Validate file uploads #220
Comments
|
On it! |
|
Found a gem for it. What file formats should I add as supported @EmilyDirsh ? JPEG and PNG? |
|
Why not make it configurable ? |
|
I don't understand what you mean. Configurable how? |
|
For example, an Array with accepted formats put in the configuration file in initializers. Allow everything in that array and reject the rest |
|
That is what I am doing :) |
|
@sbagroy986, @Alwahsh is right - the whitelist should be configurable in the Rails config files. Check the documentation for the gem you're using - there should be a documented configuration parameter for the gem. By default, we should allow jpg, png, gif (why not?), and svg |
|
The gem actually just provides us the format of the file. So basically I'm gonna create an array of acceptable formats. The list is, thus, configurable. |
|
@sbagroy986 which gem are you using? |
|
Ruby FileMagic - https://github.com/blackwinter/ruby-filemagic |
|
What's the status on this? If it's yet to be worked on, @sonalkr132 would like to take it up. |
Currently file uploads are not validated. We should be restricting the type and size of files permitted to be uploaded.
This is a potential security issue, and can certainly cause a lot of usability issues if we try to treat something as an image that isn't.
Relevant: http://stackoverflow.com/questions/51572/determine-file-type-in-ruby
The text was updated successfully, but these errors were encountered: