Is there anyway to restrict the attachments of types - .bat/.exe/.bmp, etc to be restricted while user trying to upload them in JIRA.
I tried using the Servlet-Filter plugin module in JIRA. But I am not able to get the URL at the time of uploading the attachment. Also I am trying to listen to the Attachment event for an issue.
Is there any other alternative of restricting these file types.
Any help will be much appreciated.
Thanks!
Well there was an Attachment Filter available but I am not sure if it is still relevant - it actually seems that it is no longer relevant also if I recall correctly it was for
Confluence. So you're left with writing a custom plugin for this.
You could implement com.atlassian.jira.issue.AttachmentManager, the default implementation is com.atlassian.jira.issue.managers.DefaultAttachmentManager and wrap it so that you check what's going on with the upload - filetype etc. But be sure to check the mime-type - not only the file name and/or extension. Check this out.
Related
In my application, users can change the background image of a banner. They upload the file using Simple Form and Active Storage. It's working correctly but we had a user trying to upload a file name banner-website.png (2).png. The file is uploaded and saved but doesn't appear as a background image. I guess this happens because of special characters in the filename.
What is recommended to avoid such situations? Do we need to sanitize file names?
Several things to check:
Check the console and tried to view the CSS and see if the full link
is being populated? Try checking the CSS code and copy the link to
an address bar to see if the image loads from that direction.
Check the users png file to make sure its not corrupt. PNG headers that are corrupt can cause issues displaying in a website.
Check to see if your sanitizing plugin is causing an issue with that file. I have never used that one so regarding that I cannot say.
I tried uploading a file with a same name into my Rails 6 testbench (vanilla with active storage and stimulus js) and it works fine. It could be a conflicting CSS code too.
Just my 2 cents.
I've found the solution here: Rails Active Storage - Background Image invalid property?
Adding a single quote around the URL solved it.
Consider the following example:
I have a form that includes a multiple files input;
The input file uses ActiveStorage and DirectUpload to upload files automatically as soon as they are included;
After adding some files they are uploaded automatically;
I never click the submit button so those files are never used nor accessible anywhere;
Does Rails support some built-in mechanism for removing these files or is something we have to implement ourselves?
Seems rather trivial to perform a DoS by continuously uploading files until something breaks.
Update 1
Forgot to mention that the example I'm following uses a 3rd party library (Dropzone in this case) and follow the example from the official documentation.
According to the documentation after a file upload we inject a hidden input field with the id of the uploaded blob.
I think the answer of Chiperific is good, since DirectUpload is executed in the submit there is little time for the requests to fail.
I mention requests because as far as i understand it, the process is like this:
The user selects a file from his computer and fills the rest form.
DirectUpload uploads the file to the storage.
The backend receives the body and updates the attachment and either creates or updates a model.
So, what happens if the file upload is successful but model validation is not? you would end up with a file in the storage without his corresponding model or with dirty one.
More information here: https://github.com/rails/rails/issues/31985
The answer then is no, rails does not have a mechanism of removing this files automatically. I guess you could check if the model creation/update was successful and remove the file manually if not.
I think your premise is incorrect.
The input file uses ActiveStorage and DirectUpload to upload files automatically as soon as they are included;
According to the docs:
Active Storage, with its included JavaScript library, supports uploading directly from the client to the cloud.
and
That's it! Uploads begin upon form submission.
So the point of Direct Storage seems to be to bypass some Rails ActiveStorage things and go straight to the service. BUT, it still doesn't happen until the form is submitted.
The example on the non-edge docs shows the user clicking "Submit" before the files are actually uploaded.
I prefer iOS code but the solutions in other languages may refer to this question too.
I use LiveSDK to access to OneDrive. Here is a link to the example which uses upload action (onClickUploadButton:)
But I can't understand how to specify the custom upload path - only default "me/skydrive" works. How do you solve the problem when you need to upload a concrete file to a concrete path which may not exist? Should I create all the folders separately and/or get their IDs to place a file exactly into them?
In my app I want users to be able to associate a file(s) they have on their desktop/DropBox with a specific item, but I don't want/need them to be able to actually attach the file...I just want to get the file name and location and save that in my database. Then when I display the item I'll hyperlink to the location captured. Can someone point me to an example(s) of how to accomplish this? I looked at the JQuery File Upload (http://blueimp.github.com/jQuery-File-Upload/) but as I mentioned don't actually need to upload the file...so this should be something super easy.
Thanks for your time and assistance.
You can try and get value of file input, but you'll fail.
See this jsfiddle.
All I'm getting is the fake path
C:\fakepath\134.png
And there's certainly no C:\ drive on Mac OSX. :)
I guess, this is because of security restrictions. You shouldn't know (or care) about user's filesystem in a web app.
I have a Rails application setup to receive file attachments using Paperclip.
Now I need to allow a .net/C# cell phone application to post files along with the XML in the same way (or some other way if necessary: they could encode the image as base64 and send - they tried that initially - including the binary data in the tag that would normally be a file field in the web application, but it did not work.
I have found nothing in the way of documentation and wondering if anybody has experience or advice.
Surprising that there is apparently no documentation for doing this anywhere to be found. I ended up stumbling across a document on the Basecamp website describing how their file attachment process works for API users and used it as a guideline.
http://developer.37signals.com/basecamp/
with help from this article about posting files:
http://www.codevil.com/index.php/2009/05/23/posting-and-getting-files-in-rubyrails/
I modified my initial setup so that, rather than passing the tag in the XML, they first post a file and receive an file ID in response.
Then they post the XML with that reference and their .
Then I use before_validation and after_save callbacks to set the file with Paperclip, and remove the tmp file after the save.