Talenttic_survey/CATI_Tool
2
0
Fork 0
mirror of https://github.com/ACSPRI/queXS synced 2024-04-02 12:12:16 +00:00
Code Issues Releases Activity

Avoid using GET requests when adding case notes

Browse Source
This commit is contained in:
Adam Zammit
2017-10-04 12:16:36 +11:00
parent ea122f4ddc
commit 7b11a69f6c
1 changed files with 15 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
admin/supervisor.php
View File

@@ -165,7 +165,7 @@ if (!empty($rs))
<div class="modal-header"> <div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button> <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h3 class="modal-title" id="calloutcome"><?php echo T_("Set an outcome for this call");?></h3> <h3 class="modal-title" id="calloutcome"><?php echo T_("Set an outcome for this call");?></h3>
</div><form method="get" action="?" class="form-inline "> </div><form method="get" action="?case_id=<?php echo $case_id;?>" class="form-inline ">
<div class="modal-body"> <div class="modal-body">
<?php <?php
if (isset($_GET['call_id'])){ $call_id = bigintval($_GET['call_id']); if (isset($_GET['call_id'])){ $call_id = bigintval($_GET['call_id']);
@@ -231,18 +231,18 @@ if (isset($_GET['call_id']))
} }
if ($case_id != false) if ($case_id != false)
{ {
if (isset($_GET['note'])) if (isset($_POST['note']))
{ {
$note = $db->qstr($_GET['note']); $note = $db->qstr($_POST['note']);
$sql = "INSERT INTO `case_note` (case_note_id,case_id,operator_id,note,datetime) $sql = "INSERT INTO `case_note` (case_note_id,case_id,operator_id,note,datetime)
VALUES (NULL,'$case_id','$operator_id',$note,CONVERT_TZ(NOW(),'System','UTC'))"; VALUES (NULL,'$case_id','$operator_id',$note,CONVERT_TZ(NOW(),'System','UTC'))";
$db->Execute($sql); $db->Execute($sql);
} }
if (isset($_GET['outcome_id'])) if (isset($_POST['outcome_id']))
{ {
$outcome_id = bigintval($_GET['outcome_id']); $outcome_id = bigintval($_POST['outcome_id']);
if ($outcome_id > 0) if ($outcome_id > 0)
{ {
@@ -254,9 +254,9 @@ if ($case_id != false)
} }
} }
if (isset($_GET['operator_id'])) if (isset($_POST['operator_id']))
{ {
$case_operator_id = bigintval($_GET['operator_id']); $case_operator_id = bigintval($_POST['operator_id']);
if ($case_operator_id == 0) if ($case_operator_id == 0)
{ {
@@ -275,7 +275,7 @@ if ($case_id != false)
$db->Execute($sql); $db->Execute($sql);
} }
if (isset($_GET['submitag'])) if (isset($_POST['submitag']))
{ {
$db->StartTrans(); $db->StartTrans();
@@ -284,7 +284,7 @@ if ($case_id != false)
$db->Execute($sql); $db->Execute($sql);
foreach($_GET as $key => $val) foreach($_POST as $key => $val)
{ {
if (substr($key,0,2) == "ag") if (substr($key,0,2) == "ag")
{ {
@@ -436,8 +436,7 @@ if ($case_id != false)
} }
//add a note //add a note
?> ?>
<form method="get" action="?" class="form-inline" > <form method="post" action="?case_id=<?php echo $case_id;?>" class="form-inline" >
<input type="hidden" name="case_id" value="<?php echo $case_id;?>"/>
<input type="text" class="textclass form-control" name="note" id="note" style="width: 70%;"/>&ensp; <input type="text" class="textclass form-control" name="note" id="note" style="width: 70%;"/>&ensp;
<button class="submitclass btn btn-default" type="submit" name="submit"><i class="fa fa-file-text"></i>&emsp;<?php echo T_("Add note"); ?></button> <button class="submitclass btn btn-default" type="submit" name="submit"><i class="fa fa-file-text"></i>&emsp;<?php echo T_("Add note"); ?></button>
</form> </form>
@@ -476,7 +475,7 @@ if ($case_id != false)
print "<div class='panel-body'><h4><i class='fa fa-link'></i>&emsp;" . T_("Assign this case to operator (will appear as next case for them)") . "</h4>"; print "<div class='panel-body'><h4><i class='fa fa-link'></i>&emsp;" . T_("Assign this case to operator (will appear as next case for them)") . "</h4>";
?> ?>
<form method="get" action="?" class="form-inline"> <form method="post" action="?case_id=<?php echo $case_id;?>" class="form-inline">
<?php <?php
$sql = "SELECT operator_id as value,CONCAT(firstName,' ', lastName) as description, CASE WHEN next_case_id = '$case_id' THEN 'selected=\'selected\'' ELSE '' END AS selected $sql = "SELECT operator_id as value,CONCAT(firstName,' ', lastName) as description, CASE WHEN next_case_id = '$case_id' THEN 'selected=\'selected\'' ELSE '' END AS selected
FROM operator FROM operator
@@ -485,7 +484,6 @@ if ($case_id != false)
$rs3 = $db->GetAll($sql); $rs3 = $db->GetAll($sql);
display_chooser($rs3, "operator_id", "operator_id",true,false,false,false); display_chooser($rs3, "operator_id", "operator_id",true,false,false,false);
?> ?>
<input type="hidden" name="case_id" value="<?php echo $case_id;?>"/>
