I need to read (and parse) a user uploaded file. I check it’s MIME
types, as well to see if includes proper headers by reading the file,
but I was wondering can something like params[:uploaded_file].read
trigger any EXEs or ruby/php/etc files? Or, is “read” good to go?
On Mar 29, 8:17 am, GoodGets [email protected] wrote:
I need to read (and parse) a user uploaded file. I check it’s MIME
types, as well to see if includes proper headers by reading the file,
but I was wondering can something like params[:uploaded_file].read
trigger any EXEs or ruby/php/etc files? Or, is “read” good to go?
read does just return the bytes in the IO stream to you - it doesn’t
do anything with them.
Fred
If you are planning on just uploading the file and you don’t want to
upload executable files you should check for that before allowing the
upload.
Thank you Frederick.
That’s what I was thinking (hoping).
@pepe
I do check it’s MIME type before uploading, but the file is actually
never saved. So as long as .read, or parsing, won’t trigger the exe/
ruby/php script, then I think I’m ok.
On Mar 29, 3:56 am, Frederick C. [email protected]