Hi, i''m using the Attachment_Fu plugin to handle file uploading and have set the max filesize in my image model, that works fine. Problem is, I don''t want the user to find out the image they''re uplaoding is too big after uploading it. Is there any way, clientside, to check the size before uploading? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
you could use swfupload to do this: http://swfupload.org/ this comes with a few more advantages, eg uploading several files at once -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 26 Feb 2008, at 11:03, Thorsten Mueller wrote:> you could use swfupload to do this: > http://swfupload.org/ > > this comes with a few more advantages, eg uploading several files atIndeed, a fantastic component. You can also filter out certain filetypes etc. It does use Flash and you need to be aware that it uses JavaScript callbacks similar to the Prototype onComplete events you need to use to show the files after the upload is done. Also, keep in mind that Rails 2''s forgery protection and more restrictive session management can give you some problems. It has come up on the mailing list, just search the archives. It would be nice if someone would write a blog post on SWFUpload in Rails 2. I''m using it in a Rails 1.2 app with great success, but using it in Rails 2 is a big question mark for me. Would be nice to get some comforting guidelines on a working solution. Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> > It would be nice if someone would write a blog post on SWFUpload in > Rails 2. I''m using it in a Rails 1.2 app with great success, but > using it in Rails 2 is a big question mark for me. Would be nice to > get some comforting guidelines on a working solution. >yes, you''re right that it fails to work with the session. my solution so far: - before starting the upload send an ajax request to the server (with session handling) - generate some entry in the database with an unique id (and maybe some other security information) and a datetime, so it''s valid only a few seconds - the ajax response triggers the fileupload for the requested files - file uploads are only accepted, as long as they match the db entry i think that''s reasonably secure and was easy to implement. i had thought to use some of the solutions that where mentioned in the other discussions here, but they all seem to fail with one browser or another. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Nice, thanks, but this sounds like replacing one problem with another. I''ll add some text by the box to say [max 5mb] which should stop most, and an onsubmit() function when submitting the file that I can rig to a js function to check the filesize. I''m sure I did this with javascript before but no idea how -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
hmm.. no luck there, looks like it can''t be done via javascript, only once the file has got to the server can you check the filesize. so with the Attachment_Fu plugin, is there a method / object that returns what happened with a failed upload so i can do... if attachment.size > 5.megabytes flash[:notice] = ''sorry, you tried to upload a file larger than 5mb!'' ? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 26 Feb 2008, at 12:04, Thorsten Mueller wrote:> yes, you''re right that it fails to work with the session. > my solution so far: > > - before starting the upload send an ajax request to the server (with > session handling) > - generate some entry in the database with an unique id (and maybe > some > other security information) and a datetime, so it''s valid only a few > seconds > - the ajax response triggers the fileupload for the requested files > - file uploads are only accepted, as long as they match the db entry > > i think that''s reasonably secure and was easy to implement. i had > thought to use some of the solutions that where mentioned in the other > discussions here, but they all seem to fail with one browser or > another.So if I understand you correctly, you turn off the session for the upload method and replace it with your own temporary validation hash? Great solution btw, it''s so obvious and simple I would never have thought of it myself :-), I still would have tried to work around it the way you could do it in the previous Rails version (by allowing session ids to be passed in via a parameter request). Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I know Peter, it isn''t perfect but will do for the moment. I''ll research some more with the plugin you suggested and Attachment_Fu to find a more graceful way of handling this. Will let you know if I find the solution. Appreciate your help. John. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> So if I understand you correctly, you turn off the session for the > upload method and replace it with your own temporary validation hash? > Great solution btw, it''s so obvious and simple I would never have > thought of it myself :-), I still would have tried to work around it > the way you could do it in the previous Rails version (by allowing > session ids to be passed in via a parameter request). >in that special case for each file i need an db entry anyway to link it in the document structure, having fields like name: descriptive name given by user description: long description of content document_version: docs can be replaced project_id: project, doc belongs_to user_id etc so the ajax call (with session) creates an empty record, filling out only necessary parts as user_id and project_id plus: temporary reuse of name to store some randomly generated code which is handed back with the ajax response (plus the document_id) maybe this code is not really necessary, but it looks very secure ;-) then starts uploading file/s with those parameters the action checks that a record with given id exists, that it''s created_at isn''t too old and the code is matched in any other case rejects the upload i think that''s rather secure and somebody would have to intercept the connection to get the id and code fast enough to do something bad maybe it could be enhanced with some tricky encryption, but we''re quite confident, that it''s secure enough for our kind of apps -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---