Merge pull request #8909 from driusan/Push2415To25

Push v24.1.5 bug fixes into v25.0.x release branch

Author: driusan

modules/api/php/endpoints/candidates.class.inc

@@ -154,6 +154,10 @@ class Candidates extends Endpoint implements \LORIS\Middleware\ETagCalculator
             return new \LORIS\Http\Response\JSON\NotFound('Candidate not found');
         }
 
+        if (!$candidate->isAccessibleBy($user)) {
+            return new \LORIS\Http\Response\JSON\Forbidden();
+        }
+
         $endpoint = new Candidate\Candidate($candidate);
 
         $pathparts = array_slice($pathparts, 2);

modules/configuration/templates/form_configuration.tpl

@@ -107,7 +107,7 @@
         {elseif $node['DataType'] eq 'date_format'}
             {call createDateFormat k=$id v=$v d=$node['Disabled']}
         {elseif $node['DataType'] eq 'email'}
-            {call createEmail k=$id v=$id d=$node['Disabled']}
+            {call createEmail k=$id v=$v d=$node['Disabled']}
         {elseif $node['DataType'] eq 'textarea'}
             {call createTextArea k=$id v=$v d=$node['Disabled']}
         {elseif $node['DataType'] eq 'lookup_center'}

modules/imaging_uploader/jsx/UploadForm.js

@@ -66,10 +66,22 @@ class UploadForm extends Component {
         let ids = patientName.split('_');
         formData.candID = ids[1];
         formData.pSCID = ids[0];
-        // visitLabel can contain underscores
-        // join the remaining elements of patientName and use as visitLabel
+        // visitLabel can contain underscores, filename can have suffix appended to PSCID_CandID_VisitLabel
+        // join the remaining elements of patientName and pattern match
+        // against each visit label. Use as visitLabel the best (longest) match
         ids.splice(0, 2);
-        formData.visitLabel = ids.join('_');
+        const suffix = ids.join('_');
+        const visitLabels = Object.keys(form.visitLabel.options);
+        let bestMatch = '';
+        visitLabels.map((visitLabel) => {
+          if (suffix.match(visitLabel) !== null) {
+            // consider the first match only
+            if (suffix.match(visitLabel)[0].length > bestMatch.length) {
+              bestMatch = suffix.match(visitLabel)[0];
+            }
+          }
+        });
+        formData.visitLabel = bestMatch;
       }
     }
 
@@ -81,10 +93,22 @@ class UploadForm extends Component {
         let ids = patientName.split('_');
         formData.candID = ids[1];
         formData.pSCID = ids[0];
-        // visitLabel can contain underscores
-        // join the remaining elements of patientName and use as visitLabel
+        // visitLabel can contain underscores,  filename can have suffix appended to PSCID_CandID_VisitLabel
+        // join the remaining elements of patientName and pattern match
+        // against each visit label. Use as visitLabel the best (longest) match
         ids.splice(0, 2);
-        formData.visitLabel = ids.join('_');
+        const suffix = ids.join('_');
+        const visitLabels = Object.keys(form.visitLabel.options);
+        let bestMatch = '';
+        visitLabels.map((visitLabel) => {
+          if (suffix.match(visitLabel) !== null) {
+            // consider the first match only
+            if (suffix.match(visitLabel)[0].length > bestMatch.length) {
+              bestMatch = suffix.match(visitLabel)[0];
+            }
+          }
+        });
+        formData.visitLabel = bestMatch;
       }
     }
 

modules/issue_tracker/php/edit.class.inc

@@ -481,11 +481,11 @@ class Edit extends \NDB_Page implements ETagCalculator
         $historyValues = $this->getChangedValues($issueValues, $issueID, $user);
 
         if (!empty($issueID)) {
-            $db->update('issues', $issueValues, ['issueID' => $issueID]);
+            $db->unsafeUpdate('issues', $issueValues, ['issueID' => $issueID]);
         } else {
             $issueValues['reporter']    = $user->getUsername();
             $issueValues['dateCreated'] = date('Y-m-d H:i:s');
-            $db->insert('issues', $issueValues);
+            $db->unsafeInsert('issues', $issueValues);
             $issueID = intval($db->getLastInsertId());
         }
 
