Situation
I’m trying to POST patient documents over a Client API and I’m getting a 404 response along with the logs stating that “Attempt to upload unsecure patient document was declined”.
Running it through python.
I simply converted the curl example in the docs to use the python Request lib.
def _post_document(self, pid, path, file):
print(open(file, 'rb'))
file = {
'document': (file, open(file, 'rb')),
}
url = self.url + "/patient/" + str(pid) + "/document&path=/" + path
return self.session.post(url, files=file)
I’m also testing with txt/pdf files which are both whitelisted files.
Based on the logs, I’m failing one of these conditions in document_services.php
// Ensure filetype is allowed
if ($GLOBALS['secure_upload'] && !isWhiteFile($fileData["tmp_name"])) {
error_log("OpenEMR API Error: Attempt to upload unsecure patient document was declined");
return false;
}
EDIT:
Ok, I’ve confirmed that $fileData is coming in empty all the way from so _rest_routes.inc.php
Leading me to believe that $_FILES isn’t properly storing the document. This leads to the logs I’ve been receiving because anytime $fileData[“tmp_name”] is checked it fails due to not existing.
"POST /api/patient/:pid/document" => function ($pid) {
RestConfig::scope_check("user", "document", "write");
$return = (new DocumentRestController())->postWithPath($pid, $_GET['path'], $_FILES['document']);
RestConfig::apiLog($return);
return $return;
Modifications I’ve made:
/etc/php/7.4/apache2/php.ini
upload_tmp_dir = /var/tmp
upload_max_filesize = 100M
enable_post_data_reading = On
/etc/apache2/apache2.conf
<Directory "/var/tmp">
AllowOverride
Require all granted
</Directory>
$_FILES being empty seems to be a common problem with php due to a plethora of reasons.
I’m not sure what the case may be here but maybe someone else who has dealt with this can shine some light on my situation.
OpenEMR Version
I’m using OpenEMR version 6.0.2
Browser:
I’m using: Chrome
Operating System
I’m using: Win10
Logs
OpenEMR API Error: Attempt to upload unsecure patient document was declined