I have Cloudinary API added to my Rails 6 application. Photo extensions and video extension uploads work great. .zip extensions do not. I've run into two errors while trying to upload a zip file.
CloudinaryException (Unsupported ZIP file):
ActiveModel::UnknownAttributeError (unknown attribute 'type' for Photo.)
In my controller for uploading the zip file, I tried to upload a zip file in different ways.
First I tried
#value = Cloudinary::Uploader.upload(params[:downloadable],
folder: "game_zip", resource_type: :raw)
Second I tried
#value = Cloudinary::Uploader.upload(params[:downloadable])
Third I tried
#value = Cloudinary::Uploader.upload(params[:downloadable],
:resource_type => :auto)
I read in Cloudinary documents that using raw file types is how you can upload zip files, I tried what they recommended, but it's not working. Is there a solution or option that I need to add?
Cloudinary recently updated its security policies, and now restricts both pdf and archive file types on new Free accounts.
This can be bypassed by contacting Cloudinary's support, or by upgrading your account.
Related
I use the Helhum upload example to upload pdf files. The first upload works fine. But when I try to edit the record and replace the previously uploaded file, I get the following error: "The identity property "xxx.pdf" is no UID. I am using TYPO3 9.
How can I fix it?
I have a rails app (v4.2). I have two actions that permit an image upload using paperclip. I have paperclip validation on the mime types.
Anti-malware on the server found a bunch of PHP files in /tmp like this one:
/tmp/RackMultipart20190610-9668-u9nebk.php
I assume they are created in the file upload process.
Two questions:
How can I track down where they came from? Looking in my production.log, I see a bunch of 404s for posts to bogus joomla & wordpress .php paths but nothing that could have been responsible for these uploads.
How can I prevent them in the future?
I'm using rack attack and can block .php file extensions but how can I block file uploads in forms?
We have two places where signed in members can upload images or PDFs. How can I block all other attempts to upload files?
File uploading by-pass is a common technique for uploading webshell's and other stuff.
There are 2 basic methods that will help you to decrease the amount of file uploaded to your server:
MIME Content-type validation: If you validate the content-type of the uploaded file you (since you just want images) you can assure that only image-type files are uploaded:
:content_type => ["image/gif", "image/jpg", "image/jpeg", "image/png", "image/bmp", "image/x-bmp"]
But this still can be bypassed, so you need to add another verification:
File extension validation: You also should add a file extension validation to assure you only permit image-type extensions to your upload.
I've find a cool post where it shows a good implementation of file extension validation: https://stevenyue.com/blogs/validate-attachment-file-size-and-type-in-rails/
Make sure you implement both of these techniques and you should be fine.
I am having a lot of trouble syncing file revisions to dropbox with the "withParentRev" parameter in "uploadFile."
Basically, I export information to a .pdf file. I want to upload the .pdf to dropbox, and if it's a new file it should upload it with "withParentRev=nil," but if the file exists then it should get the revisions. I have tried using loadMetadata on the file, but because the dropbox calls are synchronous I am having trouble uploading the right files.
No one else seems to have good sample code on how to do and any help would be greatly appreciated!
My website generates a file in javascript (audio recording) and I then want it to be uploaded to Amazon S3.
I first managed to get the uploading part working by sending the generated file to my server, where it is uploaded. However I would like now to upload the file directly to S3, without going through my server.
So I started to use the s3_direct_upload gem, which works great when using a file_field. However my file is generated by the javascript and :
- The value of a file field has to be set by the user for security reasons
- I do not want the user to have to interact with the upload
I tried to play with the S3Uploader class and to directly add data, without any success for now, it seems that I do not use the correct method.
Does anyone has any idea on how to achieve S3 direct upload without a file field ?
Thanks
Never mind, I found out that the S3Uploader class used by the s3_direct_upload gem has the same methods as the jQuery-File-Upload from which it is derived.
So one can call $("#s3_uploader").fileupload('send', {files: [f]});
And the f File will be uploaded to S3 directly
I'm having few doubts on implementing file downloads. I'm creating an app where I use attachment_fu with Amazon s3 to upload files. Things are working pretty well so far on uploading side. Now its the time to start the file downloads. Here is what I need, a logged in user search and browse for Images and they should able to add the files in to a download basket (Let's say its a Download Shopping Cart). Finally the user should be able to download these file(s) from S3 probably as a zipped file.
Is there any plugin/gem where I can use for this?
The downside of giving the customer a zip file of all the files is that you'll need to first pull all of the files from S3 back onto your server, then zip them.
You can certainly do that if you want, but it will take a bit of time, you would not want to do it synchronously as part of the browser request. Instead, do it as a background job using delayed_job or similar.
To do the actual zipping, use Zlib::GzipWriter See http://ruby-doc.org/core/classes/Zlib/GzipWriter.html -- it is part of standard Ruby
You could then:
email the user the actual zip file as an attachment
email the user the link to the zip file on your server
or upload the zip file to s3, then email a link to the zip file on s3
Remember to create a clean up task/job to remove the old zip files from your system...
Alternative is to not zip the files together, instead, give the user one or more links to download the files separately.
S3 enables you to create a url to an S3 file that can be used for a set period of time. (The file would be private on S3 so a straight link to it won't work.) Here's how to create it using attachment-fu and aws-s3 gem:
# I added this as a method to my model for the files stored in S3
def authenticated_s3_url
# return a publicly usable url
connect_to_aws # a local method which connects/re-connects to s3
S3Object.url_for(full_filename,
bucket_name,
:expires_in => 60 * 60) # 1 hour
end