Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
419 views
in Technique[技术] by (71.8m points)

ruby on rails - Validation failed: Upload file has an extension that does not match its contents

I am using paperclip gem to upload files. and my paperclip gem version is paperclip-4.1.1. While uploading a file its throwing

Validation failed: Upload file has an extension that does not match its contents.

I am trying to upload a xlsx file. and also i have mentioned that into the model content_type.

 validates_attachment_content_type :upload_file, :content_type => %w(application/msword application/vnd.ms-office application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet),
                                               :message => ', Only XML,EXCEL files are allowed. '

I don't know why this error is happening. If you have any idea about this error please share.

Excerpt from log to show validation failure:

Command :: file -b --mime-type '/tmp/5249540099071db4e41e119388e9dd6220140513-24023-1jlg4zy' [paperclip] Content Type Spoof: Filename file_for_bulk_upload1.xlsx (["application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"]), content type discovered from file command: . See documentation to allow this combination. 
Command :: file -b --mime-type '/tmp/6f19a4f96154ef7ce65db1d585abdb2820140513-24023-tt4u1e' [paperclip] Content Type Spoof: Filename file_for_bulk_upload1.xlsx (["application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"]), content type discovered from file command:
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

The Paperclip spoofing validation checks are failing because the file command is not able to accurately determine the filetype.

In your log content type discovered from file command: . - the blank space before the period is the result of the output - i.e. blank. However the other side of the comparison uses purely the file extension which is being correctly picked up as an excel file. Hence your validation failure.

The current version of Paperclip is using file -b --mime-type to determine the file, however --mime-type is not supported by all implementations. There is a change to use --mime instead but it's not in a milestone yet.

I think you have a some options. Which you choose depends on how concerned you are about some dodgy file being uploaded and being called an excel file. If you are worried about this then try option 1; if you are not worried go for option 2 or 3.

1) Override the spoofing check to use --mime instead of --mime-type.

Override the type_from_file_command in an initializer:

module Paperclip
  class MediaTypeSpoofDetector
    private

    def type_from_file_command
      # -- original code removed --
      # begin
      #   Paperclip.run("file", "-b --mime-type :file", :file => @file.path)
      # rescue Cocaine::CommandLineError
      #   ""
      # end

      # -- new code follows --
      begin
         Paperclip.run("file", "-b --mime :file", :file => @file.path)
      rescue Cocaine::CommandLineError
        ""
      end
    end
  end
end

2) Bypass the file check by setting the file type totally from it's file extension.

Set this Paperclip option somewhere that is read during initialisation of the application (e.g. config/application.rb, config/environments/<environment>.rb or an config/initializers/paperclip.rb):

Paperclip.options[:content_type_mappings] = { xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' }

3) Disable spoofing altogether.

Override the spoofing check by creating something like this in an initializer:

module Paperclip
  class MediaTypeSpoofDetector
    def spoofed?
      false
    end
  end
end

Update:

The validation you have in your model is not the cause of this problem. This validates which types of files you are allowed to load; what you are seeing is Paperclip calculating that the type of the file is valid but its content do not match the type of the file.

Assuming you can get the spoofing validation to work, there is one anomaly with your content validation. The error message you output says "only XML, EXCEL files are allowed", however your actual validation is checking for MS word and excel files, not xml.

If your message is correct and you do want to allow only xml and excel files you should change the content_type validation to be:

validates_attachment_content_type :upload_file, :content_type => %w(application/xml application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet),
                                                :message => ', Only XML,EXCEL files are allowed. '

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...