Esempi in PHP per check_file_dir_name

Esempio n. 1

File: delete_form.php Progetto: bayayoba/openemr

 * of the License, or (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
 *
 * @package OpenEMR
 * @author  Roberto Vasquez <*****@*****.**>
 * @link    http://www.open-emr.org
 */
include_once "../../globals.php";
// allow a custom 'delete' form
$deleteform = $incdir . "/forms/" . $_REQUEST["formname"] . "/delete.php";
check_file_dir_name($_REQUEST["formname"]);
if (file_exists($deleteform)) {
    include_once $deleteform;
    exit;
}
// if no custom 'delete' form, then use a generic one
// when the Cancel button is pressed, where do we go?
$returnurl = $GLOBALS['concurrent_layout'] ? 'encounter_top.php' : 'patient_encounter.php';
if ($_POST['confirm']) {
    // set the deleted flag of the indicated form
    $sql = "update forms set deleted=1 where id= ?";
    if ($_POST['id'] != "*" && $_POST['id'] != '') {
        sqlInsert($sql, array($_POST['id']));
    }
    // log the event
    newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Form " . $_POST['formname'] . " deleted from Encounter " . $_POST['encounter']);

Esempio n. 2

File: upload_dialog.php Progetto: katopenzz/openemr

echo xl($css_header, 'e');
?>
" type="text/css">
</head>
<body>

<?php 
$errmsg = '';
if ($_POST["form_submit"] || $_POST["form_delete"]) {
    if (!file_exists($patientdir)) {
        mkdir($patientdir);
    }
    if (!file_exists($imagedir)) {
        mkdir($imagedir);
    }
    check_file_dir_name($what);
    $filename = "{$imagedir}/{$what}.jpg";
    if ($_POST["form_delete"]) {
        unlink($filename);
    } else {
        // Check if the upload worked.
        //
        if (!$errmsg) {
            if (!is_uploaded_file($_FILES['userfile']['tmp_name'])) {
                $errmsg = "Upload failed!  Make sure the path/filename is valid " . "and the file is less than 4,000,000 bytes.";
            }
        }
        // Copy the image to its destination.
        //
        if (!$errmsg) {
            /***************************************************************

Esempio n. 3

File: ajax_download.php Progetto: juggernautsei/openemr

$fileName = isset($_GET['fileName']) ? $_GET['fileName'] : "";
$provider_id = $_POST['provider_id'];
if ($fileName) {
    $fileList = explode(",", $fileName);
    //if ( strpos($fileName,",") !== FALSE ) {
    if (count($fileList) > 1) {
        // Multiple files, zip them together
        $zip = new ZipArchive();
        $currentTime = date("Y-m-d-H-i-s");
        global $qrda_file_path;
        $finalZip = $qrda_file_path . "QRDA_2014_1_" . $currentTime . ".zip";
        if ($zip->open($finalZip, ZIPARCHIVE::CREATE) != TRUE) {
            echo xlt("FAILURE: Couldn't create the zip");
        }
        foreach ($fileList as $eachFile) {
            check_file_dir_name($eachFile);
            $zip->addFile($qrda_file_path . $eachFile, $eachFile);
        }
        $zip->close();
        foreach ($fileList as $eachFile) {
            unlink($qrda_file_path . $eachFile);
        }
    } else {
        $finalZip = $qrda_file_path . $fileList[0];
    }
    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Content-Type: application/force-download");
    header("Content-Length: " . filesize($finalZip));
    header("Content-Disposition: attachment; filename=" . basename($finalZip) . ";");

Esempio n. 4

File: load_form.php Progetto: mindfeederllc/openemr

<?php

// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
$special_timeout = 3600;
include_once "../../globals.php";
if (substr($_GET["formname"], 0, 3) === 'LBF') {
    // Use the List Based Forms engine for all LBFxxxxx forms.
    include_once "{$incdir}/forms/LBF/new.php";
} else {
    if (!empty($_GET['pid']) && $_GET['pid'] > 0) {
        $pid = $_GET['pid'];
        $encounter = $_GET['encounter'];
    }
    if ($_GET["formname"] != "newpatient") {
        include_once "{$incdir}/patient_file/encounter/new_form.php";
    }
    // ensure the path variable has no illegal characters
    check_file_dir_name($_GET["formname"]);
    include_once "{$incdir}/forms/" . $_GET["formname"] . "/new.php";
}

Esempio n. 5

File: qrda_download.php Progetto: juggernautsei/openemr

 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
 *
 * @package OpenEMR
 * @author  Ensoftek
 * @link    http://www.open-emr.org
 */
// This program exports(Download) to QRDA Category III XML.
//SANITIZE ALL ESCAPES
$sanitize_all_escapes = true;
//STOP FAKE REGISTER GLOBALS
$fake_register_globals = false;
require_once "../interface/globals.php";
$qrda_fname = $_GET['qrda_fname'];
check_file_dir_name($qrda_fname);
if ($qrda_fname != "") {
    $qrda_file_path = $GLOBALS['OE_SITE_DIR'] . "/documents/cqm_qrda/";
    $xmlurl = $qrda_file_path . $qrda_fname;
    header("Pragma: public");
    // required
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Cache-Control: private", false);
    // required for certain browsers
    header('Content-type: application/xml');
    header("Content-Disposition: attachment; filename=\"" . basename($xmlurl) . "\";");
    header("Content-Transfer-Encoding: binary");
    header("Content-Length: " . filesize($xmlurl));
    ob_clean();
    flush();

Esempio n. 6

File: trend_form.php Progetto: minggLu/openemr

if ($is_lbf) {
    ?>
  show_graph('<?php 
    echo $formname;
    ?>
','<?php 
    echo $default['field_id'];
    ?>
','<?php 
    echo $default['title'];
    ?>
');
<?php 
} else {
    ?>
  show_graph('form_vitals','bps','');
<?php 
}
?>
});
</script>
	
<?php 
if ($is_lbf) {
    // Use the List Based Forms engine for all LBFxxxxx forms.
    include_once "{$incdir}/forms/LBF/new.php";
} else {
    // ensure the path variable has no illegal characters
    check_file_dir_name($formname);
    include_once "{$incdir}/forms/{$formname}/new.php";
}

Esempio n. 7

File: fax_dispatch.php Progetto: juggernautsei/openemr

//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
require_once "../globals.php";
require_once "{$srcdir}/patient.inc";
require_once "{$srcdir}/pnotes.inc";
require_once "{$srcdir}/forms.inc";
require_once "{$srcdir}/options.inc.php";
require_once "{$srcdir}/gprelations.inc.php";
if ($_GET['file']) {
    $mode = 'fax';
    $filename = $_GET['file'];
    // ensure the file variable has no illegal characters
    check_file_dir_name($filename);
    $filepath = $GLOBALS['hylafax_basedir'] . '/recvq/' . $filename;
} else {
    if ($_GET['scan']) {
        $mode = 'scan';
        $filename = $_GET['scan'];
        $filepath = $GLOBALS['scanner_output_directory'] . '/' . $filename;
    } else {
        die("No filename was given.");
    }
}
$ext = substr($filename, strrpos($filename, '.'));
$filebase = basename("/{$filename}", $ext);
$faxcache = $GLOBALS['OE_SITE_DIR'] . "/faxcache/{$mode}/{$filebase}";
$info_msg = "";
// This function builds an array of document categories recursively.