259 medical history returning 500 error

[AlexSilveira1]

Summary by Sourcery

Fix 500 error when loading medical history by properly injecting provider number into the notes API call and refactor related JavaScript and server code to improve reliability, debugging, and UI behavior.

Bug Fixes:

• Resolve 500 error for medical history by retrieving and passing providerNo in the showIssueNotes call
• Guard against null session data in issueNoteSave to prevent NPEs
• Fix text concatenation in copyNote2cpp to avoid empty overwrites

Enhancements:

• Add console.log and server-side println statements for debugging note loading, editing, and AJAX updates
• Refactor showEdit and updateCPPNote JavaScript to sanitize inputs, handle dynamic positioning, streamline form submission, and refresh only the affected issue tab
• Standardize and simplify hidden fields and action buttons (copy, annotation, archive, save, cancel) in newEncounterLayout.jsp
• Escape user‐supplied data in viewNotes.jsp using fn:escapeXml and StringEscapeUtils to prevent injection
• Extend Struts 2 configuration with init-params and global error-page mappings in web.xml

[sourcery-ai]

Reviewer's Guide

This PR addresses a 500 error in the medical history tab by injecting the logged-in provider number into client requests and extensively refactors the note-editing JavaScript, JSP form markup, AJAX flows, and action classes to add logging, improve parameter handling, and strengthen error handling across the application.

Sequence diagram for editing and saving a CPP note (Medical History)

sequenceDiagram
    actor User
    participant Browser
    participant JS as JavaScript (newCaseManagementView.js.jsp)
    participant Server as CaseManagementEntry2Action
    participant DB as Database

    User->>Browser: Clicks edit on Medical History note
    Browser->>JS: Calls showEdit(...)
    JS->>Browser: Populates and displays edit form
    User->>Browser: Edits note and clicks Save
    Browser->>JS: Submits form (onsubmit=updateCPPNote)
    JS->>Server: AJAX POST to /CaseManagementEntry.do (with providerNo, demographicNo, etc.)
    Server->>Server: Handles method param (method, action, dispatch, parameterValue)
    Server->>DB: Updates note and issues
    DB-->>Server: DB update result
    Server-->>JS: Returns updated note HTML
    JS->>Browser: Updates note display
    JS->>Server: (If Medical History) Reloads only Medical History tab via AJAX
    Server-->>JS: Returns refreshed Medical History notes
    JS->>Browser: Updates Medical History tab

Loading

Class diagram for CaseManagementEntry2Action parameter handling and note saving

classDiagram
    class CaseManagementEntry2Action {
        +execute() : String
        +issueNoteSave() : String
        -request : HttpServletRequest
        -sessionFrm : CaseManagementEntryForm
    }
    class CaseManagementEntryForm {
        +getIssueCheckList() : CheckBoxBean[]
    }
    class CheckBoxBean {
        +issue : CaseManagementIssue
        +checked : String
    }
    class CaseManagementIssue {
        +getIssue() : Issue
    }
    class Issue {
        +getCode() : String
    }
    CaseManagementEntry2Action --> CaseManagementEntryForm : uses
    CaseManagementEntryForm --> CheckBoxBean : contains
    CheckBoxBean --> CaseManagementIssue : has
    CaseManagementIssue --> Issue : has

Loading

Class diagram for JavaScript note editing and AJAX update flow

classDiagram
    class showEdit {
        +showEdit(e, title, noteId, editors, date, revision, note, url, containerDiv, reloadUrl, noteIssues, noteExts, demoNo)
    }
    class updateCPPNote {
        +updateCPPNote()
    }
    class prepareExtraFields {
        +prepareExtraFields(cpp, exts)
    }
    class openAnnotation {
        +openAnnotation()
    }
    showEdit ..> updateCPPNote : triggers on form submit
    showEdit ..> prepareExtraFields : calls
    showEdit ..> openAnnotation : sets up event
    updateCPPNote ..> AjaxRequest : uses

Loading

File-Level Changes

Change	Details	Files
Inject providerNo in client requests and add logging for note-loading functions	Retrieve providerNo from session in JSP and assign to JS variable Prepend providerNo param to issueNoteUrls in showIssueNotes Add console.log calls to showIssueNotes, showCustomIssueNotes, and notesLoadAll	src/main/webapp/js/newCaseManagementView.js.jsp
Refactor showEdit() to standardize popup positioning, UI building, and parameter logging	Log all input parameters at function start Unify coordinate calculations and enforce minimum gutter margin Dynamically build editor and issue lists as HTML UL elements Set form action, hidden fields, window title, cross-browser display, and autofocus	src/main/webapp/js/newCaseManagementView.js.jsp
Consolidate utility functions for CPP and extra-field handling	Merge duplicate getCPP() arrays into single definition with lookup Abstract prepareExtraFields() to hide/show fields based on CPP type Unify openAnnotation() popup logic	src/main/webapp/js/newCaseManagementView.js.jsp
Enhance updateCPPNote() and related AJAX flows with logging, error handling, and section-specific reloads	Sanitize note text and log serialized form data Prevent default form submission and toggle UI visibility Reload only the affected CPP section after save and handle AJAX failures Wrap dynamically loaded forms to prevent page reloads	src/main/webapp/js/newCaseManagementView.js.jsp
Improve JSP form markup and escaping for note editor	Restructure hidden input declarations for containerDiv, reloadUrl, issueChange, etc. Use StringEscapeUtils.escapeJavaScript/fn:escapeXml to guard against injection Clean up duplicated inputs and update onclick handlers for copy/annotation/save/cancel	src/main/webapp/casemgmt/newEncounterLayout.jsp src/main/webapp/casemgmt/viewNotes.jsp
Update web.xml for Struts filter params and global error pages	Add multiple struts2 init-params (actionPackages, devMode, etc.) Enable static resource serving and exclude patterns Define 404, 500, and exception error-page mappings	src/main/webapp/WEB-INF/web.xml
Strengthen action classes with fallback parameters, null checks, and debug output	Fallback to alternate request parameters when method/action is null Null-check session form before copying issue list and log info if missing Print note list in CaseManagementView2Action for debugging	src/main/java/org/oscarehr/casemgmt/web/CaseManagementEntry2Action.java src/main/java/org/oscarehr/casemgmt/web/CaseManagementView2Action.java

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[yingbull]

not anything I will send for a request for change, but do look to up the inline comment bar etc at least in the areas being worked on where possible.

[yingbull]

OK, going to ask for some comments here that help explain what the additional filter settings do/why they are needed.

[yingbull]

I like this, but should we have a different setup for development we should have an alternative file we someone use etc?

[yingbull]

I'll take the c:out's for now (as I think down the road the right way to use them is to get a custom tag that wraps the owasp sanitizer), but the owasp one is better that stringescape tools, particularly as it has context for different things ie attributes as this case. I see some other non sanitized data; let's go with using the owasp tool to do it. I know some of it is just refactoring what was not clean before, but let's leave it better if we are working on it.

[LiamStanziani]

Closing this PR since issue was fixed in another branch by Deval that was merged.

PR: #372