Geek Answers Handbook

Rails paperclip, change form file_field not assigned

I used paperclip to attach an avatar to my user, in my model:

has_attached_file :avatar, :styles => {square_tiny: '50x50#', square_small: '100x100#', square: '200x200#'}

I have a form

 <%= form_for(@user_profile, :url => { :controller => :user_profiles, :action => :update_general_info, :id => @user_profile.id }, :html => { :multipart => true, :class=> "form-horizontal" }) do |f| %> <div class="control-group"> <%= f.label :avatar, :class => "control-label" %> <div class="controls"> <%= f.file_field :avatar %> </div> </div> .... <% end %>

The download works fine, but I’m coming back and my user’s EDIT, the file field says “no file selected”. And since I check the presence of this avatar, every time the user edits his data, he must upload his avatar again ...

How do I get around this?

I thought :multipart => true would help, but it is not.

+8
forms
source share
1 answer

There is absolutely no good way for a page to set a value in a file field, and this is for security reasons.

If the browser allowed the page or JS script to set a value in the file field, which will allow the malicious page to set the value of the file field with some system file or passwords. And it will be a serious security hole.

What I do in this case, I show the already saved file as a link that the user can click to download. Then you can provide small AJAX links for deletion (the file is deleted using an AJAX call, and the link is replaced by a new file input) and replaced (the link is replaced by a file input).

The final option is to use AJAX to upload the file. If you use AJAX to upload a file, you will send POST in a hidden frame so that the input file retains the selected value. In any case, keep in mind that any change to the file field value must be initiated by the user.

+5
source share

More articles:


All Articles