Paperclip: Cannot attach XLS (But DOC works) - ruby-on-rails

I cannot attach a XLS file, but DOC works:
Attachments file content type is invalid
Attachments file is invalid
Here is the log:
Parameters: ... "files"=>[#<ActionDispatch::Http::UploadedFile:0x0000000daf7730 #tempfile=#<Tempfile:C:/Users/Chloe/AppData/Local/Temp/RackMultipart20170511-47156-ym774u.xls>, #original_filename="Chocolate_Store1.xls", #content_type="application/vnd.ms-excel", #headers="Content-Disposition: form-data; name=\"deal[files][]\"; filename=\"Chocolate_Store1.xls\"\r\nContent-Type: application/vnd.ms-excel\r\n">],
...
Command :: file -b --mime "C:/Users/Chloe/AppData/Local/Temp/1f1fb4d71efc0bd245abd7b5b9aa661220170511-47156-1rqzd0q.xls"
(1.0ms) ROLLBACK
Rendering deals/edit.html.erb within layouts/application
When I test the type:
>file -b --mime "C:/Users/Chloe/AppData/Local/Temp/1f1fb4d71efc0bd245abd7b5b9aa661220170511-47156-1rqzd0q.xls"
application/vnd.ms-office; charset=binary
I have this type in my accept list:
class Attachment < ApplicationRecord
has_attached_file :file
validates_attachment_content_type :file, content_type: [
"application/pdf", "application/msword",
"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
"application/vnd.oasis.opendocument.text",
"application/vnd.ms-excel",
"application/vnd.ms-office",
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
"application/vnd.oasis.opendocument.spreadsheet"
]
end
Rails 5.0.2, Paperclip 5.1.0, File 5.04 (DevKit)
I noticed DevKit file differs from Cygwin file. Not sure if relevant:
>file -b --mime "C:/Users/Chloe/AppData/Local/Temp/1f1fb4d71efc0bd245abd7b5b9aa661220170515-54920-1e2bk5s.xls"
application/vnd.ms-office; charset=binary
$ file -b --mime "C:/Users/Chloe/AppData/Local/Temp/1f1fb4d71efc0bd245abd7b5b9aa661220170515-54920-1e2bk5s.xls"
application/vnd.ms-excel; charset=binary

I switched to use
validates_attachment_file_name :file, matches: [/\.pdf$/, /\.docx?$/, /\.xlsx?$/, /\.odt$/, /\.ods$/]

