验证失败:上传文件的扩展名与其内容不匹配 [英] Validation failed: Upload file has an extension that does not match its contents
问题描述
我正在使用回形针 gem 上传文件.我的回形针 gem 版本是 paperclip-4.1.1.上传文件时抛出
I am using paperclip gem to upload files. and my paperclip gem version is paperclip-4.1.1. While uploading a file its throwing
Validation failed: Upload file has an extension that does not match its contents.
我正在尝试上传 xlsx 文件.我也在模型 content_type 中提到了这一点.
I am trying to upload a xlsx file. and also i have mentioned that into the model content_type.
validates_attachment_content_type :upload_file, :content_type => %w(application/msword application/vnd.ms-office application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet),
:message => ', Only XML,EXCEL files are allowed. '
我不知道为什么会发生此错误.如果您对此错误有任何想法,请分享.
I don't know why this error is happening. If you have any idea about this error please share.
从日志中摘录以显示验证失败:
Excerpt from log to show validation failure:
Command :: file -b --mime-type '/tmp/5249540099071db4e41e119388e9dd6220140513-24023-1jlg4zy' [paperclip] Content Type Spoof: Filename file_for_bulk_upload1.xlsx (["application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"]), content type discovered from file command: . See documentation to allow this combination.
Command :: file -b --mime-type '/tmp/6f19a4f96154ef7ce65db1d585abdb2820140513-24023-tt4u1e' [paperclip] Content Type Spoof: Filename file_for_bulk_upload1.xlsx (["application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"]), content type discovered from file command:
推荐答案
Paperclip 欺骗验证检查失败,因为 file
命令无法准确确定文件类型.
The Paperclip spoofing validation checks are failing because the file
command is not able to accurately determine the filetype.
在您的日志中从文件命令中发现的内容类型:.
- 句点前的空格是输出的结果 - 即空白.然而,比较的另一面纯粹使用文件扩展名,它被正确地选择为 excel 文件.因此您的验证失败.
In your log content type discovered from file command: .
- the blank space before the period is the result of the output - i.e. blank. However the other side of the comparison uses purely the file extension which is being correctly picked up as an excel file. Hence your validation failure.
当前版本的 Paperclip 正在使用 file -b --mime-type
来确定文件,但是并非所有实现都支持 --mime-type
.使用 --mime
有一个变化,但它还没有达到里程碑.
The current version of Paperclip is using file -b --mime-type
to determine the file, however --mime-type
is not supported by all implementations. There is a change to use --mime
instead but it's not in a milestone yet.
我认为您有一些选择.您选择哪个取决于您对某些可疑文件被上传并被称为 excel 文件的关注程度.如果您对此感到担心,请尝试选项 1;如果您不担心,请选择选项 2 或 3.
I think you have a some options. Which you choose depends on how concerned you are about some dodgy file being uploaded and being called an excel file. If you are worried about this then try option 1; if you are not worried go for option 2 or 3.
1) 覆盖欺骗检查以使用 --mime
而不是 --mime-type
.
1) Override the spoofing check to use --mime
instead of --mime-type
.
覆盖初始化程序中的type_from_file_command
:
module Paperclip
class MediaTypeSpoofDetector
private
def type_from_file_command
# -- original code removed --
# begin
# Paperclip.run("file", "-b --mime-type :file", :file => @file.path)
# rescue Cocaine::CommandLineError
# ""
# end
# -- new code follows --
begin
Paperclip.run("file", "-b --mime :file", :file => @file.path)
rescue Cocaine::CommandLineError
""
end
end
end
end
2) 通过完全从文件扩展名设置文件类型来绕过 file
检查.
2) Bypass the file
check by setting the file type totally from it's file extension.
在应用程序初始化期间读取的某个位置设置此 Paperclip 选项(例如 config/application.rb
、config/environments/
或config/initializers/paperclip.rb
):
Set this Paperclip option somewhere that is read during initialisation of the application (e.g. config/application.rb
, config/environments/<environment>.rb
or an config/initializers/paperclip.rb
):
Paperclip.options[:content_type_mappings] = { xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' }
3) 完全禁用欺骗.
通过在初始化程序中创建类似的内容来覆盖欺骗检查:
Override the spoofing check by creating something like this in an initializer:
module Paperclip
class MediaTypeSpoofDetector
def spoofed?
false
end
end
end
更新:
您在模型中进行的验证不是此问题的原因.这将验证您可以加载哪些类型的文件;您看到的是 Paperclip 计算文件类型有效但其内容与文件类型不匹配.
The validation you have in your model is not the cause of this problem. This validates which types of files you are allowed to load; what you are seeing is Paperclip calculating that the type of the file is valid but its content do not match the type of the file.
假设您可以使欺骗验证起作用,则您的内容验证存在一个异常.您输出的错误消息显示只允许使用 XML、EXCEL 文件",但您的实际验证是检查 MS word 和 excel 文件,而不是 xml.
Assuming you can get the spoofing validation to work, there is one anomaly with your content validation. The error message you output says "only XML, EXCEL files are allowed", however your actual validation is checking for MS word and excel files, not xml.
如果您的消息是正确的,并且您确实希望只允许 xml 和 excel 文件,则应将 content_type 验证更改为:
If your message is correct and you do want to allow only xml and excel files you should change the content_type validation to be:
validates_attachment_content_type :upload_file, :content_type => %w(application/xml application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet),
:message => ', Only XML,EXCEL files are allowed. '
这篇关于验证失败:上传文件的扩展名与其内容不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!