@@ -873,7 +873,7 @@ class Edit extends \NDB_Page implements ETagCalculator
                     'issueID'      => $issueID,
                     'addedBy'      => $user->getUsername(),
                 ];
-                $db->insert('issues_history', $changedValues);
+                $db->unsafeInsert('issues_history', $changedValues);
             }
         }
     }
@@ -896,7 +896,7 @@ class Edit extends \NDB_Page implements ETagCalculator
                 'addedBy'      => $user->getUsername(),
                 'issueID'      => $issueID,
             ];
-            $db->insert('issues_comments', $commentValues);
+            $db->unsafeInsert('issues_comments', $commentValues);
         }
     }
 

modules/media/ajax/FileUpload.php

@@ -349,7 +349,7 @@ function getUploadFields()
         $mediaData   = $db->pselectRow(
             "SELECT " .
             "m.session_id as sessionID, " .
-            "(SELECT PSCID from candidate WHERE CandID=s.CandID) as pscid, " .
+            "c.PSCID as pscid, " .
             "Visit_label as visitLabel, " .
             "instrument, " .
             "CenterID as forSite, " .
@@ -358,9 +358,10 @@ function getUploadFields()
             "file_name as fileName, " .
             "hide_file as hideFile, " .
             "language_id as language," .
-            "m.id FROM media m LEFT JOIN session s ON m.session_id = s.ID " .
-            "WHERE m.id = $idMediaFile",
-            []
+            "m.id FROM media m LEFT JOIN session s ON m.session_id = s.ID 
+                LEFT JOIN candidate c ON (c.CandID=s.CandID) " .
+            "WHERE m.id = :mediaId",
+            ['mediaId' => $idMediaFile]
         );
     }
 

modules/survey_accounts/js/survey_accounts_helper.js

@@ -16,11 +16,13 @@ $(document).ready(function () {
     // Handles cases where there was an error on the page and we're resubmitting
     var email2 = $("input[name=Email2]").val();
     var email  = $("input[name=Email]").val();
-    if (email.length > 0 && email2.length > 0 && email == email2)
-    {
-            $('#email_survey').removeAttr('disabled');
-    } else {
-            $('#email_survey').attr('disabled','disabled');
+    if (email && email2) {
+      if (email.length > 0 && email2.length > 0 && email == email2)
+      {
+              $('#email_survey').removeAttr('disabled');
+      } else {
+              $('#email_survey').attr('disabled','disabled');
+      }
     }
     // Reset Test_name so that the template can be loaded by ajax below
     $("select[name=Test_name]").val("");
@@ -93,7 +95,7 @@ $(document).ready(function () {
             $("#emailContent").val(content);
         }
         );
-        
+
 
     });
 });

modules/survey_accounts/jsx/surveyAccountsIndex.js

@@ -112,7 +112,11 @@ class SurveyAccountsIndex extends Component {
         options: options.instruments,
       }},
       {label: 'URL', show: true},
-      {label: 'Status', show: true},
+      {label: 'Status', show: true, filter: {
+        name: 'Status',
+        type: 'select',
+        options: options.statusOptions,
+      }},
     ];
   const addSurvey = () => {
     location.href='/survey_accounts/addSurvey/';

modules/survey_accounts/php/addsurvey.class.inc

@@ -162,8 +162,9 @@ class AddSurvey extends \NDB_Form
                 ];
             }
         }
-
-        if ($_REQUEST['fire_away'] !== 'Create survey') {
+        if (!isset($_REQUEST['fire_away'])
+            || ($_REQUEST['fire_away'] !== 'Create survey')
+        ) {
             if (!filter_var(
                 $values['Email'],
                 FILTER_VALIDATE_EMAIL
@@ -241,11 +242,11 @@ class AddSurvey extends \NDB_Form
                     'CommentID'       => $commentID,
                 ]
             );
+            $this->tpl_data['success'] = true;
         } catch (\DatabaseException $e) {
             error_log($e->getMessage());
             $this->tpl_data['success'] = false;
         }
-        $this->tpl_data['success'] = true;
 
         if ($email && ($values['send_email'] == 'true')) {
             $config   = \NDB_Config::singleton();
@@ -291,7 +292,7 @@ class AddSurvey extends \NDB_Form
             "Instrument",
             array_merge(
                 ['' => ''],
-                \Utility::getDirectInstruments()
+                \NDB_BVL_Instrument::getDirectEntryInstrumentNamesList($this->loris)
             )
         );
         $this->addBasicText("Email", "Email address");

modules/survey_accounts/php/survey_accounts.class.inc

@@ -74,14 +74,22 @@ class Survey_Accounts extends \DataFrameworkMenu
      */
     public function getFieldOptions() : array
     {
+        $statusOptions = [
+            'Created'     => 'Created',
+            'Sent'        => 'Sent',
+            'In Progress' => 'In Progress',
+            'Complete'    => 'Complete',
+        ];
+
         $instruments
             = \NDB_BVL_Instrument::getDirectEntryInstrumentNamesList(
                 $this->loris
             );
 
         return [
-            'visits'      => \Utility::getVisitList(),
-            'instruments' => $instruments,
+            'visits'        => \Utility::getVisitList(),
+            'instruments'   => $instruments,
+            'statusOptions' => $statusOptions,
         ];
     }
 

php/libraries/BVL_Feedback_Panel.class.inc

@@ -101,7 +101,15 @@ class BVL_Feedback_Panel
         $summary = $this->feedbackThread->getSummaryOfThreads();
         $this->tpl_data['thread_summary_headers'] = json_encode($summary);
 
