Validation for file type - ruby-on-rails-4

Am using Carrierwave gem to upload the file.
I need to validate the file while uploading ,it should accept only pdf,jpg and png.
Is there solution to do clientside validation.

The HTML input element has an accept attribute you can use to filter by file type. http://www.w3schools.com/tags/att_input_accept.asp
You can also validate by file extension using something like http://jqueryvalidation.org/extension-method/
This does not prevent a malicious user from uploading a different file type than intended, so you should still validate it after uploading using something like https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/processing/mime_types.rb

Related

REST framework's FileField: How can I force using TemporaryUploadedFile

I want to extract and process text from a text document uploaded by the user without actually saving the document. I use Django's REST framework and I want this to happen in the serializer.
I get the document from a FileField. Because the text document is likely to be small, it will be wrapped into InMemoryUploadedFile automatically. However, text-extraction modules (e.g. docx2python) need to open files from paths, not from memory.
How can I turn an InMemoryUploadedFile into a TemporaryUploadedFile, so I can get a path to use? Or how do I force a particular field (without changing the app settings) to always wrap a file in TemporaryUploadedFile?

Changing default file upload input

I'd like to add the following attribute to the tag on the django file upload form as part of a progress bar implementation:
onchange="uploadFile()"
Do you know how I would be able to modify the default file upload input with this assignment?
You'll want to add the following to your form: field.widget.attrs["onchange"]="uploadFile()"
And include the javascript somewhere within the template being used.

Django Identify file pattern

I am implementing a way to restrict file upload on Django 1.8 running Python 3.4.
Basically, I want to check the MIME type of a file when they upload using mimetypes. However, when I manipulate the file name from bad_image.exe to bad_image.exe.jpg, the MIME type is still image/jpeg. This could still result in a malicious attack.
Is there a way to actually implement this?
You could potentially perform the check in reverse by setting a blacklist of MIME types to prohibit. Then, for each of these MIME types, use e.g.
mimetypes.guess_all_extensions('application/x-msdownload')
to yield a list of possibly malicious extensions, which you can then search for in the uploaded filenames.
Warning.
Relying on filenames and MIME types to defend against malicious uploads is not safe practice. At the very least, sandboxing user uploads in a separate domain prevents any malicious code that slips through your defenses from attacking your site.

rails4 upload file extension error ActionDispatch::Http::UploadedFile

Guy
now i want to upload file with rails 4
my problem now i can't check the file extension before upload it
Note : I can upload the file well but i want to get the file kind before upload it
because i need the extension in another step in my App.
I'm tried to use the commands
File.extname(params[:Upload])
but always got the error
can't convert ActionDispatch::Http::UploadedFile into String
also how i can get the file base name before upload it ??
when i tryed to use
File.basename(params[:Upload])
i got the same error
can't convert ActionDispatch::Http::UploadedFile into String
also when i tried to convert the name to Sting i don't get any thing
That's because File.extname expects a string file name, but an uploaded file (your params[:upload] is an object, it's an instance of the ActionDispatch::Http::UploadedFile class (kind of a temporary file)
To fix the problem you need to call the path property on your params[:upload] object, kind of like that
File.extname(params[:Upload].path)
Btw, if you're trying to get the type of the uploaded file, I'd encourage you to check for the params[:Upload].content_type instead, it's harder to spoof
You can use this:
params[:Upload].original_filename.split('.').last
The original_filename contains full filename with extension.
so you split it based on '.' and last index will contain the file extension.
For Example:
"my_file.doc.pdf".split('.').last # => 'pdf'
You can check this for more info ActionDispatch::Http::UploadedFile.

Mura CMS - Displaying a Class Extension File

I've created a class extension which allows uploading of an additional file (an image). The attribute name is "headingFile".
I now need to be get the URL for that image so I can display it.
I've been able to get information about the file with: $.getBean("fileManager").readMeta($.content('headingFile')) but can't find how I can get it's URL.
How do I get the URL for a file that has been uploaded with Class extension?
Thanks
Try this
$.getURLForImage(fileid=$.content('headingFile'),size='large')
or
$.getURLForImage(fileid=$.content('headingFile'),width=600,height=300)
Or if it's not an image and you just want to download it
$.getURLForFile(fileid=$.content('headingFile'),method='inline')
or
$.getURLForFile(fileid=$.content('headingFile'),method='attachment')