From c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11 Mon Sep 17 00:00:00 2001
From: stephen waite <stephen.waite@cmsvt.com>
Date: Fri, 5 Aug 2022 08:31:02 -0400
Subject: [PATCH] bug fix and php8.1 fixes (#5664)

* bug fix and php8.1 fixes

* styling
---
 .../fwk/libs/verysimple/Phreeze/Criteria.php  | 30 +++++++++----------
 .../fwk/libs/verysimple/Phreeze/DataPage.php  |  5 ++++
 .../fwk/libs/verysimple/Phreeze/DataSet.php   |  5 ++++
 .../libs/verysimple/Phreeze/Phreezable.php    |  8 ++++-
 .../fwk/libs/verysimple/Phreeze/Reporter.php  |  6 ++++
 .../Controller/PortalPatientController.php    |  4 ++-
 .../OnsiteActivityViewListView.tpl.php        | 15 +++++++---
 portal/patient/templates/ProviderHome.tpl.php |  6 ++++
 portal/report/portal_patient_report.php       |  2 +-
 portal/sign/lib/save-signature.php            | 12 ++++++++
 portal/sign/lib/show-signature.php            | 22 ++++++++++----
 src/Gacl/Gacl.php                             |  3 ++
 12 files changed, 91 insertions(+), 27 deletions(-)

