I need to read (and parse) a user uploaded file. I check it''s MIME types, as well to see if includes proper headers by reading the file, but I was wondering can something like params[:uploaded_file].read trigger any EXEs or ruby/php/etc files? Or, is "read" good to go? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Mar 29, 8:17 am, GoodGets <goodg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I need to read (and parse) a user uploaded file. I check it''s MIME > types, as well to see if includes proper headers by reading the file, > but I was wondering can something like params[:uploaded_file].read > trigger any EXEs or ruby/php/etc files? Or, is "read" good to go?read does just return the bytes in the IO stream to you - it doesn''t do anything with them. Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
If you are planning on just uploading the file and you don''t want to upload executable files you should check for that before allowing the upload. On 29 mar, 09:17, GoodGets <goodg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I need to read (and parse) a user uploaded file. I check it''s MIME > types, as well to see if includes proper headers by reading the file, > but I was wondering can something like params[:uploaded_file].read > trigger any EXEs or ruby/php/etc files? Or, is "read" good to go?-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thank you Frederick. That''s what I was thinking (hoping). @pepe I do check it''s MIME type before uploading, but the file is actually never saved. So as long as .read, or parsing, won''t trigger the exe/ ruby/php script, then I think I''m ok. On Mar 29, 3:56 am, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Mar 29, 8:17 am, GoodGets <goodg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > I need to read (and parse) a user uploaded file. I check it''s MIME > > types, as well to see if includes proper headers by reading the file, > > but I was wondering can something like params[:uploaded_file].read > > trigger any EXEs or ruby/php/etc files? Or, is "read" good to go? > > read does just return the bytes in the IO stream to you - it doesn''t > do anything with them. > > Fred-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.