hcfa(33, 33, 15, $claim->referrerUPIN());
+ }
++ *****************************************************************/
+
+ // Box 17. Name of Referring Provider or Other Source
+ $tmp = $claim->referrerLastName() . ', ' . $claim->referrerFirstName();
+@@ -367,36 +415,42 @@ function gen_hcfa_1500_page($pid, $encou
+ put_hcfa(36, 63, 8, sprintf('%8s', $claim->outsideLabAmount()));
+ }
+
+- // Box 21. Diagnoses
+- $tmp = $claim->diagArray();
+- $diags = array();
+- foreach ($tmp as $diag) $diags[] = $diag;
+- if (!empty($diags[0])) {
+- put_hcfa(38, 3, 3, substr($diags[0], 0, 3));
+- put_hcfa(38, 7, 2, substr($diags[0], 3));
+- }
+- if (!empty($diags[2])) {
+- put_hcfa(38, 30, 3, substr($diags[2], 0, 3));
+- put_hcfa(38, 34, 2, substr($diags[2], 3));
+- }
+-
+- // Box 22. Medicaid Resubmission Code and Original Ref. No.
+- put_hcfa(38, 50, 10, $claim->medicaidResubmissionCode());
+- put_hcfa(38, 62, 10, $claim->medicaidOriginalReference());
+-
+- // Box 21 continued. Diagnoses
+- if (!empty($diags[1])) {
+- put_hcfa(40, 3, 3, substr($diags[1], 0, 3));
+- put_hcfa(40, 7, 2, substr($diags[1], 3));
+- }
+- if (!empty($diags[3])) {
+- put_hcfa(40, 30, 3, substr($diags[3], 0, 3));
+- put_hcfa(40, 34, 2, substr($diags[3], 3));
++ if(hcfa_1500_version_02_12())
++ {
++ process_diagnoses_02_12($claim,$log);
+ }
++ else
++ {
++ // Box 21. Diagnoses
++ $tmp = $claim->diagArray();
++ $diags = array();
++ foreach ($tmp as $diag) $diags[] = $diag;
++ if (!empty($diags[0])) {
++ put_hcfa(38, 3, 3, substr($diags[0], 0, 3));
++ put_hcfa(38, 7, 2, substr($diags[0], 3));
++ }
++ if (!empty($diags[2])) {
++ put_hcfa(38, 30, 3, substr($diags[2], 0, 3));
++ put_hcfa(38, 34, 2, substr($diags[2], 3));
++ }
++
++ // Box 22. Medicaid Resubmission Code and Original Ref. No.
++ put_hcfa(38, 50, 10, $claim->medicaidResubmissionCode());
++ put_hcfa(38, 62, 10, $claim->medicaidOriginalReference());
++
++ // Box 21 continued. Diagnoses
++ if (!empty($diags[1])) {
++ put_hcfa(40, 3, 3, substr($diags[1], 0, 3));
++ put_hcfa(40, 7, 2, substr($diags[1], 3));
++ }
++ if (!empty($diags[3])) {
++ put_hcfa(40, 30, 3, substr($diags[3], 0, 3));
++ put_hcfa(40, 34, 2, substr($diags[3], 3));
++ }
+
+- // Box 23. Prior Authorization Number
+- put_hcfa(40, 50, 28, $claim->priorAuth());
+-
++ // Box 23. Prior Authorization Number
++ put_hcfa(40, 50, 28, $claim->priorAuth());
++ }
+ $proccount = $claim->procCount(); // number of procedures
+
+ // Charges, adjustments and payments are accumulated by line item so that
+@@ -494,7 +548,15 @@ function gen_hcfa_1500_page($pid, $encou
+
+ // 24e. Diagnosis Pointer
+ $tmp = '';
+- foreach ($claim->diagIndexArray($hcfa_proc_index) as $value) $tmp .= $value;
++ foreach ($claim->diagIndexArray($hcfa_proc_index) as $value)
++ {
++ if(hcfa_1500_version_02_12())// For 02/12 Version convert number to letter.
++ {
++ // ASCII A is 65, since diagIndexArray is ones based, this will make 1->A, 2->B...
++ $value=chr($value+64);
++ }
++ $tmp .= $value;
++ }
+ put_hcfa($lino, 45, 4, $tmp);
+
+ // 24f. Charges
+@@ -540,9 +602,12 @@ function gen_hcfa_1500_page($pid, $encou
+ // 30. Balance Due
+ // For secondary payers this reflects primary "contracted rate" adjustments,
+ // so in general box 30 will not equal box 28 minus box 29.
+- put_hcfa(56, 71, 8, str_replace('.',' ',sprintf('%8.2f',
+- $clm_total_charges - $clm_amount_paid - $clm_amount_adjusted)));
+-
++ if(!hcfa_1500_version_02_12()) // Box 30 Reserved for NUCC Use in 02/12
++ {
++ put_hcfa(56, 71, 8, str_replace('.',' ',sprintf('%8.2f',
++ $clm_total_charges - $clm_amount_paid - $clm_amount_adjusted)));
++ }
++
+ // 33. Billing Provider: Phone Number
+ $tmp = $claim->billingContactPhone();
+ put_hcfa(57, 66, 3, substr($tmp,0,3));
+@@ -564,7 +629,15 @@ function gen_hcfa_1500_page($pid, $encou
+ // FreeB printed the rendering provider's name and the current date here,
+ // but according to my instructions it must be a real signature and date,
+ // or else "Signature on File" or "SOF".
+- put_hcfa(60, 1, 20, 'Signature on File');
++
++ if($GLOBALS['cms_1500_box_31_format']==0)
++ {
++ put_hcfa(60, 1, 20, 'Signature on File');
++ }
++ else if($GLOBALS['cms_1500_box_31_format']==1)
++ {
++ put_hcfa(60, 1, 22, $claim->providerFirstName()." ".$claim->providerLastName());
++ }
+ //
+ // $tmp = $claim->providerFirstName();
+ // if ($claim->providerMiddleName()) $tmp .= ' ' . substr($claim->providerMiddleName(),0,1);
+@@ -580,6 +653,21 @@ function gen_hcfa_1500_page($pid, $encou
+ put_hcfa(60, 50, 27, $tmp . $claim->billingFacilityState() . ' ' .
+ $claim->billingFacilityZip());
+
++ // 31. Signature of Physician or Supplier: Date
++ if($GLOBALS['cms_1500_box_31_date']>0)
++ {
++ if($GLOBALS['cms_1500_box_31_date']==1)
++ {
++ $date_of_service= $claim->serviceDate();
++ $MDY=substr($date_of_service,4,2)." ".substr($date_of_service,6,2)." ".substr($date_of_service,2,2);
++ }
++ else if($GLOBALS['cms_1500_box_31_date']==2)
++ {
++ $MDY=date("m/d/y");
++ }
++ put_hcfa(61,6,10,$MDY);
++ }
++
+ // 32a. Service Facility NPI
+ put_hcfa(61, 24, 10, $claim->facilityNPI());
+
+--- /dev/null
++++ b/library/gen_hfca_1500_02_12.inc.php
+@@ -0,0 +1,179 @@
++<?php
++/**
++ * Utilities to support HCFA 1500 02/12 Version
++ * For details on format refer to:
++ * <http://www.nucc.org/index.php?option=com_content&view=article&id=186&Itemid=138>
++ *
++ * Copyright (C) 2013 Kevin Yeh <kevin.y at integralemr.com> and OEMR <www.oemr.org>
++ *
++ * LICENSE: This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 3
++ * of the License, or (at your option) any later version.
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ * You should have received a copy of the GNU General Public License
++ * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
++ *
++ * @package OpenEMR
++ * @author Kevin Yeh <kevin.y at integralemr.com>
++ * @link http://www.open-emr.org
++ */
++
++/**
++ *
++ * @return type Is the system configured to use the 02/12 version of the form
++ */
++function hcfa_1500_version_02_12()
++{
++ return $GLOBALS['cms_1500']=='1';
++}
++
++
++/**
++ * Helper class to manage which rows and columns information belong in.
++ * This allows "out of order" creation of the content.
++ */
++class hcfa_info
++{
++ protected $row;
++ protected $column;
++ protected $width;
++ protected $info;
++
++ /**
++ *
++ * @param type $row Which row to put this data on
++ * @param type $column Which column to put this data in
++ * @param type $width How many characters max to print on
++ * @param type $info The text to print on the form at the specified location
++ */
++ public function __construct($row,$column,$width,$info)
++ {
++ $this->row=$row;
++ $this->column=$column;
++ $this->width=$width;
++ $this->info=$info;
++ }
++
++ /**
++ * Determine relative position of an element
++ *
++ * @return type integer
++ */
++ public function get_position()
++ {
++ return $this->row*100+$this->column;
++ }
++
++ /**
++ * Add the info to the form
++ */
++ public function put()
++ {
++ // Override the default value for "strip" with put_hcfa to keep periods
++ put_hcfa($this->row,$this->column,$this->width,$this->info,'/#/');
++ }
++}
++
++/**
++ * comparator function for hfca_info class to allow proper sorting
++ *
++ * @param type $first
++ * @param type $second
++ * @return int
++ */
++function cmp_hcfa_info($first,$second)
++{
++ $first_value=$first->get_position();
++ $second_value=$second->get_position();
++ if($first_value==$second_value)
++ {
++ return 0;
++ }
++ return $first_value<$second_value ? -1 : 1;
++}
++
++/**
++ * calculate where on the form a given diagnosis belongs and add it to the entries
++ *
++ * @param array $hcfa_entries
++ * @param type $number
++ * @param type $diag
++ */
++function add_diagnosis(&$hcfa_entries,$number,$diag)
++{
++ /*
++ * The diagnoses go across the page.
++ * Positioned
++ * A B C D
++ * E F G H
++ * I J K L
++ */
++ $column_num = ($number%4);
++ $row_num = (int)($number / 4);
++
++ // First column is at location 3, each column is 13 wide
++ $col_pos=3+13*$column_num;
++
++ // First diagnosis row is 38
++ $row_pos=38+$row_num;
++ $hcfa_entries[]=new hcfa_info($row_pos,$col_pos,6,$diag);
++
++
++}
++
++/**
++ * Process the diagnoses for a given claim. log any errors
++ *
++ * @param type $claim
++ * @param string $log
++ */
++function process_diagnoses_02_12(&$claim,&$log)
++{
++
++ $hcfa_entries=array();
++ $diags = $claim->diagArray(false);
++ if($claim->diagtype=='ICD10')
++ {
++ $icd_indicator='0';
++ }
++ else
++ {
++ $icd_indicator='9';
++ }
++
++ $hcfa_entries[]=new hcfa_info(37,42,1,$icd_indicator);
++
++ // Box 22. Medicaid Resubmission Code and Original Ref. No.
++ $hcfa_entries[]=new hcfa_info(38,50,10,$claim->medicaidResubmissionCode());
++ $hcfa_entries[]=new hcfa_info(38,62,10,$claim->medicaidOriginalReference());
++
++ // Box 23. Prior Authorization Number
++ $hcfa_entries[]=new hcfa_info(40,50,28,$claim->priorAuth());
++
++ $diag_count=0;
++ foreach($diags as $diag)
++ {
++ if($diag_count<12)
++ {
++ add_diagnosis($hcfa_entries,$diag_count,$diag);
++ }
++ else
++ {
++ $log.= "***Too many diagnoses ".($diag_count+1).":".$diag;
++ }
++ $diag_count++;
++ }
++
++ // Sort the entries to put them in the page base sequence.
++ usort($hcfa_entries,"cmp_hcfa_info");
++
++ foreach($hcfa_entries as $hcfa_entry)
++ {
++ $hcfa_entry->put();
++ }
++}
++?>
+--- a/library/globals.inc.php
++++ b/library/globals.inc.php
+@@ -659,6 +659,39 @@ $GLOBALS_METADATA = array(
+ '0', // default = true
+ xl('This will use the custom immunizations list rather than the standard CVX immunization list.')
+ ),
++
++ 'cms_1500' => array(
++ xl('CMS 1500 Paper Form Format'),
++ array(
++ '0' => xl('08/05'),
++ '1' => xl('02/12'),
++ ),
++ '0', // default
++ xl('This specifies which revision of the form the billing module should generate')
++ ),
++
++ 'cms_1500_box_31_format' => array(
++ xl('CMS 1500: Box 31 Format'),
++ array(
++ '0' => xl('Signature on File'),
++ '1' => xl('Firstname Lastname'),
++ '2' => xl('None'),
++ ),
++ '0', // default
++ xl('This specifies whether to include date in Box 31.')
++ ),
++
++
++ 'cms_1500_box_31_date' => array(
++ xl('CMS 1500: Date in Box 31 (Signature)'),
++ array(
++ '0' => xl('None'),
++ '1' => xl('Date of Service'),
++ '2' => xl('Today'),
++ ),
++ '0', // default
++ xl('This specifies whether to include date in Box 31.')
++ ),
+
+ ),
+
+--- a/library/immunization_helper.php
++++ b/library/immunization_helper.php
+@@ -32,7 +32,7 @@ function getImmunizationList($pid,$sortb
+ $sql = "select i1.id ,i1.immunization_id, i1.cvx_code, i1.administered_date, c.code_text_short, c.code".
+ ",i1.manufacturer ,i1.lot_number ".
+ ",ifnull(concat(u.lname,', ',u.fname),'Other') as administered_by ".
+- ",i1.education_date ,i1.note ".
++ ",i1.education_date ,i1.note ". ",i1.expiration_date " .
+ ",i1.amount_administered, i1.amount_administered_unit, i1.route, i1.administration_site, i1.added_erroneously".
+ " from immunizations i1 ".
+ " left join users u on i1.administered_by_id = u.id ".
+--- a/library/log.inc
++++ b/library/log.inc
+@@ -764,7 +764,7 @@ function updateRecordedDisclosure($dates
+ */
+ function deleteDisclosure($deletelid)
+ {
+- $sql="delete from extended_log where id='$deletelid'";
++ $sql="delete from extended_log where id='" . add_escape_custom($deletelid) . "'";
+ $ret = sqlInsertClean_audit($sql);
+ }
+ ?>
+--- a/library/pid.inc
++++ b/library/pid.inc
+@@ -11,13 +11,23 @@ require_once("$srcdir/log.inc");
+ function setpid($new_pid) {
+ global $pid, $encounter;
+
++ // Escape $new_pid by forcing it to an integer to protect from sql injection
++ $new_pid_int = intval($new_pid);
++ // If the $new_pid was not an integer, then send an error to error log
++ if (!is_numeric($new_pid)) {
++ error_log("Critical OpenEMR Error: Attempt to set pid to following non-integer value was denied: ".$new_pid,0);
++ error_log("Requested pid ".$new_pid,0);
++ error_log("Returned pid ".$new_pid_int,0);
++ }
++
+ // Be careful not to clear the encounter unless the pid is really changing.
+- if (!isset($_SESSION['pid']) || $pid != $new_pid || $pid != $_SESSION['pid']) {
++ if (!isset($_SESSION['pid']) || $pid != $new_pid_int || $pid != $_SESSION['pid']) {
+ $_SESSION['encounter'] = $encounter = 0;
+ }
+
+- $_SESSION['pid'] = $new_pid;
+- $pid = $new_pid;
++ // Set pid to the escaped pid
++ $_SESSION['pid'] = $new_pid_int;
++ $pid = $new_pid_int;
+
+ newEvent("view", $_SESSION["authUser"], $_SESSION["authProvider"], 1, $pid);
+ }
+--- a/library/report.inc
++++ b/library/report.inc
+@@ -91,7 +91,7 @@ subscriber_lname => "Subscriber Last Nam
+ subscriber_relationship => "Subscriber Relationship: ",
+ subscriber_ss => "Subscriber SS: ",
+ subscriber_DOB => "Subscriber Date of Birth: ",
+-subscriber_phone => "Subscribter Phone: ",
++subscriber_phone => "Subscriber Phone: ",
+ subscriber_street => "Subscriber Address: ",
+ subscriber_postal_code => "Subscriber Zip: ",
+ subscriber_city => "Subscriber City: ",
+--- a/library/translation.inc.php
++++ b/library/translation.inc.php
+@@ -32,9 +32,8 @@ function xl($constant,$mode='r',$prepend
+ // second, attempt translation
+ $sql="SELECT * FROM lang_definitions JOIN lang_constants ON " .
