Hi, i’m using the Attachment_Fu plugin to handle file uploading and have
set the max filesize in my image model, that works fine.
Problem is, I don’t want the user to find out the image they’re
uplaoding is too big after uploading it.
Is there any way, clientside, to check the size before uploading?
you could use swfupload to do this:
this comes with a few more advantages, eg uploading several files at
once
On 26 Feb 2008, at 11:03, Thorsten M. wrote:
you could use swfupload to do this:
http://swfupload.org/this comes with a few more advantages, eg uploading several files at
Indeed, a fantastic component. You can also filter out certain
filetypes etc. It does use Flash and you need to be aware that it
uses JavaScript callbacks similar to the Prototype onComplete events
you need to use to show the files after the upload is done. Also,
keep in mind that Rails 2’s forgery protection and more restrictive
session management can give you some problems. It has come up on the
mailing list, just search the archives.
It would be nice if someone would write a blog post on SWFUpload in
Rails 2. I’m using it in a Rails 1.2 app with great success, but
using it in Rails 2 is a big question mark for me. Would be nice to
get some comforting guidelines on a working solution.
Best regards
Peter De Berdt
It would be nice if someone would write a blog post on SWFUpload in
Rails 2. I’m using it in a Rails 1.2 app with great success, but
using it in Rails 2 is a big question mark for me. Would be nice to
get some comforting guidelines on a working solution.
yes, you’re right that it fails to work with the session.
my solution so far:
i think that’s reasonably secure and was easy to implement. i had
thought to use some of the solutions that where mentioned in the other
discussions here, but they all seem to fail with one browser or another.
Nice, thanks, but this sounds like replacing one problem with another.
I’ll add some text by the box to say [max 5mb] which should stop most,
and an onsubmit() function when submitting the file that I can rig to a
js function to check the filesize.
I’m sure I did this with javascript before but no idea how
hmm… no luck there, looks like it can’t be done via javascript, only
once the file has got to the server can you check the filesize.
so with the Attachment_Fu plugin, is there a method / object that
returns what happened with a failed upload so i can do…
if attachment.size > 5.megabytes
flash[:notice] = ‘sorry, you tried to upload a file larger than 5mb!’
?
On 26 Feb 2008, at 12:04, Thorsten M. wrote:
- file uploads are only accepted, as long as they match the db entry
i think that’s reasonably secure and was easy to implement. i had
thought to use some of the solutions that where mentioned in the other
discussions here, but they all seem to fail with one browser or
another.
So if I understand you correctly, you turn off the session for the
upload method and replace it with your own temporary validation hash?
Great solution btw, it’s so obvious and simple I would never have
thought of it myself :-), I still would have tried to work around it
the way you could do it in the previous Rails version (by allowing
session ids to be passed in via a parameter request).
Best regards
Peter De Berdt
So if I understand you correctly, you turn off the session for the
upload method and replace it with your own temporary validation hash?
Great solution btw, it’s so obvious and simple I would never have
thought of it myself :-), I still would have tried to work around it
the way you could do it in the previous Rails version (by allowing
session ids to be passed in via a parameter request).
in that special case for each file i need an db entry anyway
to link it in the document structure, having fields like
name: descriptive name given by user
description: long description of content
document_version: docs can be replaced
project_id: project, doc belongs_to
user_id
etc
so the ajax call (with session) creates an empty record,
filling out only necessary parts as user_id and project_id
plus: temporary reuse of name to store some randomly generated code
which is handed back with the ajax response (plus the document_id)
maybe this code is not really necessary, but it looks very secure 
then starts uploading file/s with those parameters
the action checks that a record with given id exists, that it’s
created_at isn’t too old and the code is matched
in any other case rejects the upload
i think that’s rather secure and somebody would have to
intercept the connection to get the id and code fast enough
to do something bad
maybe it could be enhanced with some tricky encryption,
but we’re quite confident, that it’s secure enough for
our kind of apps
I know Peter, it isn’t perfect but will do for the moment. I’ll
research some more with the plugin you suggested and Attachment_Fu to
find a more graceful way of handling this.
Will let you know if I find the solution.
Appreciate your help.
John.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs