Ok so I have a RoR project that seems to be...unconventional lol
I''m attempting to validate the name of the file and using
Kernal.System to input the file in the system as a parameter.
I''ve tried validates_presence_of, but that doesn''t appear to
work
unless in a model which I don''t have. I''m trying to use
error_messages_for, but I don''t understand how to use it or what to
put in the controller.
As for the Kernal. System, how do you use it so that when the user
hits "OK", RoR inputs the file in the correct command, runs it, and
points the user to the generated html file?
Here''s the complete code:
trying_controller.rb
-----------------------------------------------
class TryingController < ApplicationController
def index
end
def to
@logfile = params[:logfile]
end
end
index.html.erb
---------------------------------------------
<% form_tag :action => ''to'' do %>
<%= error_messages_for ''logfile'' %>
<%= label_tag ''logfile_label'',
''Logfile:'' %>
<%= file_field_tag :logfile %>
<%= submit_tag "OK" %>
<% end %>
to.html.erb
--------------------------------------------
Logfile: <%= @logfile %>
Thanks for any help,
anon_comp
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On 27 May 2010 15:43, anon_comp <neocoolstar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Ok so I have a RoR project that seems to be...unconventional lol > > I''m attempting to validate the name of the file and using > Kernal.System to input the file in the system as a parameter. > > I''ve tried validates_presence_of, but that doesn''t appear to work > unless in a model which I don''t have. I''m trying to use > error_messages_for, but I don''t understand how to use it or what to > put in the controller. > > As for the Kernal. System, how do you use it so that when the user > hits "OK", RoR inputs the file in the correct command, runs it, and > points the user to the generated html file? > > Here''s the complete code: > > trying_controller.rb > ----------------------------------------------- > class TryingController < ApplicationController > def index > end > > def to > @logfile = params[:logfile] > end > > end > > > > index.html.erb > --------------------------------------------- > <% form_tag :action => ''to'' do %> > <%= error_messages_for ''logfile'' %> > <%= label_tag ''logfile_label'', ''Logfile:'' %> > <%= file_field_tag :logfile %> > <%= submit_tag "OK" %> > <% end %> > > > > to.html.erb > -------------------------------------------- > Logfile: <%= @logfile %>Have I got this right, you are attempting to allow a user in a browser to enter the name of a system command which will then be run on the server? If so I hope you realise that is incredibly dangerous. I am intrigued to know why you wish to allow this. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
In essence yes, but the user input is just an added command that won''t do anything if they don''t have a log file, or the rather, the correct log format. I''m mostly using this for personal use and am totally aware that it''s incredibly dangerous. I just can''t think of another way to do this. On May 27, 12:06 pm, Colin Law <clan...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote:> On 27 May 2010 15:43, anon_comp <neocools...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > > > Ok so I have a RoR project that seems to be...unconventional lol > > > I''m attempting to validate the name of the file and using > > Kernal.System to input the file in the system as a parameter. > > > I''ve tried validates_presence_of, but that doesn''t appear to work > > unless in a model which I don''t have. I''m trying to use > > error_messages_for, but I don''t understand how to use it or what to > > put in the controller. > > > As for the Kernal. System, how do you use it so that when the user > > hits "OK", RoR inputs the file in the correct command, runs it, and > > points the user to the generated html file? > > > Here''s the complete code: > > > trying_controller.rb > > ----------------------------------------------- > > class TryingController < ApplicationController > > def index > > end > > > def to > > @logfile = params[:logfile] > > end > > > end > > > index.html.erb > > --------------------------------------------- > > <% form_tag :action => ''to'' do %> > > <%= error_messages_for ''logfile'' %> > > <%= label_tag ''logfile_label'', ''Logfile:'' %> > > <%= file_field_tag :logfile %> > > <%= submit_tag "OK" %> > > <% end %> > > > to.html.erb > > -------------------------------------------- > > Logfile: <%= @logfile %> > > Have I got this right, you are attempting to allow a user in a browser > to enter the name of a system command which will then be run on the > server? If so I hope you realise that is incredibly dangerous. I am > intrigued to know why you wish to allow this. > > Colin- Hide quoted text - > > - Show quoted text --- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 27 May 2010 18:07, anon_comp <neocoolstar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> In essence yes, but the user input is just an added command that won''t > do anything if they don''t have a log file, or the rather, the correct > log format. I''m mostly using this for personal use and am totally > aware that it''s incredibly dangerous. I just can''t think of another > way to do this.Could you not top post please, it makes it easier to follow the thread if you insert your replies inline. So what exactly is the problem then? First look in the log file (log/development.log) and see if the parameter is being passed correctly when they submit. If this is ok what do you want to do with his input? Colin> > On May 27, 12:06 pm, Colin Law <clan...