File_column

Restricting size of an uploaded file, is how is that possible? If I
do not want a user to upload a file larger than X bytes, can it
easily be done?

If I also would like restrict the types of files that can be
uploaded, how may I do so?

Thank you,

Sharkie

file_column from trunk has optional file_size validation. AFAIK,
validation
is done before saving, in that case, you are still uploading the file. A
better option would be if the webserver would cancel the upload, when
the
max filesize is reached. I am using Lighttpd, which has no such upload
mod,
but maybe apache has some some ? Or try to convince
Zedhttp://www.zedshaw.com/to put some sophisticated upload
functionality into mongrel.

Filetype can be restricted with a bit of javascript and regular
expression
when the Input field of the File upload form changes.
Thishttp://blog.caboo.se/articles/2006/02/23/integrate-rails-modules-with-javascript-objectsmight
help you to understand how you need to aproach that. Or if you like
flash, you can rely on flashplayer 8 for highly configurable file-upload
(with smooth progress indicator), but that wil require a lot of
Javascript
for the integration.

Shark Fin S. wrote:

Restricting size of an uploaded file, is how is that possible? If I
do not want a user to upload a file larger than X bytes, can it
easily be done?

If I also would like restrict the types of files that can be
uploaded, how may I do so?

You should be able to write a conditional using rmagick’s image.filesize
attribute:
http://www.simplesystems.org/RMagick/doc/imageattrs.html#filesize

Same goes for the format with the image.format attribute:
http://www.simplesystems.org/RMagick/doc/imageattrs.html#format

Matthias, of course you are right. I should have mentioned that any kind
of
client side validation also needs a serverside validation. Clientside
validation is not for securing the app, it is to improve usability and
responsiveness of the app.

Roberto S. wrote:

Filetype can be restricted with a bit of javascript and regular
expression when the Input field of the File upload form changes. This
http://blog.caboo.se/articles/2006/02/23/integrate-rails-modules-with-javascript-objects
might help you to understand how you need to aproach that. Or if you
like flash, you can rely on flashplayer 8 for highly configurable
file-upload (with smooth progress indicator), but that wil require a
lot of Javascript for the integration.

Very bad idea…dont think you can secure any application with JS
touching/limiting the input / form etc…any kid could still use its very
own form to upload files without any of your fuzzy JS and you wouldnt
have won anything…that might just help as an additional feature but
is anything but secure…also headerdata can be changed easily, so there
is no way to prevent someone to use his OWN forms to upload stuff, that
said, any serious validation can only be done serverside.

This is a general rule and belongs to every kind of userdata, not just
uploaded images…

Greez

Matthias Oesterle

Hi,

a) there is a modification of file_column from kyle:
http://opensvn.csie.org/rails_file_column/plugins/file_column/
have a look at
http://opensvn.csie.org/rails_file_column/plugins/file_column/trunk/lib/validations.rb
It validates filesizes and extensions.

b) Sebastian, the founder of file_column, annouced an update (“with
lots of goodies”) soon:
http://www.kanthak.net/explorations/blog/rails/canada_on_rails.html

Beate

Roberto S. wrote:

Matthias, of course you are right. I should have mentioned that any
kind of client side validation also needs a serverside validation.
Clientside validation is not for securing the app, it is to improve
usability and responsiveness of the app.

Absolutly, Roberto, thats the point: it aids in usability and is a nice
feature

Anyway back to the topic:

I am also in the same need as the starter and remember that after
spending just a couple of minutes (30, 40, 50…dont remember) some days
ago I wasnt able to find any (direct) solution, so I still hope that
someone could answer that.

Probably one has to spend hours beeing new to RMagick and friends,what I
definatly will do if its coming to that point, but I was also looking
for something like image.width /.height and couldnt find any
solution…this is needed to have a popup sized dynamically to the
“right” size if I click of one of my thumbnails, as its a big different
dealing with portrait/landscape imageformats…

Regards

Matthias Oesterle