-        $field_names = Utility::getSourcefields($_REQUEST['test_name'] ?? '');
+        $test_name = '';
+        if (array_key_exists('test_name', $_REQUEST)) {
+            $test_name = $_REQUEST['test_name'];
+        } else if (array_key_exists('lorispath', $_REQUEST)) {
+            $test_name = preg_split("#/#", $_REQUEST['lorispath'])[1] ?? '';
+        }
+
+        // Get field names
+        $field_names = Utility::getSourcefields($test_name);
         $fields      = [];
         $fields['Across All Fields'] = 'Across All Fields';
         foreach ($field_names as $field_name) {

php/libraries/LorisForm.class.inc

@@ -1592,6 +1592,7 @@ class LorisForm
         $checked  = '';
         $value    = '';
         $disabled = '';
+        $required = '';
         if (!empty($val)) {
             $checked = 'checked="checked"';
         }
@@ -1601,6 +1602,9 @@ class LorisForm
         if (isset($el['disabled']) || $this->frozen) {
             $disabled = 'disabled';
         }
+        if (isset($el['required'])) {
+            $required = 'required';
+        }
         /// XXX: There seems to be a problem when using   to separate the
         //  checkbox from the label. Both Firefox and Chrome will still put a
         //  linebreak between the space and the checkbox. Instead, we wrap use
@@ -1609,7 +1613,7 @@ class LorisForm
         //  label it's still allowed to have linebreaks.
         return "<span style=\"white-space: nowrap\"><input name=\"$el[name]\""
             . " type=\"checkbox\" $checked $value "
-            . "$disabled/>"
+            . "$disabled $required/>"
             . " </span>$el[label]";
     }
 

php/libraries/LorisFormDictionaryImpl.class.inc

@@ -131,6 +131,7 @@ trait LorisFormDictionaryImpl
                 $t = new \LORIS\Data\Types\StringType(255);
                 break;
             case 'header':
+            case 'hidden':
                 continue 2;
             default:
                 throw new \LorisException(

php/libraries/NDB_BVL_Instrument_LINST.class.inc

@@ -743,15 +743,15 @@ class NDB_BVL_Instrument_LINST extends \NDB_BVL_Instrument
                 case 'numeric':
                     if ($addElements) {
                         $this->addNumericElement($pieces[1], $pieces[2]);
-                        $this->dictionary[] = new DictionaryItem(
-                            $this->testName."_".$pieces[1],
-                            $pieces[2],
-                            $scope,
-                            new IntegerType(),
-                            new Cardinality(Cardinality::SINGLE),
-                            $pieces[1],
-                        );
                     }
+                    $this->dictionary[] = new DictionaryItem(
+                        $this->testName."_".$pieces[1],
+                        $pieces[2],
+                        $scope,
+                        new IntegerType(),
+                        new Cardinality(Cardinality::SINGLE),
+                        $pieces[1],
+                    );
                     if ($firstFieldOfPage) {
                         $this->_requiredElements[] = $fieldname;
                         $firstFieldOfPage          = false;

test/unittests/LorisForms_Test.php

@@ -1336,7 +1336,7 @@ function testCheckboxHTMLWithNoAttributes()
         $this->form->addCheckbox("abc", "Hello", []);
         $this->assertEquals(
             "<span style=\"white-space: nowrap\"><input name=\"abc\" " .
-            "type=\"checkbox\"   /> </span>Hello",
+            "type=\"checkbox\"    /> </span>Hello",
             $this->form->checkboxHTML($this->form->form['abc'])
         );
     }
@@ -1358,7 +1358,7 @@ function testCheckboxHTMLWithAttributesSet()
         $this->assertEquals(
             "<span style=\"white-space: nowrap\"><input name=\"abc\" " .
             "type=\"checkbox\" checked=\"checked\"" .
-            " value=\"value1\" disabled/> </span>Hello",
+            " value=\"value1\" disabled /> </span>Hello",
             $this->form->checkboxHTML($this->form->form['abc'])
         );
     }

tools/importers/CouchDB_MRI_Importer.php

@@ -234,7 +234,10 @@ function _addMRIHeaderInfo($FileObj, $scan_type)
             $FileObj,
             'acquisition_date'
         );
-        $header['FileInsertDate_'.$type]      = $FileObj->getParameter('InsertTime');
+        $header['FileInsertDate_'.$type]      = date(
+            'Y-m-d',
+            $FileObj->getParameter('InsertTime')
+        );
         $header['SeriesDescription_'.$type]   = $FileObj->getParameter($ser_desc);
         $header['SeriesNumber_'.$type]        = $FileObj->getParameter($ser_num);
         $header['EchoTime_'.$type]            = number_format(