Open erasmus opened 8 years ago
Filename is problematic for a number of reasons. One is that someone might have bg.jpg
and chances are that many other people might have other files with the same name...
Yes, filename checking should probably be frontend. (the filename of the last uploaded file is stored in the cloudinary.data object and could be used for some validation) -- for a later optimisation if we need to save on bandwith. Ignore for now.
Frountend validation has now been implemented. Would need a backend check (filesize + type) to avoid spam
Update To be specific, we now check frontend for filesize + filetype. This does not have global support however and some backend checking should be implemented to avoid e.g. headless spambots.
See Cloudinary's API documentation on file validation.
In a nutshell, Cloudinary supports file type restriction on the server side for uploading:
uploader.upload("tests/logo.png", allowed_formats = ['png'])
The next example will return an error:
uploader.upload("tests/logo.png", allowed_formats = ['jpg'])
However, you can convert the uploaded file to match the allowed format, for example:
uploader.upload("tests/logo.png", allowed_formats = ['jpg'], format= 'jpg')
About filesize validation in the backend, here's Cloudinary's response:
Our jQuery integration library supports handling minimum/maximum size and dimensions on the client side. We have it in our roadmap to support rejecting these on the server side as well.
It's unclear to me how the documentation example above applies to direct uploads.
I've written to their support team and I am now waiting for a response.
It looks like server-side validation is not possible with direct uploads.
The
CloudinaryJsFileField
uses our jQuery library for the uploads. As mentioned in the article, you can use theacceptFileTypes
in the initialization of the input field. For more information: https://github.com/cloudinary/cloudinary_js#client-side-image-resizing-before-upload
I'm assuming this is what you've already implemented, @rashagen?
Yes, that's what's been implemented... hmmmm
We should do some checking before uploading to save bandwidth & spam.
Limits
previously uploaded? (check against filename)