<button class="submitclass btn btn-default" type="submit" name="submit" ><i class="fa fa-link fa-lg"></i>&emsp;<?php echo T_("Assign this case to operator"); ?></button> <button class="submitclass btn btn-default" type="submit" name="submit" ><i class="fa fa-link fa-lg"></i>&emsp;<?php echo T_("Assign this case to operator"); ?></button>
</form></div> </form></div>
<?php <?php
@@ -517,7 +515,7 @@ if ($case_id != false)
$rs = $db->GetAll($sql); $rs = $db->GetAll($sql);
//Display all availability groups as checkboxes //Display all availability groups as checkboxes
print "<form action='?' method='get' class='form-horizontal '>"; print "<form action='?case_id=<?php echo $case_id;?>' method='post' class='form-horizontal '>";
print "<h5 class=''>" . T_("Select groups to limit availability (Selecting none means always available)") . "</h5><div class='col-sm-6'>"; print "<h5 class=''>" . T_("Select groups to limit availability (Selecting none means always available)") . "</h5><div class='col-sm-6'>";
foreach ($rs as $g) foreach ($rs as $g)
{ {
@@ -530,7 +528,6 @@ if ($case_id != false)
print "&ensp;<input type='checkbox' name='ag{$g['availability_group_id']}' id='ag{$g['availability_group_id']}' value='{$g['availability_group_id']}' $checked />&ensp; <label class='control-label' for='ag{$g['availability_group_id']}'>{$g['description']}</label></br>"; print "&ensp;<input type='checkbox' name='ag{$g['availability_group_id']}' id='ag{$g['availability_group_id']}' value='{$g['availability_group_id']}' $checked />&ensp; <label class='control-label' for='ag{$g['availability_group_id']}'>{$g['description']}</label></br>";
} }
?> </div> ?> </div>
<input type="hidden" name="case_id" value="<?php echo $case_id;?>"/>
<button class="submitclass btn btn-default pull-right" type="submit" name="submitag"><i class="fa fa-calendar fa-lg"></i>&emsp;<?php echo T_("Update case availability");?></button> <button class="submitclass btn btn-default pull-right" type="submit" name="submitag"><i class="fa fa-calendar fa-lg"></i>&emsp;<?php echo T_("Update case availability");?></button>
</form> </form>
<?php <?php
@@ -544,7 +541,7 @@ if ($case_id != false)
//set an outcome //set an outcome
print "<div class='clearfix '></div><div class='panel-body col-sm-6 '><h4><i class='fa fa-dot-circle-o'></i>&emsp;" . T_("Set a case outcome") . "</h4>"; print "<div class='clearfix '></div><div class='panel-body col-sm-6 '><h4><i class='fa fa-dot-circle-o'></i>&emsp;" . T_("Set a case outcome") . "</h4>";
?> ?>
<form method="get" action="?" class="form-inline"> <form method="post" action="?case_id=<?php echo $case_id;?>" class="form-inline">
<?php <?php
$sql = "SELECT outcome_id as value,description, CASE WHEN outcome_id = '$current_outcome_id' THEN 'selected=\'selected\'' ELSE '' END AS selected $sql = "SELECT outcome_id as value,description, CASE WHEN outcome_id = '$current_outcome_id' THEN 'selected=\'selected\'' ELSE '' END AS selected
FROM outcome"; FROM outcome";
@@ -553,7 +550,7 @@ if ($case_id != false)
translate_array($rs2,array("description")); translate_array($rs2,array("description"));
display_chooser($rs2, "outcome_id", "outcome_id",true,false,false,false); display_chooser($rs2, "outcome_id", "outcome_id",true,false,false,false);
?> ?>
<input type="hidden" name="case_id" value="<?php echo $case_id;?>" /><br/><br/> <br/><br/>
<button class="submitclass btn btn-primary" type="submit" name="submit" ><i class="fa fa-dot-circle-o fa-lg"></i>&emsp;<?php echo T_("Set outcome"); ?></button> <button class="submitclass btn btn-primary" type="submit" name="submit" ><i class="fa fa-dot-circle-o fa-lg"></i>&emsp;<?php echo T_("Set outcome"); ?></button>
</form> </form>
<?php <?php
@@ -563,8 +560,7 @@ if ($case_id != false)
print "<div class='panel-body col-sm-6 pull-right'><h4 class ='text-danger'><i class='fa fa-trash-o fa-lg'></i>&emsp;" . T_("Deidentify") . "</h4>"; print "<div class='panel-body col-sm-6 pull-right'><h4 class ='text-danger'><i class='fa fa-trash-o fa-lg'></i>&emsp;" . T_("Deidentify") . "</h4>";
print "<div class='well'>" . T_("Remove all sample details and contact numbers from this case") . "</div>"; print "<div class='well'>" . T_("Remove all sample details and contact numbers from this case") . "</div>";
?> ?>
<form method="get" action="?"> <form method="post" action="?case_id=<?php echo $case_id;?>">
<input type="hidden" name="case_id" value="<?php echo $case_id;?>"/>
<button class=" btn btn-danger" name="deidentify" id="deidentify" data-toggle="confirmation" ><i class="fa fa-trash fa-lg"></i>&emsp;<?php echo T_("Deidentify");?></button> <button class=" btn btn-danger" name="deidentify" id="deidentify" data-toggle="confirmation" ><i class="fa fa-trash fa-lg"></i>&emsp;<?php echo T_("Deidentify");?></button>
</form></div> </form></div>
<?php } <?php }