Rails - Mar 2007 - Serious problem with File Column plugin. Help!

Development environment: WinXP, ruby 1.8.5, rails 1.2.3

Hey guys,

I''m implementing a file upload feature to my application.

new.rhtml:

<% form_tag( { :action => ''create'' }, :multipart =>
true ) do |f| %>
  <%= render :partial => ''form'', :object => f %>
  <%= submit_tag "Create" %>
<% end %>

in _form partial:

<p><label for="profile_image">Profile
image</label><br/>
<%= file_column_field ''foobaar'', "profile_image"
%></p>

in my Foobar model:

file_column :profile_image, :magick => {
                                 :versions => { "tiny" =>
"50x50",
"thumb" =>    "200x150", "medium" =>
"640x480>" }
                                 }
  validates_file_format_of :profile_image, :in => ["gif",
"png", "jpg"]
  validates_filesize_of :profile_image, :in =>
15.kilobytes..200.kilobytes
  validates_image_size :profile_image, :min => "200x150"

in my controller:

  def create
    @foobar = Foobar.new(params[:foobar])
    @foobar.user_id = current_user.id
    if @foobar.save
      flash[:notice] = ''Profile was successfully created.''
      redirect_to :action => ''list''
    else
      render :action => ''new''
    end
  end


Ok so here is the problem. Everything seems to be going well until I
discovered that File Column is uploading the image to a "tmp" folder
before verifying the
content. Is this correct?

I wanted to test any vulnerabilities this may have on the app and
decided to upload a 400Mb zip file. This pretty much killed my app and
cpu and memory usage just maxed out and stayed there. I had to stop and
shut down the browser to get functionality back.

Is this a known issue with File Column or am I doing something wrong
here? Thanks in advance for any input you may be able to give me.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---