如何从rails应用程序下载文件 [英] How to download a file from rails application
问题描述
我只是希望用户能够点击链接或按钮并下载文件(这是公共文件夹中的某个地方)
我尝试过:
#view
< ;%= link_to原始爆炸输出,:action => :下载,:file_name => public / data / 02_blastout /#{@ bl_file}%>
#controller
def下载
send_file#{RAILS_ROOT} /#{params [:file_name]}
end
但是我收到这个错误:
:action =>download,:file_name =>public / data / 02_blastout / input0.fa_x_Glyma1aaunq.bl,:controller =>cvits}
pre>
感谢您的帮助!!
解决方案不要使用用户设置的参数
send_file
。这打开了一个巨大的安全漏洞,允许用户访问您的应用程序可读的任何文件(即整个应用程序,也可能是文件系统上的其他文件)。
相反,如果该文件是公开的,请链接到该文件本身。在你的情况下:
<%= link_to原始爆炸输出,/ data / 02_blastout /#{@ bl_file} %>
不需要特殊的控制器操作。
I can't seem to find a simple and clear answer to this problem anywhere! Everything seems either outdated or incomplete!
I just want the user to be able to click on a link or button and download a file (that is somewhere in the public folder)
I tried this:
#view <%= link_to "Raw blast output" ,:action => :download, :file_name => "public/data/02_blastout/#{@bl_file}" %> #controller def download send_file "#{RAILS_ROOT}/#{params[:file_name]}" end
but I get this error:
No route matches {:action=>"download", :file_name=>"public/data/02_blastout/input0.fa_x_Glyma1aaunq.bl", :controller=>"cvits"}
Thanks for the help!!
解决方案Don't use
send_file
with a parameter set by a user. This opens up a massive security hole, allowing a user to access any file that is readable by your application (namely, your entire application, but also possibly other files on the filesystem).Rather, if the file is under public, link to the file itself. In your case:
<%= link_to "Raw blast output", "/data/02_blastout/#{@bl_file}" %>
No need for a special controller action.
这篇关于如何从rails应用程序下载文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!