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote: >> On 27 May 2010 15:43, anon_comp <neocools...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> >> >> >> >> >> > Ok so I have a RoR project that seems to be...unconventional lol >> >> > I''m attempting to validate the name of the file and using >> > Kernal.System to input the file in the system as a parameter. >> >> > I''ve tried validates_presence_of, but that doesn''t appear to work >> > unless in a model which I don''t have. I''m trying to use >> > error_messages_for, but I don''t understand how to use it or what to >> > put in the controller. >> >> > As for the Kernal. System, how do you use it so that when the user >> > hits "OK", RoR inputs the file in the correct command, runs it, and >> > points the user to the generated html file? >> >> > Here''s the complete code: >> >> > trying_controller.rb >> > ----------------------------------------------- >> > class TryingController < ApplicationController >> > def index >> > end >> >> > def to >> > @logfile = params[:logfile] >> > end >> >> > end >> >> > index.html.erb >> > --------------------------------------------- >> > <% form_tag :action => ''to'' do %> >> > <%= error_messages_for ''logfile'' %> >> > <%= label_tag ''logfile_label'', ''Logfile:'' %> >> > <%= file_field_tag :logfile %> >> > <%= submit_tag "OK" %> >> > <% end %> >> >> > to.html.erb >> > -------------------------------------------- >> > Logfile: <%= @logfile %> >> >> Have I got this right, you are attempting to allow a user in a browser >> to enter the name of a system command which will then be run on the >> server? If so I hope you realise that is incredibly dangerous. I am >> intrigued to know why you wish to allow this. >> >> Colin- Hide quoted text - >> >> - Show quoted text - > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On May 27, 1:19 pm, Colin Law <clan...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote:> Could you not top post please, it makes it easier to follow the thread > if you insert your replies inline.Sorry about that> So what exactly is the problem then? First look in the log file > (log/development.log) and see if the parameter is being passed > correctly when they submit. If this is ok what do you want to do with > his input?The parameters are being passed correctly. What I want to do is pass the parameters to the command (added on to another command already in it) despite the security issues already pointed out.> > > On May 27, 12:06 pm, Colin Law <clan...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote: > >> On 27 May 2010 15:43, anon_comp <neocools...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > >> > Ok so I have a RoR project that seems to be...unconventional lol > > >> > I''m attempting to validate the name of the file and using > >> > Kernal.System to input the file in the system as a parameter. > > >> > I''ve tried validates_presence_of, but that doesn''t appear to work > >> > unless in a model which I don''t have. I''m trying to use > >> > error_messages_for, but I don''t understand how to use it or what to > >> > put in the controller. > > >> > As for the Kernal. System, how do you use it so that when the user > >> > hits "OK", RoR inputs the file in the correct command, runs it, and > >> > points the user to the generated html file? > > >> > Here''s the complete code: > > >> > trying_controller.rb > >> > ----------------------------------------------- > >> > class TryingController < ApplicationController > >> > def index > >> > end > > >> > def to > >> > @logfile = params[:logfile] > >> > end > > >> > end > > >> > index.html.erb > >> > --------------------------------------------- > >> > <% form_tag :action => ''to'' do %> > >> > <%= error_messages_for ''logfile'' %> > >> > <%= label_tag ''logfile_label'', ''Logfile:'' %> > >> > <%= file_field_tag :logfile %> > >> > <%= submit_tag "OK" %> > >> > <% end %> > > >> > to.html.erb > >> > -------------------------------------------- > >> > Logfile: <%= @logfile %> > > >> Have I got this right, you are attempting to allow a user in a browser > >> to enter the name of a system command which will then be run on the > >> server? If so I hope you realise that is incredibly dangerous. I am > >> intrigued to know why you wish to allow this. > > >> Colin- Hide quoted text - > > >> - Show quoted text - > > > -- > > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en.- Hide quoted text - > > - Show quoted text --- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On May 27, 1:27 pm, anon_comp <neocools...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > So what exactly is the problem then? First look in the log file > > (log/development.log) and see if the parameter is being passed > > correctly when they submit. If this is ok what do you want to do with > > his input? > > The parameters are being passed correctly. What I want to do is pass > the parameters to the command (added on to another command already in > it) despite the security issues already pointed out.That being said, I figured the issue out easly -headdesk- (for people who may or may not need it in the future and for documenting purposes...) trying_controller.rb ------------------------------------------------------------ class TryingController < ApplicationController def index end def to @logfile = params[:logfile] system(''your_execute_file.exe'', @logfile) end end Now I need to figure out how to validate the file so that it can''t be empty and it can''t be any other format excpet with a .log as the extension.