CVE-2023-2947: fix: bug fix (#6296) · openemr/openemr@8d2d601

Expand Up @@ -120,13 +120,13 @@ function sqlQuery($statement, $link) } }
echo " <td>$sfname</td>\n"; echo " <td>$dbase</td>\n"; echo " <td>" . htmlspecialchars($sfname, ENT_NOQUOTES) . “</td>\n"; echo " <td>” . htmlspecialchars($dbase, ENT_NOQUOTES) . “</td>\n";
if (!$config) { echo " <td colspan=’3’><a href=’setup.php?site=$sfname’ class=’text-decoration-none’>Needs setup, click here to run it</a></td>\n"; echo " <td colspan=’3’><a href=’setup.php?site=” . htmlspecialchars(urlencode($sfname), ENT_QUOTES) . “’ class=’text-decoration-none’>Needs setup, click here to run it</a></td>\n"; } elseif ($errmsg) { echo " <td colspan=’3’ class=’text-danger’>$errmsg</td>\n"; echo " <td colspan=’3’ class=’text-danger’>” . htmlspecialchars($errmsg, ENT_NOQUOTES) . "</td>\n"; } else { // Get site name for display. $row = sqlQuery(“SELECT gl_value FROM globals WHERE gl_name = ‘openemr_name’ LIMIT 1", $dbh); Expand All @@ -152,20 +152,20 @@ function sqlQuery($statement, $link) }
// Display relevant columns. echo " <td>$openemr_name</td>\n"; echo " <td>$openemr_version</td>\n"; echo " <td>” . htmlspecialchars($openemr_name, ENT_NOQUOTES) . “</td>\n"; echo " <td>” . htmlspecialchars($openemr_version, ENT_NOQUOTES) . “</td>\n"; if ($v_database != $database_version) { echo " <td><a href=’sql_upgrade.php?site=$sfname’ class=’text-decoration-none’>Upgrade Database</a></td>\n"; echo " <td><a href=’sql_upgrade.php?site=” . htmlspecialchars(urlencode($sfname), ENT_QUOTES) . “’ class=’text-decoration-none’>Upgrade Database</a></td>\n"; } elseif (($v_acl > $database_acl)) { echo " <td><a href=’acl_upgrade.php?site=$sfname’ class=’text-decoration-none’>Upgrade Access Controls</a></td>\n"; echo " <td><a href=’acl_upgrade.php?site=” . htmlspecialchars(urlencode($sfname), ENT_QUOTES) . “’ class=’text-decoration-none’>Upgrade Access Controls</a></td>\n"; } elseif (($v_realpatch != $database_patch)) { echo " <td><a href=’sql_patch.php?site=$sfname’ class=’text-decoration-none’>Patch Database</a></td>\n"; echo " <td><a href=’sql_patch.php?site=” . htmlspecialchars(urlencode($sfname), ENT_QUOTES) . “’ class=’text-decoration-none’>Patch Database</a></td>\n"; } else { echo " <td><i class=’fa fa-check fa-lg text-success’ aria-hidden=’true’ ></i></a></td>\n"; } if (($v_database == $database_version) && ($v_acl <= $database_acl) && ($v_realpatch == $database_patch)) { echo " <td><a href=’interface/login/login.php?site=$sfname’ class=’text-decoration-none’><i class=’fa fa-sign-in-alt fa-lg’ aria-hidden=’true’ data-toggle=’tooltip’ data-placement=’top’ title =’Login to site $sfname’></i></a></td>\n"; echo " <td><a href=’portal/index.php?site=$sfname’ class=’text-decoration-none’><i class=’fa fa-sign-in-alt fa-lg’ aria-hidden=’true’ data-toggle=’tooltip’ data-placement=’top’ title =’Login to site $sfname’></i></a></td>\n"; echo " <td><a href=’interface/login/login.php?site=” . htmlspecialchars(urlencode($sfname), ENT_QUOTES) . "’ class=’text-decoration-none’><i class=’fa fa-sign-in-alt fa-lg’ aria-hidden=’true’ data-toggle=’tooltip’ data-placement=’top’ title =’Login to site " . htmlspecialchars($sfname, ENT_QUOTES) . “’></i></a></td>\n"; echo " <td><a href=’portal/index.php?site=” . htmlspecialchars(urlencode($sfname), ENT_QUOTES) . "’ class=’text-decoration-none’><i class=’fa fa-sign-in-alt fa-lg’ aria-hidden=’true’ data-toggle=’tooltip’ data-placement=’top’ title =’Login to site " . htmlspecialchars($sfname, ENT_QUOTES) . "’></i></a></td>\n"; } else { echo " <td><i class=’fa fa-ban fa-lg text-secondary’ aria-hidden=’true’></i></td>\n"; echo " <td><i class=’fa fa-ban fa-lg text-secondary’ aria-hidden=’true’></i></td>\n"; Expand Down