OSCARMcMaster / Feature Requests / #1320 Apostrophes in names on 'Inbox' list cause cough [since not escaped?]

#1320 Apostrophes in names on 'Inbox' list cause cough [since not escaped?]

Milestone: 12.1.1

Status: pending

Owner: nobody

Labels: None

Priority: 5

Updated: 2016-03-01

Created: 2016-02-22

Creator: Robert O'Connor

Private: No

Change Description (incl. Benefits)

Patients with apostrophes in their name (including afflicted Irish Canadians such as myself) cough on the 'Inbox' listing in Oscar 12.1.

My impression is that the apostrophe character isn't HTML escaped, and the ' character is used for mySQL query.

OSCAR Interaction points

Inbox

Integration risks

None, I think

Risk if not incorporated

Support calls from users who wonder why they can't read the labs of a certain person.

Minimum testing requirements/process

Create a user with an apostrophe in their name, like O'Connor,Robert.
Add a document or lab, so that it shows up in the patient's treating doctors inbox.
Try clicking on the lab entry in the inbox listing. It won't work. It won't say why.
Go to the patient demographic and replacing the apostrophe character in the name with a backquote character instead.
Go back to the ab entry in the inbox listing. It will now work as expected.

Training requirements to support changes

None.

Time Estimate

10 minutes. My impression is wrapping the inbox listing entry printing to the page in some sort of fuction like an htmlescape() seen in a lot of programming languages.

Discussion

Robert O'Connor - 2016-02-22

An unfortunate wrinkle is that unless the apostrophe is in the name, it will get rejected by billing oscar module. So the office manager has to change the name for doc to read the lab, then change it back again for billing module to not reject it.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Marc Dumontier - 2016-02-25

I tried this and it works for me

1) create patient O'Neill, Robert
2) Go to inbox, doc upload
3) Assign the document to the new patient, and assign the provider to logged in user
4) See the entry in the inbox, and click on the name..doc viewer shows up
5)

apos.png

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Robert O'Connor - 2016-02-25

Hi Marc,
Thank you.
Maybe it is just the labs in the inbox (Excelleris here) that won't load up, but documents can. I will watch carefully for next time it happens to someone with an apostrophe.

I think the this bug (1320) and 1321:
Bug #1321 'Ampersand in the reason for appointment truncates everything after the ampersand'
are related.

The issue that may also be contending with is code to strip out items that could be used for SQL injection.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jay Gallagher - 2016-03-01

Description has changed:

Diff:

--- old +++ new @@ -1,4 +1,3 @@ - Change Description (incl. Benefits) ----------------------------------- Patients with apostrophes in their name (including afflicted Irish Canadians such as myself) cough on the 'Inbox' listing in Oscar 12.1.

status: unread --> pending
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jay Gallagher - 2016-03-01

This sounds like a bug.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Apostrophes in names on 'Inbox' list cause cough [since not escaped?]

open source web-based Electronic Medical Record (EMR) system

Group

Searches

Help