I'm trying to use Flask-Dropzone as part of a web-app to upload files for processing. These files typically don't have a file extension due to a quirk of the export process that generates these files.
I've consulted both the Flask-Dropzone docs and the Dropzone.js docs and both seem to imply that if DROPZONE_ALLOWED_FILE_CUSTOM = False then every upload of all file types should be accepted. However, when navigating the file upload window, the filter defaults to "All Supported Types" and seems to only accept images. I can toggle this to "All Files" but when trying to upload anything else the dropzone gives the default error message about the file not being allowed.
I am able to set custom allowed file types such as .pdf's, .xlsx, etc. However this isn't useful as the files in question doesn't have a declared file type extension.
Related
Good Day!
I am uploading some files in form as attachments and I am trying to filter the uploaded file extensions. But I am not getting the exact solution for this.
Is there any way to filter the extensions of the files being uploaded in file attachments?
Thank you so much for the help.
If you mean blocking file upload based on the extension you can do so in File Upload Preference Screen (SM202550):
If you mean the filter for the native open file dialog. It seems hardcoded for a handful of common web files and I don't think it can be changed easily.
If you mean the file upload dialog grid, unlike most grids in the system it is not filterable through the column headers:
Maybe the Search in Files page (SM202520) is what you're looking for. You can search files based on extension here:
My question is about the nuxeo platform, i want to limit the uploded file types to jpg and png images only. I googled and searched the documentation and found nothing. is there a way to do this?
Thanks
If you're using WebUI, the upload providers support an "accept" attribute, where the value is a comma-separated list of accepted mime types.
https://doc.nuxeo.com/nxdoc/web-ui-upload-providers/
Here's an example:
<nuxeo-dropzone role="widget"
label="PDF file"
name="content"
accept="application/pdf"
document="[[document]]"></nuxeo-dropzone>
Note, the Dropzone component isn't very good at reporting errors back to the user. It fails silently if you upload a type that's not accepted.
I setup an Azure Logic App that checks for newly created files in a OneDrive folder and then sends these (images) to the MS Vision API for tagging. This flow works fine.
How can I setup a condition to only react on a specific file type (images) or even better only when the file has a certain file ending, like ".jpg", ".png" etc.?
I tried to setup a condition on the "File content type" but couldn't figure out the appropriate value for the condition ("image" doesn't work).
I couldn't find any hints on the webs and neither on SO. Any help is very much appreciated.
When reading file attachments using the GMail action, I had to use starts with because the Content-Type property contained the MIME type followed by the file name.
The following example is for checking if the file is an Excel file (.xlsx, not .xls):
I also used http://mime.ritey.com/ to upload my files and ensure I had the MIME type correct.
File name is part of the metadata provided by the OneDrive Connector.
Using that, you can apply conditions/filters based on the extension. File content type is probably pretty reliable but in practice, the extension might be better.
I think I found a solution. I was able to kind of reverse engineer the file types by setting up an app that is triggered by new files and writes the file content type to a text file in a different folder.
image/jpg and image/png are image files
application/x-zip-compressed is a zipped file
So it seems that Azure uses standard MIME types to identify the file type (which very much makes sense... :0)
I understand that Chrome's "Uncommon Download" warning is broadly based on how common a download is, but what are the specific conditions?
Is "commonness" measured, or is it a heuristic? (eg. "zip files are always considered not common")
If it is measured, is it based on the domain, protocol (eg. http or dataurl), or the full specific URL?
It's clear that file or content type is one of them. From the same website, I've seen that a zip file will trigger the warning, whereas a PNG or JPG won't. Is there any way to make it not trigger for a zip file being created and saved through JSZip?
I am trying to assess our security risk if we allow to have a form in our public website that lets the user upload any type of file and get it stored in the database.
I am worried about the following:
Robots uploading information
A huge increment of the size of the database
The form is an resume upload so HR people will be downloading those files in a jpeg or doc or pdf format but actually getting a virus.
You can use captchas for dealing with robots
Set a reasonable file size limit for each upload
You can do multiple checking for your file upload control.
1) Checking the extension of file (.wmv, .exe, .doc). This can be implemented by Regex expression.
2) Actually check the file header or definition type (ex: gif, word, image, etc, xls). Sometimes file extension is not sufficient.
3) Limit the file size. (Ex: 20mb)
4) Never accept the filename provided by the user. Always rename the file to some GUID according to your specifications. This way hacker wont be able to predict the actual name of the file which is stored on the server.
5) Store all the files out of web virtual directory. Preferably store in separate File Server.
6) Also implement the Captcha for File upload.
In general, if you really mean to allow any kind of file to be uploaded, I'd recommend:
A minimal type check using mime magic numbers that the extension of the file corresponds to the given one (though this doesn't solve much if you are not going to limit the kinds of files that can be uploaded).
Better yet, have an antivirus (free clamav for example) check the file after uploading.
On storage, I always prefer to use the filesystem for what it was created: storing files. I would not recommend storing files in the database (suposing a relational database). You can store the metadata of the file on the database and a pointer to the file on the file system.
Generate a unique id for the file and you can use a 2-level directory structure to store the data: E.g: Id=123456 => /path/to/store/12/34/123456.data
Said that, this can vary depending on what you want to store and how do you want to manage it. It's not the same to service a document repository, a image gallery or a simple "shared directory"