I try to prepare a upload page and here’s my controller:
def new
if request.post?
begin @file = params[:img]
if @file.original_filename.length > 0
filename = “/images/userimg/” + @file.original_filename
File.open(filename, “wb”) { |f| f.write(@file.read) }
end
end
end
end
I want the file to be saved into the public/images/userimg folder. but i
get error at runtime: “No such file or directory -
/images/userimg/arrowd.gif”
I want the file to be saved into the public/images/userimg folder. but i
get error at runtime: “No such file or directory -
/images/userimg/arrowd.gif”
I want the file to be saved into the public/images/userimg folder. but i
get error at runtime: “No such file or directory -
/images/userimg/arrowd.gif”
Be aware that this could be abused. It might be possible for someone
to put …/ in the filename and do something malicious like add a
controller to your application or overwrite your log files.