Scanned_notes form

suitable1 wrote on Sunday, June 24, 2012:

I have encountered an issue with the contributed library form scanned_notes.  I’m not sure if it is related to other forum posts on this subject, so I’m starting a new thread.  I have been able to set up, register the form and upload a document for an encounter.  But then I was unable to retrieve the document for viewing.  All I get was the well-known red X.  It appears to me that the problem is related to the .htaccess control that is in the …/sites/default/documents directory.  From what I’ve gleaned from the forums, this can be resolved by use of “controller.php”  which the contributed form is not using.    Is there any documentation on the use of this script and its related scripts?

I assume that it would be a good idea to leave the .htaccess control in place since we using a hosting service.

bradymiller wrote on Tuesday, June 26, 2012:

Hi,

Yes, I’d consider this a security concern(note if you do not limit access to this via .htaccess/apache then no login is needed to access the documents directory). To see the proper way to pull documents via controller.php, recommend seeing how it’s done for the Advanced Directives and  patient picture widgets on the patient summary screen.

-brady
OpenEMR