OpenEMR 3.0 does not print documents for me

OpenEMR Development
1

rpl121 wrote on Friday, March 20, 2009:

When I used earlier versions in the 2.9 series, I found that I could create patient reports that included graphical displays of attached documents.  I was even able to fax office notes and attached pdf, tif (but not txt) files directly to a fax printer.

With version 3.0, I find that for each attached document checked, I just get a blank square icon as though the document were not there, and it does not print.

I know the documents are present because they are easily viewable within the documents section of OpenEMR.

I have puzzled through the custom_report.php file and have noted some recent code changes, but nothing that explained this glitch to me.

Could the securing of the ./documents subdirectory with phpgacl be creating the problem?

I have the same problem on multiple installations – fresh, converted etc.

I’m using Ubuntu Server 8.04 and Internet Explorer on the clients.

Any ideas?

Ronald Leemhuis

2

bradymiller wrote on Friday, March 20, 2009:

hey,
  I think you’ll be almost pleasantly surprised by the most recent CVS release. Can either get thru CVS or download a daily snapshot in step 2 of below instruction:
http://www.oemr.org/modules/wiwimod/index.php?page=LinuxGenericOpenEmrInstallCvsSnapshot

JPG definitely works, but pdf with issues (see below).

The code to view the pdf (this is actually a jpg that has been converted by imagemagick) looks to be insanely insecure.  It’s your apache server that is not allowing free access to view this file (this is a good thing) which is controlled by the .htaccess file or some people limit it in their apache configuration file.  If you bypassed this, then you’d open up the documents directory to access by all.  The best way to get an understanding of this is to view the source of your report output in a report that contains both a jpg and pdf.  You’ll note a line at the end which spits out those images.

A jpeg tag will look like this (controller grabs the image by reference of the mysql database, hence you need to be logged in to see it and have access):
<img src="/openemr/controller.php?document&retrieve&patient_id=&document_id=2">

A pdf tag looks like this (again, note the name of this file was test.pdf which was converted by imagemagick to test_converted.jpg):
<img src=’/openemr/documents/1/test_converted.jpg’>

This is very bad from a security standpoint. If your apache server allowed that pdf link then anybody (no login required) could grab this file by typing the web address and see patient information. Even worse, they could type web address of any file in your documents directory and grab it if you let apache allow this.

There’s got to be another solution.  Maybe some sort of PHP module that converts pdf to jpg on the fly. (then could use controller to securely grab the original pdf file as is done in the documents viewer)

-brady

3

bradymiller wrote on Friday, March 20, 2009:

hey,

Well, attempted to give it a go and couldn’t figure out a simple fix.  Attempted to hack C_Document.class.php (retrieve_action function) to retrieve the file but couldn’t figure it out since the file is not associated with a document ID.

-brady

4

rpl121 wrote on Friday, March 20, 2009:

You are right, Brady.  When I open up access to the ./openemr/documents directory to the web server, the files print out OK.  As you know, however, the documents become visible to all comers outside the normal constraints of the program.

On a whim, I tried setting up a user www-data in OpenEMR and let “him” be administrator.  That didn’t work.

Documents come up well in the "documents" view tab even when web access to the documents subdirectory is blocked.  Is there a way to find out what "user" is trying to access the documents subdirectory and then simply set up the access so that this user is permitted?

Ronald Leemhuis MD

5

bradymiller wrote on Friday, March 20, 2009:

hey,

I’m thinking the best fix will be to modify the openemr/controllers/C_Document.class.php code (specifically the retrieve_action function) to allow retrieval of these converted jpg images. Then will use the same mechanism as when viewing documents.

-brady 

6

bradymiller wrote on Friday, March 20, 2009:

hey,

  I think I got it.  Had to modify three files and unclear of the repercussions, so will delay committing this to CVS until after the next bug release (3.0.1).  Here are manual changes required in case you want earlier:

FILE  openemr/controllers/C_Document.class.php :

LINE 201 :

REPLACE :
function retrieve_action($patient_id="",$document_id,$as_file=true) {

WITH :
>       function retrieve_action($patient_id="",$document_id,$as_file=true,$original_file=true) {
//controller function ruins booleans, so need to manually re-convert to booleans
if ($as_file == "true") {
$as_file=true;
}
else if ($as_file == "false") {
$as_file=false;
}
if ($original_file == "true") {
$original_file=true;
}
else if ($original_file == "false") {
$original_file=false;
}

LINE 219 :

REPLACE :
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Disposition: " . ($as_file ? "attachment" : "inline") . "; filename=&quot;" . basename($d->get_url()) . "&quot;");
header("Content-Type: " . $d->get_mimetype());
header("Content-Length: " . $d->get_size());
$f = fopen($url,"r");
fpassthru($f);
exit;

WITH :
if ($original_file) {
//normal case when serving the file referenced in database
header(“Pragma: public”);
header(“Expires: 0”);
header(“Cache-Control: must-revalidate, post-check=0, pre-check=0”);
header("Content-Disposition: " . ($as_file ? “attachment” : “inline”) . “; filename=&quot;” . basename($d->get_url()) . “&quot;”);
header("Content-Type: " . $d->get_mimetype());
header("Content-Length: " . $d->get_size());
$f = fopen($url,“r”);
fpassthru($f);
exit;
}
else {
//special case when retrieving a document that has been converted to a jpg and not directly referenced in database
$convertedFile = substr(basename($url), 0, strrpos(basename($url), ‘.’)) . ‘_converted.jpg’;
$url = $GLOBALS[“fileroot”].’/documents/’.$_SESSION[“pid”].’/’.$convertedFile;
  header(“Pragma: public”);
  header(“Expires: 0”);
  header(“Cache-Control: must-revalidate, post-check=0, pre-check=0”);
  header("Content-Disposition: " . ($as_file ? “attachment” : “inline”) . “; filename=&quot;” . basename($url) . “&quot;”);
  header(“Content-Type: image/jpeg”);
  header("Content-Length: " . filesize($url));
$f = fopen($url,“r”);
fpassthru($f);
exit;
}

FILE openemr/interface/patient_file/report/custom_report.php :

LINE 296 :

REPLACE :
echo ‘<img src="’ . $GLOBALS[‘webroot’] . “/controller.php?document&retrieve&patient_id=&document_id=” . $document_id . ‘"><br><br>’;

WITH :
echo “<img src=’” . $GLOBALS[‘webroot’] . “/controller.php?document&retrieve&patient_id=&document_id=” . $document_id . “&as_file=false’><br><br>”;

LINE 305 :

REPLACE :
$to_url = $GLOBALS[‘webroot’] . “/documents/$pid/” . basename($to_file);
echo “<img src=’$to_url’><br><br>\n”;

WITH :
echo “<img src=’” . $GLOBALS[‘webroot’] . “/controller.php?document&retrieve&patient_id=&document_id=” . $document_id . “&as_file=false&original_file=false’><br><br>”;

FILE openemr/templates/documents/general_view.html :

LINE 77 :

REPLACE :
<iframe frameborder="0" type="{$file->get_mimetype()}" src="{$web_path}{$file->get_url_web()}&as_file=false"></iframe>

WITH :
<iframe frameborder="0" type="{$file->get_mimetype()}" src="{$web_path}as_file=false"></iframe>

ALL DONE

7

bradymiller wrote on Tuesday, March 31, 2009:

hey,

committed above changes to cvs

-brady

8

ideaman911 wrote on Wednesday, April 01, 2009:

Guys;

Is ImageMagick embedded within OpenEMR or is it an external?  My attempts to setup external within Windows were met with failure EXCEPT JPG.  No convert was allowed by it.  I had thought it was supposed to allow convert and display of anything to anything.  The info above suggests we still have an inconsistency.  I will be testing 3.0.1 this week.

Joe Holzer