...content_type: [...'application/x-ole-storage'...]
worked for me

Related

Can't save image from API with paperclip

I want to save an image from my react app in my rails app.
I post this to my api:
and when I try to save it i get this error:
{
"file":[
"has contents that are not what they are reported to be",
"file type is not acceptable"
],
"file_content_type":[
"file type is not acceptable"
]
}
my model looks like this:
class Photo < ApplicationRecord
validates :title, presence: true
belongs_to :user
has_attached_file :file, styles: { square: "350x233#", medium: "300x300>", thumb: "100x100>" }, default_url: "/images/:style/missing.png"
validates_attachment_content_type :file, content_type: /\Aimage\/.*\z/, message: 'file type is not acceptable'
validates_attachment_size :file, less_than: 10.megabytes, message: 'file size is more than 50MB'
end
and my controller:
def create
uploaded_file = false
if params[:photo][:image]
tempfile = Tempfile.new(params[:photo][:filename])
tempfile.binmode
tempfile.write(Base64.decode64(params[:photo][:image]))
uploaded_file = ActionDispatch::Http::UploadedFile.new(
:tempfile => tempfile,
:filename => params[:photo][:filename],
:original_filename => params[:photo][:filename],
:content_type => Mime::Type.lookup_by_extension(File.extname(params[:photo][:filename])[1..-1]).to_s
)
params[:photo][:file] = uploaded_file
end
params[:photo][:title] = params[:photo][:filename] if params[:photo][:title] == ""
# #picture = Photo.new(photo_params)
#photo = current_user.photos.build photo_params
#photo.save
render json: #photo.errors
end
and in my logs i found this:
Unpermitted parameters: :image, :filename
Command :: file -b --mime '/tmp/homepage.jpg20180415-7-1wa7yr3'
[paperclip] Trying to link /tmp/homepage.jpg20180415-7-1wa7yr3 to /tmp/ba3988db0a3167093b1f74e8ae4a8e8320180415-7-jpgu5m.jpg
[paperclip] Trying to link /tmp/ba3988db0a3167093b1f74e8ae4a8e8320180415-7-jpgu5m.jpg to /tmp/ba3988db0a3167093b1f74e8ae4a8e8320180415-7-147ntu1.jpg
Command :: file -b --mime '/tmp/ba3988db0a3167093b1f74e8ae4a8e8320180415-7-147ntu1.jpg'
[paperclip] Content Type Spoof: Filename homepage.jpg (application/octet-stream from Headers, ["image/jpeg"] from Extension), content type discovered from file command: application/octet-stream. See documentation to allow this combination.
[1m[35m (1.5ms)[0m [1m[35mBEGIN[0m
[paperclip] Trying to link /tmp/ba3988db0a3167093b1f74e8ae4a8e8320180415-7-jpgu5m.jpg to /tmp/ba3988db0a3167093b1f74e8ae4a8e8320180415-7-ndp9hd.jpg
Command :: file -b --mime '/tmp/ba3988db0a3167093b1f74e8ae4a8e8320180415-7-ndp9hd.jpg'
[paperclip] Content Type Spoof: Filename homepage.jpg (application/octet-stream from Headers, ["image/jpeg"] from Extension), content type discovered from file command: application/octet-stream. See documentation to allow this combination.
I didn't get my mistake. Can anyone help me with that upload?
I think the content_type is missing, but I don't know where.
Have you tried using Paperclip's io_adapter to decode the base64 into the attachment object? Something along the lines of:
def create
file = Paperclip.io_adapters.for(params[:photo][:image])
file.original_filename = params[:photo][:filename]
#photo = Photo.new(file: file, user: current_user)
#photo.save
end

Rails 5, paperclip not validating the attachment?

I am getting this response:
Command :: file -b --mime "C:/Users/Ben/AppData/Local/Temp/5523c88dd347d1b7cc617f632b7efdb720171021-12076-b6btes.jpg"
[paperclip] Content Type Spoof: Filename bg.jpg (image/jpeg from Headers, ["image/jpeg"] from Extension), content type discovered from file command: . See documentation to allow this combination.
(0.0ms) BEGIN
Command :: file -b --mime "C:/Users/Ben/AppData/Local/Temp/5523c88dd347d1b7cc617f632b7efdb720171021-12076-1fvpv4a.jpg"
[paperclip] Content Type Spoof: Filename bg.jpg (image/jpeg from Headers, ["image/jpeg"] from Extension), content type discovered from file command: . See documentation to allow this combination.
(0.6ms) ROLLBACK
On Windows
And I have this in my model:
has_attached_file :image
# Validate content type
validates_attachment_content_type :image, content_type: /\Aimage\/.*\Z/
# Explicitly do not validate
do_not_validate_attachment_file_type :image
And the request just fails, I dont understand why is it happening?
Try:
config/initializers/paperclip.rb:
Paperclip.options[:command_path] = '/usr/bin/' # Path to ImageMagick

Paperclip failed to upload msg file type

I need to attach the msg file to rails, i have add the mime type for the msg filetype
validates_attachment :file, content_type: { content_type: ["image/jpg", "image/jpeg", "image/png", "image/gif", "application/pdf","application/vnd.ms-excel",
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
"application/msword",
"application/vnd.ms-outlook",
"application/octet-stream",
"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
"text/plain"] }
but when upload with the sample msg file it went error
Command :: file -b --mime '/tmp/5e8ff9bf55ba3508199d22e984129be620170527-6239-gqgnhz.msg'
Command :: file -b --mime '/tmp/5e8ff9bf55ba3508199d22e984129be620170527-6239-g903st.msg'
(0.2ms) ROLLBACK
Completed 500 Internal Server Error in 26ms (ActiveRecord: 1.7ms)
any suggestion? i am using paperclip 5.1.0
what is the rails validation error?
if object.save
...
else
logger.debug object.errors.inspect
end
Read the save error that cause rollback, from there you'll know the reason it were rejected.

