Please upload the development branches as any changes or modifications to the code must be published.

Corneal drawings module has some issues to be corrected:

1. Automatic diagnosis wrong and unnecessary. For example, if a corneal thinning is marked, it automatically adds a diagnosis of “dellen”. Thinning can be due to several other more common reasons. It should not add any automated diagnosis unless entered by the doctor.

2. Corneal Thinning cannot be marked on one small area. It selects entire periphery

3. Freehand drawing not possible in slit diagram (possible in the full on view)

4. Label on the freehand drawing fills the middle of the diagram

5. Corneal drawing colors are not according to the standard coloring scheme of corneal pathologies as per standard books

6. User should be able to make templates

All that's needed is one drawing tool with freehand drawing, circles and squares and lines that can be selected. Plus user must be allowed to save templates of drawings

Source https://github.com/DCKento/CVE-2021-40374

Description

A stored cross-site scripting (XSS) vulnerability was identified in OpenEyes 3.5.1, developed by the Apperta Foundation.

Improper input handling in the 'Address1' parameter allowed for JavaScript to be injected into a patients profile. When the patient profile was loaded by the web browser, the JavaScript executed. This could be used to perform XSS attacks on unsuspecting users who view the patient profile.

Reproduction

1. Browse to a patient profile.
2. Click the 'edit icon' near the top of the screen.
3. In the Address1 field, input the following JavaScript: <IMG SRC=# onerror="alert('xxs')">
4. Click 'Save patient'.
5. Reload the patient profile.
6. Note that an alert box is triggered by the browser with the message 'xss'.

Impact

If an attacker were to embed malicious JavaScript into the OpenEyes application, it could be used to hijack user accounts, steal credentials, exfiltrate sensitive data or perform malicious actions on the OpenEyes application.

Demonstration

Procedure selection has stopped to work with the new release within the Operations report.

https://github.com/openeyes/OpenEyes.git

Repository cannot be found.

Do you have any alternative?

Hello,
When I try to install it through an Ubuntu 18.04 server on virtual box
Following the step you gave
I get to the fourth step (Run sudo bash /var/www/openeyes/protected/scripts/install-system.sh)
And I get nom errors about dependencies
Hope someone can help me out
Thank you

Hi @biskyt,

I've finally managed to get openeyes installed, however, when I go to localhost, it redirects to openeyes/site/login, but I get a 404 Not Found error.

Please can you help on this as I'm now stuck.

Rgds,

Mark

Instead of Ubuntu on a standard computer, can OpenEyes Server potentially run on a Raspberry Pi ?
Not for heavy lifting, just for a small clinic ?

Is there any software issues with running on Raspbian Linux instead of Ubuntu ?

Is there a pathway to install this project via a docker image?

There is historic evidence of a docker image having been maintained but it appears to me that the current intended install path is expecting a direct install on ubuntu.

There is this docker-compose that appears to still be maintained for the purposes of testing. It's not clear what the value of OEWEB_IMAGE_NAME should be in this case.

If docker isn't currently supported, is a PR welcome to add support for a docker build?

I want to create a new examination, but when saving a clinical management section it creates this error.
Openeye was installed in docker

Having a go at installing OE on ubuntu 18.04. I have been trying to use the wiki how to but most of the stuff in based on 14.04 and old versions of OE.

I get as far as:

sudo ./yiic migrate
Couldn't find yiic.php.

Can any one give me help please?

Hi There,

I was wondering if anyone could help? I've managed to install openers into ubuntu 22.04. The only issue with the first part of the installation is that there appears to be a missing framework when I try to load the web guy. I get the following errors:

Warning: Invalid argument supplied for foreach() in /var/www/html/openeyes/index.php on line 32

Warning: require_once(/var/www/html/openeyes/protected/yii/framework/yii.php): failed to open stream: No such file or directory in /var/www/html/openeyes/index.php on line 48

Fatal error: require_once(): Failed opening required '/var/www/html/openeyes/protected/yii/framework/yii.php' (include_path='.:/usr/share/php') in /var/www/html/openeyes/index.php on line 48

I cannot find the. path and the files what appear to be needed. The files don't appear to be in the repo either.

Secondly, when I try to install openers using sudo bash /var/www/openeyes/protected/scripts/install-oe.sh, I get the following error:

for modules:

eyedraw

To a depth of: 2000
Will not run oe-fix after checkout
Forcing reset - any uncomitted changes will be lost

Will fallback to develop if develop does not exist

!COULD NOT AUTHENTICATE TO GITHUB WITH SSH, FALLING BACK TO HTTPS!
eyedraw: testing for existence of remote tag/branch...
No branch develop was found. Falling back to develop
fatal: cannot change to '/var/www/html/openeyes/protected/modules/eyedraw': No such file or directory
fatal: cannot change to '/var/www/html/openeyes/protected/modules/eyedraw': No such file or directory
Doesn't currently exist - cloning from : https://github.com/appertafoundation/eyedraw.gitAttempting shallow clone of depth: 2000
Cloning into 'eyedraw'...
warning: Could not find remote branch develop to clone.
fatal: Remote branch develop not found in upstream origin
UNABLE TO CLONE eyedraw. Exiting..

*** AN ERROR OCCURRED - CHECK THE LOGS ***

Seems as though the repo is missing. Any ideas on what I'm doing wrong?

When I click on prescription it then takes me to an error screen:

Version: 4.1.6
Logs:

2024/02/06 10:59:34 [info] [application] [useractivity] New episode created for patient_id=2339879, firm_id=13, start_date='2024-02-06 10:59:34' [172.19.0.1] [danielcrown]
2024/02/06 10:59:34 [error] [php] Trying to get property 'medicationAttributeOptions' of non-object (/var/www/openeyes/protected/modules/OphDrPrescription/views/default/form_Element_OphDrPrescription_Details.php:56)
Stack trace:
#0 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CController.php(872): DefaultController->renderFile()
#1 /var/www/openeyes/protected/controllers/BaseEventTypeController.php(1652): DefaultController->renderPartial()
#2 /var/www/openeyes/protected/controllers/BaseEventTypeController.php(1724): DefaultController->renderPartial()
#3 /var/www/openeyes/protected/controllers/BaseEventTypeController.php(1814): DefaultController->renderElement()
#4 /var/www/openeyes/protected/controllers/BaseEventTypeController.php(1796): DefaultController->renderElements()
#5 /var/www/openeyes/protected/controllers/BaseEventTypeController.php(1744): DefaultController->renderTiledElements()
#6 /var/www/openeyes/protected/modules/OphDrPrescription/views/default/create.php(70): DefaultController->renderOpenElements()
#7 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CBaseController.php(126): require()
#8 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CBaseController.php(95): DefaultController->renderInternal()
#9 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CController.php(872): DefaultController->renderFile()
#10 /var/www/openeyes/protected/controllers/BaseEventTypeController.php(1652): DefaultController->renderPartial()
#11 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CController.php(785): DefaultController->renderPartial()
#12 /var/www/openeyes/protected/controllers/BaseEventTypeController.php(919): DefaultController->render()
#13 /var/www/openeyes/vendor/yiisoft/yii/framework/web/actions/CInlineAction.php(49): DefaultController->actionCreate()
#14 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CController.php(308): CInlineAction->runWithParams()
#15 /var/www/openeyes/vendor/yiisoft/yii/framework/web/filters/CFilterChain.php(134): DefaultController->runAction()
#16 /var/www/openeyes/vendor/yiisoft/yii/framework/web/filters/CFilter.php(40): CFilterChain->run()
#17 /var/www/openeyes/protected/controllers/BaseController.php(72): CAccessControlFilter->filter()
#18 /var/www/openeyes/vendor/yiisoft/yii/framework/web/filters/CInlineFilter.php(58): DefaultController->filterAccessControl()
#19 /var/www/openeyes/vendor/yiisoft/yii/framework/web/filters/CFilterChain.php(131): CInlineFilter->filter()
#20 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CController.php(291): CFilterChain->run()
#21 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CController.php(265): DefaultController->runActionWithFilters()
#22 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CWebApplication.php(282): DefaultController->run()
#23 /var/www/openeyes/vendor/yiisoft/yii/framework/web/CWebApplication.php(141): CWebApplication->runController()
#24 /var/www/openeyes/vendor/yiisoft/yii/framework/base/CApplication.php(185): CWebApplication->processRequest()
#25 /var/www/openeyes/index.php(49): CWebApplication->run()
REQUEST_URI=/OphDrPrescription/Default/create?patient_id=2339879

Source https://github.com/DCKento/CVE-2021-40375

Description

An improper access control vulnerability was identified in OpenEyes 3.5.1, developed by the Apperta Foundation.

A low privileged user could load a patient's profile in their browser and access sensitive information without the required level of privilege. Despite the application returning a 'Forbidden' message on the webpage, the server response still returned all the information about a patient. This information could be viewed in an intercepting proxy, or simply by viewing the page source within the browser.

Reproduction

1. As a highly privileged user, view a patient profile.
2. Copy the URL to this patient profile.
3. Log out of the OpenEyes session.
4. Log in with a low privileged user.
5. Paste the patient profile URL in and browse to this.
6. Note that OpenEyes returns a 'Foribidden' message.
7. Right click and click 'View page source'.
8. Note that the sensitive patient information is still returned in the response, and can be viewed in the page source.

Impact

The patient overview contains sensitive information about the patient. This includes PII such as Date of Birth, NHS number and address. In addition, extensive medical information is disclosed such as medication plans, prescription informations, past appointments, current medical problems or past procdeures.

This information being obtained by a user who is unauthorized could result in a breache of privacy, and impact the confidentiality of patient information stored within the OpenEyes application.

Demonstration

I have run "sudo bash /var/www/openeyes/protected/scripts/install-system.sh" successfully and all dependencies have been installed. However, running sudo bash /var/www/openeyes/protected/scripts/install-oe.sh returns the below error:

/tmp/runinstall.sh: line 69: [: =: unary operator expected

Installing openeyes as user: root...

DISCLAIMER: OpenEyes is provided under a GNU Affero General Public License v3.0
license and all terms of that license apply
(https://www.gnu.org/licenses/agpl-3.0.html).
Use of the OpenEyes software or code is entirely at your own risk. Neither the
OpenEyes Foundation, ABEHR Digital Ltd or any other party accept any responsibility
for loss or damage to any person, property or reputation as a result of using the
software or code. No warranty is provided by any party, implied or otherwise. This
software and code is not guaranteed safe to use in a clinical environment and
you should make your own assessment on the suitability for such use. Installation
of any openeyes software indicates acceptance of this disclaimer.

To continue installing you must accept the disclaimer...

1. Accept
2. Decline
   #? 1
   Accepted. Continuing installation...

Setting file permissions...
Adding user root to group www-data
calling oe-checkout with -f --no-migrate --no-summary --no-fix --no-oe

Checking out branch master...
for modules:

eyedraw

To a depth of: 2000
Will not run oe-fix after checkout
Forcing reset - any uncomitted changes will be lost

Will fallback to master if master does not exist

!COULD NOT AUTHENTICATE TO GITHUB WITH SSH, FALLING BACK TO HTTPS!
eyedraw: testing for existence of remote tag/branch...
fatal: unable to access 'https://github.com/appertafoundation/eyedraw.git/': Could not resolve host: github.com
fatal: unable to access 'https://github.com/appertafoundation/eyedraw.git/': Could not resolve host: github.com
No branch master was found. Falling back to master
HEAD is now at 13224079 Merge pull request #196 from openeyes/release/v3.4
Your branch is up to date with 'origin/master'.

