I've been using Ckeditor in my Rails app for a while now, but recently I needed to add the capability to upload html5 videos as well. I added a plugin to CKEditor to utilize the html5 'video' tag, but the generic 'browse server' functionality in CKEditor won't let me upload an mp4 (it just shows the filename as a # sign.)
my solution was to add the Roxy fileman to handle the uploads, and it work great, except there's no security at all in it by default (if the fileman is in a public folder, which is the only way i can see to do it in Rails.)
The only thing Roxy offers is a checkAccess script that gets run before each PHP script gets run, but there's no way for that script to know if the user is logged in or not.
I was thinking I could use x-sendfile to have rails check the permissions, but that seems like using a sledgehammer to hang a picture frame (and it might not even be the right way to do things here.) To me, there should be a simple answer.
Any ideas?
Related
I am writing a Program in Rub On Rails 4.x and I have to take PDF files with defined fields that can be filled out, fill in data from a form submission(This part is DONE!), and lastly allow the user to modify the saved PDF file on the server and overwrite said PDF after making their modifications.
Like I said I have already gotten the PDF files filled out with what has been submitted in the form through pdftk . What I now need to do is provide a server side editing capability to the said PDF files on server generated from the first step of the process.
I have seen similar posts but none wanting to do the same thing I do. If I am wrong links would be great. Thanks in advance for all your help!
After lots of digging and research here is what I have found to be the facts surrounding this issue and implementing a program to allow embedding the PDF file, editing it, and saving it back to the server. This process would be great however from what I can tell there is nothing out there that really does this for Ruby On Rails. To quote #Nick Veys
Seems like you need to find a Javascript PDF editor you can load your PDF into, allow the user to modify it, and ultimately submit it back to the server. Seems like they exist, here's one for ASP projects
You are correct but still wrong in the sense that yes there is one for ASP projects however that is Microsoft Based, yes I know that it can run on Linux environments through Mono. However to the point it would appear in this instance that a Ruby On Rails specific solution is indeed needed.
The solution that we have come up with is as follows
1. Use a PDF editing package in the linux repositories like PDFtk
2. You then render a page with the PDF embeded on one side and a form representing the live fields in the PDF to take input.
3. Once submitted you use PDFtk to write the values into a new template PDF file and overwrite what was previously stored.
This requires a few additional steps to process the data than I really care for myself. However it is the best solution that our team could come up with, without bleeding the project budget dry for just 1 piece of functionality.
I hope this helps anyone else looking to do the same thing in Ruby On Rails.
I have done something like this using my company's .NET product. It can also be done using its Java version too.
http://www.gnostice.com/nl_article.asp?id=255&t=Save_Form_Submit_Data_Back_To_Original_PDF_Document_In_NET
In my application, i have uploaded PPT,PPTX files using paperclip gem. I have url like this
" Presentation.last.avatar.url" = "/system/presentations/avatars/000/000/006/original/example.ppt?1411994371"
Now i want to display those PPT, and PPtx files in my localhost web browser. please give me suggestions.. thanks
Assuming you mean that you want them to be embedded in the browser, I've solved this by uploading the them to Scribd in the background and then displaying the embedded widget. This is a great solution because turning a PPT file into clean HTML is hard (so let someone else work it out), and you do not have to pay for hosting or bandwidth for those files.
It's a lot nicer to do it this way than to force the user to have an Office plugin installed for their browser, which depending on their platform they may not have.
The Scribd_fu gem will work with Paperclip, or you could use the official RScribd gem and roll your own.
I want prevent users from uploading shell (exploit) on my host. I remember fckeditor, had few bugs that allowed a hacker uploads files on server. Is there a similar issue with ckeditor?
How trust to users files and make sure they aren’t fake files, for example: a hacker can edit inside a pdf files -> file have pdf extension and type but has malicious code.
Is using htmlencode,htmldecode enough for XSS attack?
CKEditor doesn't include any file upload, you have to add that part.
Again, CKEditor doesn't have that part. They sell CKFinder to fill that role and it has some checks to verify that the uploaded file is safe, but you must be very careful about which users do you allow to upload files to your server.
No. If you're using a WYSIWYG editor you are not going to htmlencode the provided data, and other basic tricks aren't also enough. You need a full check like HTMLPurifier
We have an FTP site for clients, and they just go to it with a web browser and see the files. I'd like to display the files in a more visually pleasing manner, is there a way I can show what files are on the server in the view, perhaps iterate over them and style them?
I found this answer here, but really didn't answer my question:
Ruby-Rails serve ftp file direct to client
(using rails 3 if it makes a difference)
You can use library links below:
http://www.ruby-doc.org/stdlib-1.9.3/libdoc/net/ftp/rdoc/index.html
http://oreilly.com/catalog/ruby/chapter/ch04.html
and you can use EventMachine https://github.com/schleyfox/em-ftp-client.
Cheers!
Background:
I need to perform file uploading. I am currently using Uploadify to push files directly to s3 (but would be happy to use plupload). The files that i am working with are large, and i need to show a progress bar. Everything works fine
Issue / Question: How do I set up a test (cucumber) for this?
Uploadify and Plupload both rely on flash (or silverliht) runtime to interact directly with s3. I am unaware of a way for cucumber or webrat to be able to interact with the flash (or silverlight) to click the "browse" button and select a file.
Has anyone found a solution that they are happy with?
Thanks!
Plupload is still based on an HTML form, which you can see if you turn off javascript and load your uploader page.
Then it's simply a matter of using webrat's 'click_button' in cucumber steps using a file fixture as the input to the file field.
Being brutal about it, this is possibly an example of a trusted externality. Ask yourself "do I trust Uploadify"? In the case that you answer yes, you omit actual upload tests for it and just assert that the form field elements you expect to see are present on the page, and then assuming a mocked response of success/fail that your application does the right thing.