+ "lang_definitions.cons_id = lang_constants.cons_id WHERE " .
+- "lang_id='$lang_id' AND constant_name = '" .
+- add_escape_custom($constant) . "' LIMIT 1";
+- $res = sqlStatementNoLog($sql);
++ "lang_id=? AND constant_name = ? LIMIT 1";
++ $res = sqlStatementNoLog($sql,array($lang_id,$constant));
+ $row = SqlFetchArray($res);
+ $string = $row['definition'];
+ if ($string == '') { $string = "$constant"; }
+@@ -223,7 +222,7 @@ function getLanguageTitle($val) {
+ }
+
+ // get language title
+- $res = sqlStatement("select lang_description from lang_languages where lang_id = '".$lang_id."'");
++ $res = sqlStatement("select lang_description from lang_languages where lang_id =?",array($lang_id));
+ for ($iter = 0;$row = sqlFetchArray($res);$iter++) $result[$iter] = $row;
+ $languageTitle = $result[0]{"lang_description"};
+ return $languageTitle;
+--- a/setup.php
++++ b/setup.php
+@@ -54,7 +54,7 @@ if (!$COMMAND_LINE && !empty($_REQUEST['
+
+ // Die if site ID is empty or has invalid characters.
+ if (empty($site_id) || preg_match('/[^A-Za-z0-9\\-.]/', $site_id))
+- die("Site ID '$site_id' contains invalid characters.");
++ die("Site ID '".htmlspecialchars($site_id,ENT_NOQUOTES)."' contains invalid characters.");
+
+ //If having problems with file and directory permission
+ // checking, then can be manually disabled here.
+--- a/sql/database.sql
++++ b/sql/database.sql
+@@ -1166,6 +1166,8 @@ CREATE TABLE `form_misc_billing_options`
+ `prior_auth_number` varchar(20) default NULL,
+ `comments` varchar(255) default NULL,
+ `replacement_claim` tinyint(1) default 0,
++ `box_14_date_qual` char(3) default NULL,
++ `box_15_date_qual` char(3) default NULL,
+ PRIMARY KEY (`id`)
+ ) ENGINE=MyISAM AUTO_INCREMENT=1 ;
+
+--- a/sql/patch.sql
++++ b/sql/patch.sql
+@@ -48,3 +48,13 @@
+ -- #EndIf
+ -- all blocks are terminated with and #EndIf statement.
+
++#IfMissingColumn form_misc_billing_options box_14_date_qual
++ALTER TABLE `form_misc_billing_options`
++ADD COLUMN `box_14_date_qual` CHAR(3) NULL DEFAULT NULL;
++#EndIf
++
++#IfMissingColumn form_misc_billing_options box_15_date_qual
++ALTER TABLE `form_misc_billing_options`
++ADD COLUMN `box_15_date_qual` CHAR(3) NULL DEFAULT NULL;
++#EndIf
++
+--- a/version.php
++++ b/version.php
+@@ -11,7 +11,7 @@ $v_tag = ''; // minor revision number,
+ // A real patch identifier. This is incremented when release a patch for a
+ // production release. Not the above $v_patch variable is a misnomer and actually
+ // stores release version information.
+-$v_realpatch = '3';
++$v_realpatch = '6';
+
+ // Database version identifier, this is to be incremented whenever there
+ // is a database change in the course of development. It is used
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/openemr.git
More information about the debian-med-commit
mailing list