Migrations were not run automatically. If you need to run the database migrations, run script /var/www/openeyes/protected/scripts/oe-migrate.sh

Adding user root to group www-data

Resetting file permissions...
ownership of /var/www/openeyes looks ok, skipping. Use --force-perms to override
updating /var/www/openeyes/protected/config/local to 774...
updating /var/www/openeyes/assets/ to 774...
updating /var/www/openeyes/protected/runtime to 774...
updating /var/www/openeyes/protected/files to 774...

...Done

DB migrations will not run automatically
Unknown Parameter(s):

*** AN ERROR OCCURRED - CHECK THE LOGS ***

How can I resolve this problem?

Just want to check with developers of this is now a stalled project? There haven't been any new releases for last 2 years

After I runs install-oe.sh

this error is appearing

WARN engine [email protected]: wanted: {"node":"^14.17.0 || ^16.13.0 || >=18.0.0"} (current: {"nod
e":"8.10.0","npm":"3.5.2"})
WARN engine [email protected]: wanted: {"node":"^14.17.0 || ^16.13.0 || >=18.0.0"} (current: {"nod
npm ERR! Linux 4.15.0-1021-aws
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "install" "-g" "npm"
npm ERR! node v8.10.0
npm ERR! npm v3.5.2

npm ERR! Unsupported URL Type: npm:string-width@^4.2.0
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! https://github.com/npm/npm/issues

npm ERR! Please include the following file with any support request:
npm ERR! /home/ubuntu/npm-debug.log
installing global npm dependencies
▄ ╢░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░╟
WARN engine [email protected]: wanted: {"node":">=10"} (current: {"node":"8.10.0","npm":"3.5
.2"})
WARN engine [email protected]: wanted: {"node":">=10"} (current: {"node":"8.10.0","npm":"3.5
loadDep:v8flags → request ▌ ╢████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░╟
WARN engine [email protected]: wanted: {"node":">=10"} (current: {"node":"8.10.0","npm":"3.5.2"
/usr/local/bin/grunt -> /usr/local/lib/node_modules/grunt-cli/bin/grunt
/usr/local/lib
└── [email protected]

Installing wkhtmltopdf...

--2023-06-08 18:24:20-- https://downloads.wkhtmltopdf.org/0.12/0.12.5/wkhtmltox_0.12.5-1.
bionic_amd64.deb
Resolving downloads.wkhtmltopdf.org (downloads.wkhtmltopdf.org)... failed: Name or service
not known.
wget: unable to resolve host address ‘downloads.wkhtmltopdf.org’

*** AN ERROR OCCURRED - CHECK THE LOGS ***

The Setup instructions say Ubuntu Linux 18.06, but is it possible to install OpenEyes on a Windows computer instead ?

Hello Dear AppertaFoundation Family,

I am trying to configure the code, I am stuck at Step4:
Step4: Run sudo bash /var/www/openeyes/protected/scripts/install-system.sh
(this installs and configures the necessary services, such as the Apache webserver)

it says missing libraries. Attaching the error screenshot here:

Can you please advise on this?
Your support will be much appreciated.

From the previous comment on #8

         Please see the Setup section of the Readme on the front page https://github.com/AppertaFoundation/openeyes#setup

Originally posted by @biskyt in #8 (comment)

This is not a solution, I have followed the steps from a perfectly clean ubuntu:18.04 docker image, and have done the install-system step:

updating imagick to read/write PDFs
--------------------------------------------------
SYSTEM SOFTWARE INSTALLED
Please check previous messages for any errors
--------------------------------------------------
root@a04462cfceeb:/var/www# service apache2 restart

However the install-oe step (after restarting apache2) reports:

Pulling latest changes: 
Already up to date.

WARNING: Copying sample configuration into local ...

Migrations were not run automaically. If you need to run the database migrations, run script /var/www/openeyes/protected/scripts/oe-migrate.sh

Adding user root to group www-data

Resetting file permissions...
ownership of /var/www/openeyes looks ok, skipping. Use --force-perms to override
updating /var/www/openeyes/protected/config/local to 774...
updating /var/www/openeyes/assets/ to 774...
updating /var/www/openeyes/protected/runtime to 774...
updating /var/www/openeyes/protected/files to 774...
setting sticky bit for protected/runtime
setting sticky bit for protected/files

...Done

DB migrations will not run automatically
Unknown Parameter(s):

******************************************
*** AN ERROR OCCURRED - CHECK THE LOGS ***
******************************************
root@a04462cfceeb:/var/www# /var/www/openeyes/protected/scripts/oe-migrate.sh
Couldn't find yiic.php.
Couldn't find yiic.php.

yiic is clearly installed:

root@a04462cfceeb:/var/www/openeyes/protected# ls -la | grep yii
-rwxrwsrwx 1 root www-data    71 Feb 10 10:19 yiic
-rwxrwsrwx 1 root www-data   395 Feb 10 10:19 yiic.bat
-rwxrwsrwx 1 root www-data   619 Feb 10 10:19 yiic.php

What is the cause of the issue and the fix?

I am trying to configure openeye with the below o.s but receiving error
after running the Bash cmd install-system.sh script

Run sudo bash /var/www/openeyes/protected/scripts/install-system.sh
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-213-generic x86_64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: https://ubuntu.com/advantage

System information as of Thu Mar 21 10:27:48 UTC 2024

System load: 0.12 Processes: 102
Usage of /: 7.9% of 72.78GB Users logged in: 0
Memory usage: 1% IP address for ens18: 172.17.9.92
Swap usage: 0%

Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Installing required system packages
---= installing packages =---
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'php5.6-json' for regex 'php5.6'
Note, selecting 'php5.6-common' for regex 'php5.6'
E: Unable to locate package php5.6-mbstring
E: Couldn't find any package by glob 'php5.6-mbstring'
E: Couldn't find any package by regex 'php5.6-mbstring'
E: Unable to locate package php5.6-cli
E: Couldn't find any package by glob 'php5.6-cli'
E: Couldn't find any package by regex 'php5.6-cli'
E: Unable to locate package php5.6-mysql
E: Couldn't find any package by glob 'php5.6-mysql'
E: Couldn't find any package by regex 'php5.6-mysql'
E: Unable to locate package php5.6-ldap
E: Couldn't find any package by glob 'php5.6-ldap'
E: Couldn't find any package by regex 'php5.6-ldap'
E: Unable to locate package php5.6-curl
E: Couldn't find any package by glob 'php5.6-curl'
E: Couldn't find any package by regex 'php5.6-curl'
E: Unable to locate package php5.6-xsl
E: Couldn't find any package by glob 'php5.6-xsl'
E: Couldn't find any package by regex 'php5.6-xsl'
E: Unable to locate package php5.6-gd
E: Couldn't find any package by glob 'php5.6-gd'
E: Couldn't find any package by regex 'php5.6-gd'
E: Unable to locate package php5.6-mcrypt
E: Couldn't find any package by glob 'php5.6-mcrypt'
E: Couldn't find any package by regex 'php5.6-mcrypt'
E: Unable to locate package php5.6-imagick
E: Couldn't find any package by glob 'php5.6-imagick'
E: Couldn't find any package by regex 'php5.6-imagick'
E: Unable to locate package php5.6-zip
E: Couldn't find any package by glob 'php5.6-zip'
E: Couldn't find any package by regex 'php5.6-zip'
E: Unable to locate package libapache2-mod-php5.6
E: Couldn't find any package by glob 'libapache2-mod-php5.6'
E: Couldn't find any package by regex 'libapache2-mod-php5.6'

*** AN ERROR OCCURRED - CHECK THE LOGS ***

Dear sir,

I am a novice in the field but would love to try out the system. Could you pls guide how to install the same on a windows desktop. Thanks