juggernautsei wrote on Monday, October 19, 2015:
I was trying to install the drag and drop feature on an Ubuntu install. There seems to be no documentation on how this folder is protected.
I know it is a permissions issue. What do I need to change to be able to execute code inside the documents folder?
thanks!
fsgl wrote on Monday, October 19, 2015:
You can right click on documents & open as administrater or use sudo in the command line.
juggernautsei wrote on Monday, October 19, 2015:
Thanks for the reply but I am not trying to access the folder as a user would. The code that I developed on a windows environment needs to run in the Ubuntu environment. However, the dropdoc.php and the uploadhandler.php don’t execute inside the documents folder even though the documents folder has the permission of 777. I tried to open a text file from the documents folder via the browser but the websever won’t allow the viewing of a text file or html file.
This file /openemr/sites/default/referral_template.html is in the folder above the documents folder and I can access it in the browser. However when I copy it to the documents folder. It will not show in the browser. I get the
Forbidden
You don’t have permission to access /openemr/sites/default/documents/referral_template.html on this server.
Apache/2.4.7 (Ubuntu) Server at Port 80
Now if you can tell me how to get this to work, I would be most appreciative.
tmccormi wrote on Monday, October 19, 2015:
You should NEVER be able to access the documents folder directly from the browser. You system is configured correctly to prevent that.
You have a different problem than permissions on the folder.
juggernautsei wrote on Monday, October 19, 2015:
I dearly understand the logic behind the documents folders permissions but there should be a way to execute code within that folder right?
fsgl wrote on Monday, October 19, 2015:
Is this what you were looking for?
juggernautsei wrote on Monday, October 19, 2015:
Never mind, I will just redesign it for Linux.
juggernautsei wrote on Monday, October 19, 2015:
No but thanks for the try. I’ll just relocate the code to a folder that is already executable
tmccormi wrote on Monday, October 19, 2015:
Yes, all code should be in the standard locations for things, like interface/ and library/ - site/…/documents tree is just for documents storage only specific to that database site
yehster wrote on Monday, October 19, 2015:
On the flip side, if a system allows scripts to be installed and executed in the documents folder, that means the system has not been properly secured and is more vulnerable to remote execution exploits.
mdsupport wrote on Tuesday, October 20, 2015:
@Sherwin, when dealing with documents always think about the optional potatoes sitting in CouchDB.
bradymiller wrote on Tuesday, October 20, 2015:
Hi Sherwin,
Regarding the importing and viewing of documents, will be able to guide best route to plug your code into this during the code review(note there are functions in OpenEMR that will import/collect documents for you automatically without needing to worry about couchdb etc.). When have it on github, let us know.
-brady
OpenEMR