Hi, i'm using the Attachment_Fu plugin to handle file uploading and have set the max filesize in my image model, that works fine.
Problem is, I don't want the user to find out the image they're uplaoding is too big after uploading it.
Is there any way, clientside, to check the size before uploading?
you could use swfupload to do this:
this comes with a few more advantages, eg uploading several files at once
Indeed, a fantastic component. You can also filter out certain filetypes etc. It does use Flash and you need to be aware that it uses JavaScript callbacks similar to the Prototype onComplete events you need to use to show the files after the upload is done. Also, keep in mind that Rails 2’s forgery protection and more restrictive session management can give you some problems. It has come up on the mailing list, just search the archives.
It would be nice if someone would write a blog post on SWFUpload in Rails 2. I’m using it in a Rails 1.2 app with great success, but using it in Rails 2 is a big question mark for me. Would be nice to get some comforting guidelines on a working solution.
Best regards
Peter De Berdt
It would be nice if someone would write a blog post on SWFUpload in Rails 2. I'm using it in a Rails 1.2 app with great success, but using it in Rails 2 is a big question mark for me. Would be nice to get some comforting guidelines on a working solution.
yes, you're right that it fails to work with the session. my solution so far:
- before starting the upload send an ajax request to the server (with session handling) - generate some entry in the database with an unique id (and maybe some other security information) and a datetime, so it's valid only a few seconds - the ajax response triggers the fileupload for the requested files - file uploads are only accepted, as long as they match the db entry
i think that's reasonably secure and was easy to implement. i had thought to use some of the solutions that where mentioned in the other discussions here, but they all seem to fail with one browser or another.
Nice, thanks, but this sounds like replacing one problem with another.
I'll add some text by the box to say [max 5mb] which should stop most, and an onsubmit() function when submitting the file that I can rig to a js function to check the filesize.
I'm sure I did this with javascript before but no idea how
hmm.. no luck there, looks like it can't be done via javascript, only once the file has got to the server can you check the filesize.
so with the Attachment_Fu plugin, is there a method / object that returns what happened with a failed upload so i can do...
if attachment.size > 5.megabytes flash[:notice] = 'sorry, you tried to upload a file larger than 5mb!'
?
So if I understand you correctly, you turn off the session for the upload method and replace it with your own temporary validation hash?
Great solution btw, it’s so obvious and simple I would never have thought of it myself :-), I still would have tried to work around it the way you could do it in the previous Rails version (by allowing session ids to be passed in via a parameter request).
Best regards
Peter De Berdt
I know Peter, it isn't perfect but will do for the moment. I'll research some more with the plugin you suggested and Attachment_Fu to find a more graceful way of handling this.
Will let you know if I find the solution.
Appreciate your help.
John.
So if I understand you correctly, you turn off the session for the upload method and replace it with your own temporary validation hash? Great solution btw, it's so obvious and simple I would never have thought of it myself :-), I still would have tried to work around it the way you could do it in the previous Rails version (by allowing session ids to be passed in via a parameter request).
in that special case for each file i need an db entry anyway to link it in the document structure, having fields like name: descriptive name given by user description: long description of content document_version: docs can be replaced project_id: project, doc belongs_to user_id
etc
so the ajax call (with session) creates an empty record,
filling out only necessary parts as user_id and project_id
plus: temporary reuse of name to store some randomly generated code
which is handed back with the ajax response (plus the document_id)
maybe this code is not really necessary, but it looks very secure 
then starts uploading file/s with those parameters
the action checks that a record with given id exists, that it's created_at isn't too old and the code is matched in any other case rejects the upload
i think that's rather secure and somebody would have to intercept the connection to get the id and code fast enough to do something bad
maybe it could be enhanced with some tricky encryption, but we're quite confident, that it's secure enough for our kind of apps
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks