Why downloadable file name contain hash - opencart2.x

Uploaded filename in Catalog-->Downloads section are like this:
Chrysanthemum.jpg.bafd8619f8e86bba3b8c90063b2910d2
in this example Chrysanthemum.jpg is filename and What's usage this: .bafd8619f8e86bba3b8c90063b2910d2 ?

Without knowing anything about Opencart I would say that it's an easy way to make sure that if you upload two images with the same name but different content they won't replace each other. If it's indeed a hash of the content thats appended then that would also ensure that if you upload the same image twice it will still only be stored once.

Related

How to make an express js temporary route/path for image?

I have created an API with express to submit a user form with an image with multer. Now I want to make the URL of the image temporary for a certain amount of time so that no user can see the image after that particular time and one URL is fixed for one user only but if he wants to see it again he has to request a new URL.
https://localhost:3000/api/image?=sometempURL1
for another user, the same image should have another unique URL like
https://localhost:3000/api/image?=sometempURL2orSomething
just don't want to reveal the actual file path/name
One way to do this is to use routes with parameters: /path/:id
The id would be the path to the file hashed using a hashing method.
You would have 2 locations for the files, one temporary and one permanently. When you get a file, you store it in both locations. You can save the location to the permanent one. For you temporary route, you can return to use the hashed path of the file in temporary location.
Now how is this temporary location? You can use Cronjob to schedule it's deletion.
So you provide to the user /path/to/file.jpg under this format: b017bcade5394d0076ad808e94482576 and the route would look like: /file/b017bcade5394d0076ad808e94482576 and you can get the file using this hashed value, but at some point (depending on the time you set on cronjob) the file will be deleted from the temporary location, so the link will become invalid

How to save URL to a Django ImageField

I have Django model with Image field, but sometimes I don't need to actually upload file and store path to it, but I need to store only path. Especially url. I mean, I have web client, that receives both foreign urls like sun1-17.userapi.com and url of my own server, so sometimes I don't need to download but need to store url. Is it possible, to store url in ImageField, or I need to make CharField and save files via python? If its impossible, how do I save file in python3, having one, sent me via multipart?
The URL field in the ImageField is ReadOnly, so you cannot write it. You should probably use in addition a URLField (better than a CharField) to save the URLs.
You can allow null values on both and use only the appropriate one according to your scenario.
class FilePathField(path='', match=None, recursive=False, > allow_files=True, allow_folders=False, max_length=100, **options)
A CharField whose choices are limited to the filenames in a certain directory on the filesystem.
Has some special arguments, of which the first is required:
FilePathField.path
Required. The absolute filesystem path to a directory from which this FilePathField should get its choices. Example: "/home/images".
For more info visit the doc https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.FilePathField

how to get and display photo from ldap

I'm using ldap3.
I can connect and read all attributes without any issue, but I don't know how to display the photo of the attribute thumbnailPhoto.
If I print(conn.entries[0].thumbnailPhoto) I get a bunch of binary values like b'\xff\xd8\xff\xe0\x00\x10JFIF.....'.
I have to display it on a bottle web page. So I have to put this value in a jpeg or png file.
How can I do that?
The easiest way is to save the raw byte value in a file and open it with a picture editor. The photo is probably a jpeg, but it can be in any format.
Have a look at my answer at Display thumbnailPhoto from Active Directory in PHP. It's especially for PHP but the concept is the same for Python.
basically it's about either using the base64 encoded raw-data as data-stream or actually using a temporary file that is serverd (or used to determine the mime-type)

Can I upload a spreadsheet to MediaWiki

I'm attempting to port some content from TWiki to MediaWiki and whereas the former seems to allow the uploading of spreadsheets, the latter does not. I'm not interested in displaying / previewing the spreadsheet - just a hyperlink would do fine.
I appreciate that I could store the Excel files 'off-wiki' and externally link to them, but it would be good to keep it all together if at all possible - otherwise we'll have to think about maintaining seperate but logically linked filesystems etc.
Also, I would like to keep it in its original form rather than converting to HTML / JPG etc.
Has anyone hit this problem and if so, how was it solved?
Look in LocalSettings.php. You can then add this line: $wgFileExtensions = array('png', 'gif', 'jpg', 'jpeg', 'svg', 'xls'); (or whichever extensions you want). But be aware that you might want to switch this off after you've done your transfer otherwise your server will quickly become full with files!
See also Manual:$wgFileExtensions

What security issues we acquire if we publish a form that lets you upload any type of file into our database?

I am trying to assess our security risk if we allow to have a form in our public website that lets the user upload any type of file and get it stored in the database.
I am worried about the following:
Robots uploading information
A huge increment of the size of the database
The form is an resume upload so HR people will be downloading those files in a jpeg or doc or pdf format but actually getting a virus.
You can use captchas for dealing with robots
Set a reasonable file size limit for each upload
You can do multiple checking for your file upload control.
1) Checking the extension of file (.wmv, .exe, .doc). This can be implemented by Regex expression.
2) Actually check the file header or definition type (ex: gif, word, image, etc, xls). Sometimes file extension is not sufficient.
3) Limit the file size. (Ex: 20mb)
4) Never accept the filename provided by the user. Always rename the file to some GUID according to your specifications. This way hacker wont be able to predict the actual name of the file which is stored on the server.
5) Store all the files out of web virtual directory. Preferably store in separate File Server.
6) Also implement the Captcha for File upload.
In general, if you really mean to allow any kind of file to be uploaded, I'd recommend:
A minimal type check using mime magic numbers that the extension of the file corresponds to the given one (though this doesn't solve much if you are not going to limit the kinds of files that can be uploaded).
Better yet, have an antivirus (free clamav for example) check the file after uploading.
On storage, I always prefer to use the filesystem for what it was created: storing files. I would not recommend storing files in the database (suposing a relational database). You can store the metadata of the file on the database and a pointer to the file on the file system.
Generate a unique id for the file and you can use a 2-level directory structure to store the data: E.g: Id=123456 => /path/to/store/12/34/123456.data
Said that, this can vary depending on what you want to store and how do you want to manage it. It's not the same to service a document repository, a image gallery or a simple "shared directory"

Resources