Forum: Ruby on Rails file_column

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Bf1e5a140a444bdc5011185bba3a1ed3?d=identicon&s=25 Shark Fin Soup (Guest)
on 2006-03-04 15:22
(Received via mailing list)
Restricting size of an uploaded file, is how is that possible? If I
do not want a user to upload a file larger than X bytes, can it
easily be done?

If I also would like restrict the types of files that can be
uploaded, how may I do so?

Thank you,

Sharkie
30269682335f1fb247d71969fa715b5e?d=identicon&s=25 Roberto Saccon (rsaccon)
on 2006-03-04 16:14
(Received via mailing list)
file_column from trunk has optional file_size validation. AFAIK,
validation
is done before saving, in that case, you are still uploading the file. A
better option would be if the webserver would cancel the upload, when
the
max filesize is reached.  I am using Lighttpd, which has no such upload
mod,
but maybe apache has some some ? Or try to convince
Zed<http://www.zedshaw.com/>to put some sophisticated upload
functionality into mongrel.

Filetype can be restricted with a bit  of javascript and regular
expression
when the Input field of the File upload form changes.
This<http://blog.caboo.se/articles/2006/02/23/integrate...
help you to understand how you need to aproach that. Or if you like
flash, you can rely on flashplayer 8 for highly configurable file-upload
(with smooth progress indicator), but that wil require a lot of
Javascript
for the integration.
50b0c7ff7b5436d6585e8384045cc04a?d=identicon&s=25 Stefan (Guest)
on 2006-03-04 19:56
Shark Fin Soup wrote:
> Restricting size of an uploaded file, is how is that possible? If I
> do not want a user to upload a file larger than X bytes, can it
> easily be done?
>
> If I also would like restrict the types of files that can be
> uploaded, how may I do so?

You should be able to write a conditional using rmagick's image.filesize
attribute:
http://www.simplesystems.org/RMagick/doc/imageattr...

Same goes for the format with the image.format attribute:
http://www.simplesystems.org/RMagick/doc/imageattr...
D4ecf6097193e43bf0bf6ea186fcfbd0?d=identicon&s=25 matthibcn (Guest)
on 2006-03-04 22:05
(Received via mailing list)
Roberto Saccon wrote:

>
> Filetype can be restricted with a bit  of javascript and regular
> expression when the Input field of the File upload form changes. This
> 
<http://blog.caboo.se/articles/2006/02/23/integrate...
> might help you to understand how you need to aproach that. Or if you
> like flash, you can rely on flashplayer 8 for highly configurable
> file-upload (with smooth progress indicator), but that wil require a
> lot of Javascript for the integration.
>
Very bad idea...dont think you can secure any application with JS
touching/limiting the input / form etc..any kid could still use its very
own form to upload files without any of your fuzzy JS and you wouldnt
have won anything....that might just help as an additional feature but
is anything but secure...also headerdata can be changed easily, so there
is no way to prevent someone to use his OWN forms to upload stuff, that
said, any serious validation can only be done serverside.

This is a general rule and belongs to every kind of userdata, not just
uploaded images...

Greez

Matthias Oesterle
30269682335f1fb247d71969fa715b5e?d=identicon&s=25 Roberto Saccon (rsaccon)
on 2006-03-04 23:39
(Received via mailing list)
Matthias, of course you are right. I should have mentioned that any kind
of
client side validation also needs a serverside validation. Clientside
validation is not for securing the app, it is to improve usability and
responsiveness of the app.
D4ecf6097193e43bf0bf6ea186fcfbd0?d=identicon&s=25 matthibcn (Guest)
on 2006-03-05 02:05
(Received via mailing list)
Roberto Saccon wrote:

> Matthias, of course you are right. I should have mentioned that any
> kind of client side validation also needs a serverside validation.
> Clientside validation is not for securing the app, it is to improve
> usability and responsiveness of the app.
>

Absolutly, Roberto, thats the point: it aids in usability and is a nice
feature

Anyway back to the topic:

I am also in the same need as the starter and remember that after
spending just a couple of minutes (30, 40, 50..dont remember) some days
ago I wasnt able to find any (direct) solution, so I still hope that
someone could answer that.

Probably one has to spend hours beeing new to RMagick and friends,what I
definatly will do if its coming to that point, but I was also looking
for something like image.width /.height and couldnt find any
solution...this is needed to have a popup sized dynamically to the
"right" size if I click of one of my thumbnails, as its a big different
dealing with  portrait/landscape imageformats.....

Regards

Matthias Oesterle
Ad91bce9c9a8c68b6942607e4721f74e?d=identicon&s=25 Beate Paland (Guest)
on 2006-03-05 12:45
(Received via mailing list)
Hi,

a) there is a modification of  file_column from kyle:
http://opensvn.csie.org/rails_file_column/plugins/...
have a look at
http://opensvn.csie.org/rails_file_column/plugins/...
It validates filesizes and extensions.

b) Sebastian, the founder of file_column, annouced an update ("with
lots of goodies") soon:
http://www.kanthak.net/explorations/blog/rails/can...

Beate
This topic is locked and can not be replied to.