Difference between revisions of "Development Policies"
Bradymiller (talk | contribs) |
Bradymiller (talk | contribs) |
||
Line 40: | Line 40: | ||
== Input Collection == | == Input Collection == | ||
A relatively new set of functions ([http://openemr.cvs.sourceforge.net/viewvc/openemr/openemr/library/formdata.inc.php openemr/library/formdata.inc.php]) have been created for generalized input validation/cleaning (deal with magic quotes) and preparing for database insertion (escaping data). The goal of this it to put in place a central mechanism to avoid sql-injection attacks and to get OpenEMR ready for PHP6. | |||
This is an active project. Check out [[Active_Projects#Clean_up_magic_quotes.2C_prevent_sql-injection.2C_and_prepare_for_PHP6 |this link]] for progress and examples of it's use. |
Revision as of 20:41, 18 December 2009
Submitting Patches to Upstream
Place the patch in the tracker's patches section, with an explanation. Please also place an explanation of the patch in the developer forum so we know its in the tracker.
Carriage Returns / Line Feeds
All text files for the project should have Unix-style line endings (i.e. no carriage returns). Developers who use a Windows desktop should also use a suitable text editor that respects this (last checked, EditPad Lite was one free example).
General Development Best Practices
Copywright and Licensing
Each file in the source tree should begin with a copywright declaration, and information about what license the file is released under.
PHP
Many of the practices at http://www.odi.ch/prog/design/php/guide.php appear to be good rules when working with the OpenEMR source.
HTML
Each page in OpenEMR should be valid HTML. the validator at http://validator.w3.org/ is useful for ensuring compliance. XHTML 1.1 compliant documents are preferred.
CSS
it is preferred that CSS stylesheets contain all style related contents of our html forms. css stylesheets should also validate.
OpenEMR Specific Development Best Practices
PHP Sessions and Browser Windows
You must include a JavaScript call to top.restoreSession() wherever you invoke a PHP script that requires current session data (which is most of them). How to do this is discussed in more detail in the architecture discussion wiki page.
Internationalization
The main php function used for translation is xl(), basically all of labels and messages have to go through this function. To learn about this function definition, parameters, and general use, please read this wiki page, and ensure you understand it.
- Some additional things are what I consider the tenets of the xl() function:
- For coding new xl functions:
- No trailing or leading whitespace. (so would do trailing space outside call like this xl('Demographics').' ';)
- No variables. (so if variables, need to separate xl('hey').' '.$name.' '.xl('this is cool');)
- For coding new xl functions:
- For previously coded xl functions:
- To be safe, just leave them be (the above rules do not apply). This is because some situations warranted placing variables within the function.
- For previously coded xl functions:
For good examples, look through the code. If any questions don't hesitate to ask them on the sourceforge developer forums.
Input Collection
A relatively new set of functions (openemr/library/formdata.inc.php) have been created for generalized input validation/cleaning (deal with magic quotes) and preparing for database insertion (escaping data). The goal of this it to put in place a central mechanism to avoid sql-injection attacks and to get OpenEMR ready for PHP6.
This is an active project. Check out this link for progress and examples of it's use.