Paperclip: The following errors were found: Image has contents that are not what they are reported to be

I am using paperclip with a rails app and always I get the following error:
I, [2015-06-06T20:10:25.310071 #37358] INFO -- : Command :: file -b --mime '/tmp/58e53d1324eef6265fdb97b08ed9aadf20150606-37358-ouvtzl.png'
I, [2015-06-06T20:10:25.317478 #37358] INFO -- : [paperclip] Content Type Spoof: Filename ruby.png (application/octet-stream from Headers, [#<MIME::Type:0x000000053624c8 #friendly={"en"=>"Portable Network Graphics (PNG)"}, #system=nil, #obsolete=false, #registered=true, #use_instead=nil, #signature=false, #content_type="image/png", #raw_media_type="image", #raw_sub_type="png", #simplified="image/png", #i18n_key="image.png", #media_type="image", #sub_type="png", #docs=[], #encoding="base64", #extensions=["png"], #references=["IANA", "[Glenn_Randers-Pehrson]", "{image/png=http://www.iana.org/assignments/media-types/image/png}"], #xrefs={"person"=>["Glenn_Randers-Pehrson"], "template"=>["image/png"]}>] from Extension), content type discovered from file command: image/png. See documentation to allow this combination.
I, [2015-06-06T20:10:25.349416 #37358] INFO -- : Command :: file -b --mime '/tmp/58e53d1324eef6265fdb97b08ed9aadf20150606-37358-1n574dp.png'
I, [2015-06-06T20:10:25.356667 #37358] INFO -- : [paperclip] Content Type Spoof: Filename ruby.png (application/octet-stream from Headers, [#<MIME::Type:0x000000053624c8 #friendly={"en"=>"Portable Network Graphics (PNG)"}, #system=nil, #obsolete=false, #registered=true, #use_instead=nil, #signature=false, #content_type="image/png", #raw_media_type="image", #raw_sub_type="png", #simplified="image/png", #i18n_key="image.png", #media_type="image", #sub_type="png", #docs=[], #encoding="base64", #extensions=["png"], #references=["IANA", "[Glenn_Randers-Pehrson]", "{image/png=http://www.iana.org/assignments/media-types/image/png}"], #xrefs={"person"=>["Glenn_Randers-Pehrson"], "template"=>["image/png"]}>] from Extension), content type discovered from file command: image/png. See documentation to allow this combination.
Mongoid::Errors::Validations (
Problem:
Validation of Mock failed.
Summary:
The following errors were found: Image has contents that are not what they are reported to be
Resolution:
Try persisting the document with valid data or remove the validations.):
app/api/mockaccino/api.rb:23:in `block (2 levels) in <class:API>'
Curl command for test:
curl -X POST -i -F image=#/home/user/workspace/ruby.png -F name=mock http://localhost:3000/api/mock
I am traying send an image and a parameter called "name" to the server and creating a model with this attribute and image.
Model:
class Mock
include Mongoid::Document
include Mongoid::Paperclip
field :name, type: String
has_mongoid_attached_file :image
validates_attachment_presence :image
validates_attachment_size :image, :less_than => 1.megabytes
validates_attachment_file_name :image, :matches => [/png\Z/, /jpe?g\Z/]
end
Controller (Grape):
desc "Create an mock."
params do
requires :name, type: String, desc: "Mock name"
requires :image, :type => Rack::Multipart::UploadedFile, :desc => "Image file."
end
post do
mock = Mock.create!(
name: params[:name],
image: ActionDispatch::Http::UploadedFile.new(params[:image])
)
end
curl -i -X POST -H "Content-Type:multipart/form-data" -F image=#\"./ruby.png\";type=image/png;filename=\"ruby.png\"" http://localhost:3000/api/mock
I have one user who is seeing it with various browsers.. I can't duplicate it on my local development server or on production. It works for me, doesn't work for them. Haven't been able to isolate anything that is different (tried PC vs Mac, various browsers, etc.)
Pushing paperclip back from 4.3 to 4.2.1 makes the issue go away. This switches activemodel and activesupport from 3.2 back to 3.0 and it eliminates the dependency on mimemagic. My guess is that it's something subtle and complex in mimemagic.

Paperclip: Content Type Spoof trying to upload .gpx files

Apologies if this has been answered and I failed to find it. Any direction would be greatly appreciated.
Using Rails 4.1.4, Paperclip 4.2.0 and Simple Form 3.0.2.
After Submit, I get has an extension that does not match its contents output in the form error message.
In the server window:
Started POST "/routes" for 127.0.0.1 at 2014-08-28 15:18:25 +0700
Processing by RoutesController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"5BCHGBkwQH4mlnTVjy/PpD53mJKJpSmBXwXT/oul7yY=", "route"=>{"track_attributes"=>{"gpx"=>#<ActionDispatch::Http::UploadedFile:0x007fa89c9cd348 #tempfile=#<Tempfile:/var/folders/_g/6shs5yrj36n960wpt880ysl80000gn/T/RackMultipart20140828-42106-vi71nb>, #original_filename="Serge's tracks.gpx", #content_type="application/octet-stream", #headers="Content-Disposition: form-data; name=\"route[track_attributes][gpx]\"; filename=\"Serge's tracks.gpx\"\r\nContent-Type: application/octet-stream\r\n">}, "title"=>"Serge track", "description"=>"loop of hang dong", "distance"=>"", "total_ascent"=>""}, "commit"=>"Create Route"}
Command :: file -b --mime '/var/folders/_g/6shs5yrj36n960wpt880ysl80000gn/T/f55fe48e09c9cc3ee6c6271fe94f407520140828-42106-1hgpby7.gpx'
[paperclip] Content Type Spoof: Filename Serge's_tracks.gpx ([]), content type discovered from file command: application/xml. See documentation to allow this combination.
(0.3ms) BEGIN
Command :: file -b --mime '/var/folders/_g/6shs5yrj36n960wpt880ysl80000gn/T/f55fe48e09c9cc3ee6c6271fe94f407520140828-42106-62bkvh.gpx'
[paperclip] Content Type Spoof: Filename Serge's_tracks.gpx ([]), content type discovered from file command: application/xml. See documentation to allow this combination.
(0.8ms) ROLLBACK
I haven't been able to find said documentation in the Paperclip docs.
Running file Serge\'s\ tracks.gpx --mime-type -b produces application/xml
My MVC looks like this:
class Track < ActiveRecord::Base
belongs_to :route
has_attached_file :gpx
validates_attachment_content_type :gpx, :content_type => /application\/xml/
end
class Route < ActiveRecord::Base
has_one :track, dependent: :destroy
accepts_nested_attributes_for :track
validates :title, presence: true
end
Inside RoutesController
def new
#route = Route.new
#route.track = Track.new
end
def create
#route = Route.new(route_params)
end
def route_params
params.require(:route).permit(:title, :description, :distance, :total_ascent, track_attributes: [:gpx])
end
The simple_form:
= simple_form_for #route do |r|
= r.simple_fields_for :track do |t|
= t.input :gpx
= r.input :title
= r.input :description
= r.input :distance
= r.input :total_ascent
= r.button :submit
As mentioned in this post: Paperclip gem spoofing error? and this article http://robots.thoughtbot.com/prevent-spoofing-with-paperclip, the problem was solved by apparently bypassing the command file -b --mime-type that is called by Paperclip.
To do this I created a paperclip.rb file in config/initializers.
Paperclip.options[:content_type_mappings] = {
:gpx => 'application/xml'
}
While the problem is solved, I am still confused as to why the problem existed when the file command was returning a correct result, and also curious where the #content_type="application/octet-stream" in the params is coming from.

Resources