I need to read (and parse) a user uploaded file. I check it's MIME types, as well to see if includes proper headers by reading the file, but I was wondering can something like params[:uploaded_file].read trigger any EXEs or ruby/php/etc files? Or, is "read" good to go?
read does just return the bytes in the IO stream to you - it doesn't do anything with them.
Fred
If you are planning on just uploading the file and you don't want to upload executable files you should check for that before allowing the upload.
Thank you Frederick. That's what I was thinking (hoping).
@pepe I do check it's MIME type before uploading, but the file is actually never saved. So as long as .read, or parsing, won't trigger the exe/ ruby/php script, then I think I'm ok.