diff --git a/portal/patient/fwk/libs/verysimple/Phreeze/Criteria.php b/portal/patient/fwk/libs/verysimple/Phreeze/Criteria.php
index 8d8558bf174..dc05a4d786e 100644
--- a/portal/patient/fwk/libs/verysimple/Phreeze/Criteria.php
+++ b/portal/patient/fwk/libs/verysimple/Phreeze/Criteria.php
@@ -223,63 +223,63 @@ final protected function Prepare()
                             $this->_where .= $this->_where_delim . ' ' . $filter->GetWhere($this);
                             $this->_where_delim = " and";
                         }
-                    } elseif (substr($prop, - 7) == "_Equals" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 7) == "_Equals" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_Equals", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " = " . $this->GetQuotedSql($val) . "";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 10) == "_NotEquals" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 10) == "_NotEquals" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_NotEquals", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " != " . $this->GetQuotedSql($val) . "";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 8) == "_IsEmpty" && $this->$prop) {
+                    } elseif (substr($prop, - 8) == "_IsEmpty" && $this->$prop ?? '') {
                         $dbfield = $this->GetFieldFromProp(str_replace("_IsEmpty", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " = ''";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 11) == "_IsNotEmpty" && $this->$prop) {
+                    } elseif (substr($prop, - 11) == "_IsNotEmpty" && $this->$prop ?? '') {
                         $dbfield = $this->GetFieldFromProp(str_replace("_IsNotEmpty", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " != ''";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 7) == "_IsLike" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 7) == "_IsLike" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_IsLike", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " like '%" . $this->Escape($val) . "%'";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 10) == "_IsNotLike" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 10) == "_IsNotLike" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_IsNotLike", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " not like '%" . $this->Escape($val) . "%'";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 11) == "_BeginsWith" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 11) == "_BeginsWith" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_BeginsWith", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " like '" . $this->Escape($val) . "%'";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 9) == "_EndsWith" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 9) == "_EndsWith" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_EndsWith", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " like '%" . $this->Escape($val) . "'";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 12) == "_GreaterThan" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 12) == "_GreaterThan" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_GreaterThan", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " > " . $this->GetQuotedSql($val) . "";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 19) == "_GreaterThanOrEqual" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 19) == "_GreaterThanOrEqual" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_GreaterThanOrEqual", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " >= " . $this->GetQuotedSql($val) . "";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 9) == "_LessThan" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 9) == "_LessThan" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_LessThan", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " < " . $this->GetQuotedSql($val) . "";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 16) == "_LessThanOrEqual" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 16) == "_LessThanOrEqual" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_LessThanOrEqual", "", $prop));
                         $this->_where .= $this->_where_delim . " " . $dbfield . " <= " . $this->GetQuotedSql($val) . "";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 10) == "_BitwiseOr" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 10) == "_BitwiseOr" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_BitwiseOr", "", $prop));
                         $this->_where .= $this->_where_delim . " (" . $dbfield . " | '" . $this->Escape($val) . ")";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 11) == "_BitwiseAnd" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 11) == "_BitwiseAnd" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_BitwiseAnd", "", $prop));
                         $this->_where .= $this->_where_delim . " (" . $dbfield . " & " . $this->Escape($val) . ")";
                         $this->_where_delim = " and";
-                    } elseif (substr($prop, - 16) == "_LiteralFunction" && strlen($this->$prop)) {
+                    } elseif (substr($prop, - 16) == "_LiteralFunction" && strlen($this->$prop ?? '')) {
                         $dbfield = $this->GetFieldFromProp(str_replace("_LiteralFunction", "", $prop));
                         $this->_where .= $this->_where_delim . " (" . $dbfield . " " . $val . ")";
                         $this->_where_delim = " and";
diff --git a/portal/patient/fwk/libs/verysimple/Phreeze/DataPage.php b/portal/patient/fwk/libs/verysimple/Phreeze/DataPage.php
index be09fde5624..e23f8a67e5f 100644
--- a/portal/patient/fwk/libs/verysimple/Phreeze/DataPage.php
+++ b/portal/patient/fwk/libs/verysimple/Phreeze/DataPage.php
@@ -46,10 +46,12 @@ class DataPage implements Iterator
      *
      * @return Phreezable
      */
+    #[\ReturnTypeWillChange]
     public function Next()
     {
         return next($this->Rows);
     }
+    #[\ReturnTypeWillChange]
     public function rewind()
     {
         reset($this->Rows);
@@ -59,14 +61,17 @@ public function rewind()
      *
      * @return Phreezable
      */
+    #[\ReturnTypeWillChange]
     public function current()
     {
         return current($this->Rows);
     }
+    #[\ReturnTypeWillChange]
     public function key()
     {
         return key($this->Rows);
     }
+    #[\ReturnTypeWillChange]
     public function valid()
     {
         return $this->current() !== false;
diff --git a/portal/patient/fwk/libs/verysimple/Phreeze/DataSet.php b/portal/patient/fwk/libs/verysimple/Phreeze/DataSet.php
index 3e6928b968a..9404fab0667 100644
--- a/portal/patient/fwk/libs/verysimple/Phreeze/DataSet.php
+++ b/portal/patient/fwk/libs/verysimple/Phreeze/DataSet.php
@@ -93,6 +93,7 @@ private function _getObject(&$row)
      * @access public
      * @return Preezable
      */
+    #[\ReturnTypeWillChange]
     function Next()
     {
         if ($this->UnableToCache) {
@@ -147,6 +148,7 @@ public function Execute()
     {
         return $this->_phreezer->DataAdapter->Execute($this->_sql);
     }
+    #[\ReturnTypeWillChange]
     public function rewind()
     {
         $this->_rs = null;
@@ -156,6 +158,7 @@ public function rewind()
         $this->_verifyRs();
         $this->Next(); // we have to get the party started for php iteration
     }
+    #[\ReturnTypeWillChange]
     public function current()
     {
         // php iteration calls next then gets the current record. The DataSet
@@ -163,10 +166,12 @@ public function current()
         // laster iteration to make it work properly
         return ($this->key() == $this->Count()) ? $this->_last : $this->_current;
     }
+    #[\ReturnTypeWillChange]
     public function key()
     {
         return $this->_counter;
     }
+    #[\ReturnTypeWillChange]
     public function valid()
     {
         return $this->key() <= $this->Count();
diff --git a/portal/patient/fwk/libs/verysimple/Phreeze/Phreezable.php b/portal/patient/fwk/libs/verysimple/Phreeze/Phreezable.php
index 246a0d2d88c..f9893acecb5 100644
--- a/portal/patient/fwk/libs/verysimple/Phreeze/Phreezable.php
+++ b/portal/patient/fwk/libs/verysimple/Phreeze/Phreezable.php
@@ -431,7 +431,7 @@ private function _DoBaseValidation()
                             break;
                         case FM_TYPE_DATE:
                         case FM_TYPE_DATETIME:
-                            if (strtotime($this->$prop) === '') {
+                            if (strtotime(($this->$prop ?? '')) === '') {
                                 $this->AddValidationError($prop, "$prop is not a valid date/time value.");
                             }
                             break;
@@ -787,4 +787,10 @@ public function __set($key, $val)
     {
         throw new Exception("Unknown property: $key");
     }
+
+    function __serialize()
+    {}
+
+    function __unserialize($data)
+    {}
 }
diff --git a/portal/patient/fwk/libs/verysimple/Phreeze/Reporter.php b/portal/patient/fwk/libs/verysimple/Phreeze/Reporter.php
index 75de1951722..75fe1561df8 100644
--- a/portal/patient/fwk/libs/verysimple/Phreeze/Reporter.php
+++ b/portal/patient/fwk/libs/verysimple/Phreeze/Reporter.php
@@ -342,4 +342,10 @@ function Load(&$row)
     protected function OnLoad()
     {
     }
+
+    function __serialize()
+    {}
+
+    function __unserialize($data)
+    {}
 }
diff --git a/portal/patient/libs/Controller/PortalPatientController.php b/portal/patient/libs/Controller/PortalPatientController.php
index fd6e1a49f30..cfbfbf2b787 100644
--- a/portal/patient/libs/Controller/PortalPatientController.php
+++ b/portal/patient/libs/Controller/PortalPatientController.php
@@ -195,7 +195,9 @@ public function Update()
             $patient->Fitness = $this->SafeGetVal($json, 'fitness', $patient->Fitness);
             $patient->ReferralSource = $this->SafeGetVal($json, 'referralSource', $patient->ReferralSource);
             $patient->Pricelevel = $this->SafeGetVal($json, 'pricelevel', $patient->Pricelevel);*/
-            $patient->Regdate = date('Y-m-d', strtotime($this->SafeGetVal($json, 'regdate', $patient->Regdate)));
+            if (!empty($patient->Regdate)) {
+                $patient->Regdate = date('Y-m-d', strtotime($this->SafeGetVal($json, 'regdate', $patient->Regdate)));
+            }
             /*$patient->Contrastart = date('Y-m-d', strtotime($this->SafeGetVal($json, 'contrastart', $patient->Contrastart)));
             $patient->CompletedAd = $this->SafeGetVal($json, 'completedAd', $patient->CompletedAd);
             $patient->AdReviewed = date('Y-m-d', strtotime($this->SafeGetVal($json, 'adReviewed', $patient->AdReviewed)));
diff --git a/portal/patient/templates/OnsiteActivityViewListView.tpl.php b/portal/patient/templates/OnsiteActivityViewListView.tpl.php
index e009350d525..5ae19be2535 100644
--- a/portal/patient/templates/OnsiteActivityViewListView.tpl.php
+++ b/portal/patient/templates/OnsiteActivityViewListView.tpl.php
@@ -10,11 +10,18 @@
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
-    $this->assign('title', xlt('Portal') . ' | ' . xlt('Activity'));
-    $this->assign('nav', 'onsiteactivityviews');
+$this->assign('title', xlt('Portal') . ' | ' . xlt('Activity'));
+$this->assign('nav', 'onsiteactivityviews');
 
-    $this->display('_FormsHeader.tpl.php');
-    echo "<script>var cuser='" . $this->cuser . "';</script>";
+use OpenEMR\Common\Acl\AclMain;
+
+if (!AclMain::aclCheckCore('patientportal', 'portal')) {
+    die(xlt("Unauthorized"));
+    exit;
+}
+
+$this->display('_FormsHeader.tpl.php');
+echo "<script>var cuser='" . $this->cuser . "';</script>";
 ?>
 <script>
     $LAB.script("<?php echo $GLOBALS['web_root']; ?>/portal/patient/scripts/app/onsiteactivityviews.js?v=<?php echo $GLOBALS['v_js_includes']; ?>").wait(function(){
diff --git a/portal/patient/templates/ProviderHome.tpl.php b/portal/patient/templates/ProviderHome.tpl.php
index 8cf9209c62b..7883c2a2c07 100644
--- a/portal/patient/templates/ProviderHome.tpl.php
+++ b/portal/patient/templates/ProviderHome.tpl.php
@@ -13,8 +13,14 @@
 $this->assign('title', xlt("Portal Dashboard") . " | " . xlt("Home"));
 $this->assign('nav', 'home');
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Core\Header;
 
+if (!AclMain::aclCheckCore('patientportal', 'portal')) {
+    die(xlt("Unauthorized"));
+    exit;
+}
+
 ?>
 <!DOCTYPE html>
 <!-- Language grabbed by PDF var that has the correct format !-->
diff --git a/portal/report/portal_patient_report.php b/portal/report/portal_patient_report.php
index c75df113e7b..afc30018775 100644
--- a/portal/report/portal_patient_report.php
+++ b/portal/report/portal_patient_report.php
@@ -470,7 +470,7 @@ function show_date_fun(){
         if ($result["form_name"] == "New Patient Encounter") {
             if ($isfirst == 0) {
                 foreach ($registry_form_name as $var) {
-                    if ($toprint = $html_strings[$var]) {
+                    if ($toprint = ($html_strings[$var] ?? '')) {
                         foreach ($toprint as $var) {
                             print $var;
                         }
diff --git a/portal/sign/lib/save-signature.php b/portal/sign/lib/save-signature.php
index 475f143ab43..59b485030bf 100644
--- a/portal/sign/lib/save-signature.php
+++ b/portal/sign/lib/save-signature.php
@@ -39,6 +39,18 @@
 }
 require_once("../../../interface/globals.php");
 
+if (!$isPortal) {
+    $userManipulatedFlag = false;
+    if ($user != $_SESSION['authUserID']) {
+        $userManipulatedFlag = true;
+    }
+
+    if ($userManipulatedFlag) {
+        echo js_escape("error");
+        exit();
+    }
+}
+
 if ($type === 'witness-signature') {
     echo(js_escape('Done'));
     exit();
diff --git a/portal/sign/lib/show-signature.php b/portal/sign/lib/show-signature.php
index f2846680a0e..16b0114ad7d 100644
--- a/portal/sign/lib/show-signature.php
+++ b/portal/sign/lib/show-signature.php
@@ -38,6 +38,18 @@
 }
 require_once("../../../interface/globals.php");
 
+if (!$isPortal) {
+    $userManipulatedFlag = false;
+    if ($user != $_SESSION['authUserID']) {
+        $userManipulatedFlag = true;
+    }
+
+    if ($userManipulatedFlag) {
+        echo js_escape("error");
+        exit();
+    }
+}
+
 $created = time();
 $lastmod = date('Y-m-d H:i:s');
 $status = 'filed';
@@ -57,7 +69,7 @@
     }
 }
 
-if ($data['mode'] === 'fetch_info') {
+if (($data['mode'] ?? null) === 'fetch_info') {
     $stmt = "Select CONCAT(IFNULL(fname,''), ' ',IFNULL(lname,'')) as userName From users Where id = ?";
     $user_result = sqlQuery($stmt, array($user)) ?: [];
     $stmt = "Select CONCAT(IFNULL(fname,''), ' ',IFNULL(lname,'')) as ptName From patient_data Where pid = ?";
@@ -87,20 +99,20 @@
     $row = sqlQuery("SELECT pid,status,sig_image,type,user FROM onsite_signatures WHERE pid=? And user=?", array($req_pid, $user));
 }
 
-if (!$row['pid'] && !$row['user']) {
+if (!($row['pid'] ?? null) && !($row['user'] ?? null)) {
     $status = 'waiting';
     $qstr = "INSERT INTO onsite_signatures (pid,lastmod,status,type,user,signator,created) VALUES (?,?,?,?,?,?,?)";
     sqlStatement($qstr, array($req_pid, $lastmod, $status, $type, $user, $signer, $created));
 }
 
-if ($row['status'] == 'filed') {
-    if ($data['mode'] === 'fetch_info') {
+if (($row['status'] ?? null) == 'filed') {
+    if (($data['mode'] ?? null) === 'fetch_info') {
         $info_query['signature'] = $row['sig_image'];
         echo js_escape($info_query);
         exit();
     }
     echo js_escape($row['sig_image']);
-} elseif ($row['status'] == 'waiting' || $status == 'waiting') {
+} elseif (($row['status'] ?? null) == 'waiting' || $status == 'waiting') {
     $info_query['message'] = 'waiting';
     echo js_escape($info_query);
 }
diff --git a/src/Gacl/Gacl.php b/src/Gacl/Gacl.php
index e5466cc3569..fc9545146fb 100644
--- a/src/Gacl/Gacl.php
+++ b/src/Gacl/Gacl.php
@@ -566,6 +566,9 @@ function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_valu
 			} else {
                                 if ($return_all) {
 			                // Permission denied.
+                            if(!is_array($retarr)) {
+                                $retarr = [];
+                            }
 			                $retarr[] = array('acl_id' => NULL, 'return_value' => NULL, 'allow' => FALSE);
                                 }
                                 else {