> > > > > On May 27, 12:06 pm, Colin Law <clan...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote: > > >> On 27 May 2010 15:43, anon_comp <neocools...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > >> > Ok so I have a RoR project that seems to be...unconventional lol > > > >> > I''m attempting to validate the name of the file and using > > >> > Kernal.System to input the file in the system as a parameter. > > > >> > I''ve tried validates_presence_of, but that doesn''t appear to work > > >> > unless in a model which I don''t have. I''m trying to use > > >> > error_messages_for, but I don''t understand how to use it or what to > > >> > put in the controller. > > > >> > As for the Kernal. System, how do you use it so that when the user > > >> > hits "OK", RoR inputs the file in the correct command, runs it, and > > >> > points the user to the generated html file? > > > >> > Here''s the complete code: > > > >> > trying_controller.rb > > >> > ----------------------------------------------- > > >> > class TryingController < ApplicationController > > >> > def index > > >> > end > > > >> > def to > > >> > @logfile = params[:logfile] > > >> > end > > > >> > end > > > >> > index.html.erb > > >> > --------------------------------------------- > > >> > <% form_tag :action => ''to'' do %> > > >> > <%= error_messages_for ''logfile'' %> > > >> > <%= label_tag ''logfile_label'', ''Logfile:'' %> > > >> > <%= file_field_tag :logfile %> > > >> > <%= submit_tag "OK" %> > > >> > <% end %> > > > >> > to.html.erb > > >> > -------------------------------------------- > > >> > Logfile: <%= @logfile %> > > > >> Have I got this right, you are attempting to allow a user in a browser > > >> to enter the name of a system command which will then be run on the > > >> server? If so I hope you realise that is incredibly dangerous. I am > > >> intrigued to know why you wish to allow this. > > > >> Colin- Hide quoted text - > > > >> - Show quoted text - > > > > -- > > > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > > > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh4Ykp1iOSErHA@public.gmane.orgm. > > > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en.-Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text --- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 27 May 2010 18:32, anon_comp <neocoolstar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > On May 27, 1:27 pm, anon_comp <neocools...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> > So what exactly is the problem then? First look in the log file >> > (log/development.log) and see if the parameter is being passed >> > correctly when they submit. If this is ok what do you want to do with >> > his input? >> >> The parameters are being passed correctly. What I want to do is pass >> the parameters to the command (added on to another command already in >> it) despite the security issues already pointed out. > > That being said, I figured the issue out easly -headdesk- > > (for people who may or may not need it in the future and for > documenting purposes...) > trying_controller.rb > ------------------------------------------------------------ > class TryingController < ApplicationController > def index > end > > def to > @logfile = params[:logfile] > system(''your_execute_file.exe'', @logfile) > end > end > > Now I need to figure out how to validate the file so that it can''t be > empty and it can''t be any other format excpet with a .log as the > extension.Just do the checks on @logfile after you pick it up from params. I would suggest checking for nil first then a regular expression test to check the format. Google for ruby regular expression will give you loads of clues. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On May 27, 3:53 pm, Colin Law <clan...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote:> On 27 May 2010 18:32, anon_comp <neocools...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > > > > > On May 27, 1:27 pm, anon_comp <neocools...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > >> > So what exactly is the problem then? First look in the log file > >> > (log/development.log) and see if the parameter is being passed > >> > correctly when they submit. If this is ok what do you want to do with > >> > his input? > > >> The parameters are being passed correctly. What I want to do is pass > >> the parameters to the command (added on to another command already in > >> it) despite the security issues already pointed out. > > > That being said, I figured the issue out easly -headdesk- > > > (for people who may or may not need it in the future and for > > documenting purposes...) > > trying_controller.rb > > ------------------------------------------------------------ > > class TryingController < ApplicationController > > def index > > end > > > def to > > @logfile = params[:logfile] > > system(''your_execute_file.exe'', @logfile) > > end > > end > > > Now I need to figure out how to validate the file so that it can''t be > > empty and it can''t be any other format excpet with a .log as the > > extension. > > Just do the checks on @logfile after you pick it up from params. I > would suggest checking for nil first then a regular expression test to > check the format. Google for ruby regular expression will give you > loads of clues. > > Colin- Hide quoted text - > > - Show quoted text -Good idea! I''m making a lot of headway. Thanks, anon_comp -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.