thr3ads.net - Rails - [Rails] send_file problem [Aug 2006]

If this information is useful, please help other people find it:
Share via:

Adam Thorsen

2006-Aug-08 14:11 UTC

[Rails] send_file problem

I''m attempting to use send_file to send an image file from 
public/images.  The file is world readable.

I keep getting the following error:

A ActionController::MissingFile occurred in account#current_logo: 
Cannot read file public/images/logo.png 
/usr/lib/ruby/gems/1.8/gems/actionpack-1.12.1/lib/action_controller/streaming.rb:55:in
`send_file''


I''ve tried supplying the full path, but it still can''t seem to
find the
file.  Here is the code that calls send_file:


 def current_logo
    unless current_domain and current_domain.logo
      send_file ''/var/www/guruza/public/images/logo.png'',
:type =>
''image/png'', :disposition => ''inline''
    else
      send_data current_domain.logo, :filename => 
current_domain.filename, :type => "image/png", :disposition =>
"inline"
    end
  end


Thanks,
-Adam

-- 
Posted via http://www.ruby-forum.com/.

Alex Wayne

2006-Aug-08 18:03 UTC

head link

[Rails] Re: send_file problem

Adam Thorsen wrote:> I''m attempting to use send_file to send an image file from 
> public/images.  The file is world readable.
> 
> I keep getting the following error:
> 
> A ActionController::MissingFile occurred in account#current_logo: 
> Cannot read file public/images/logo.png 
>
>  def current_logo
>     unless current_domain and current_domain.logo
>       send_file ''/var/www/guruza/public/images/logo.png'',
:type =>
> ''image/png'', :disposition =>
''inline''
>     else
>       send_data current_domain.logo, :filename => 
> current_domain.filename, :type => "image/png", :disposition
=> "inline"
>     end
>   end
> 
> 
> Thanks,
> -Adam
Try "#{RAILS_ROOT}/public/images/logo.png" for your path.

Also try using send data but with manually opening the file and see what 
happens:

  File.open("#{RAILS_ROOT}/public/images/logo.png",
''r'') do |f|
    send_data f.read, :type => ..., :disposition => ...
  end


-- 
Posted via http://www.ruby-forum.com/.

Duzenbury, Rich

2006-Aug-08 23:58 UTC

head link

[Rails] send_file problem

> 
> I''m attempting to use send_file to send an image file from
> public/images.  The file is world readable.
> 
> I''ve tried supplying the full path, but it still can''t
seem to find
the> file.  Here is the code that calls send_file:
I don''t think I would do this on purpose, if the image is really in
public.  If you want to change the image name at run time, I would
instead generate an <img> tag in the view, which the browser will then
download (per the setting of the user).

Otherwise, if you wish to send content that is *not* inside your web
(e.g. in /public or below) then you might do something like:

Config/routes.rb
# Force all requests for /protected/whatever to the render_static
method.
# Static content control
  map.connect ''/protected/*path'', :controller =>
''protected'',
                                  :action =>
''render_static''

def render_static
    # see routes.rb.  A map is made so that the URL is 
    # visible as params[:path]
    requested_file = params[:path].to_s
    
    safe, opf = safe_to_send?(requested_file)
    if safe
      # compute the mime type and send the content here
      # This should be made much more concise (a hash lookup)
      # and extended to cover more mime types
        if requested_file =~ /\.pdf$/ then
          apptype = "application/pdf"
        elsif requested_file =~ /\.ppt$/ then
          apptype = ''application/vnd.ms-powerpoint''
        elsif requested_file =~ /\.swf$/ then
          apptype = ''application/x-shockwave-flash''
        else
          apptype = ''octet/stream''
        end
        send_file opf, :type=> apptype, :disposition=> "inline"
    end
end

protected
  def safe_to_send?(requested_file)
    # Absolute file location.  Beware that funny business with RAILS
ROOT 
    # (e.g. symbolic links) could throw this off
    output_base = File.expand_path RAILS_ROOT
    output_file = File.expand_path output_base + ''/secret/'' +
requested_file
    
    # Attempt to foil directory traversal attacks
    # make sure that output base is the beginning portion of output_file

    # I *think* rails makes this check unnecessary, but hey...
    result = false
    if output_file.index(output_base) == 0 and File.exists?(output_file)
      result = true
    end
    
    return result, output_file
  end

Note that I''m being paranoid about traversal attacks.  I believe rails
already deals with all of the . and .. stuff when the URL is submitted
by the browser, however, I could be wrong.

In this case, the protected content is in a subdirectory called
''secret'', which is one level below the main root of the rails
app.

Regards,
Rich

Maybe Matching Threads

Search for more maybe matching threads

Rails - Aug 2006 - send_file problem

[Rails] send_file problem

[Rails] Re: send_file problem

[Rails] send_file problem

Maybe Matching Threads