David - Musings of an SRE

Rack Multipart HTTP upload

TIL file uploads over Rack (multipart form upload) stores the files with a tmp filename.

While the uploaded file retains its original filename in a special attribute ‘original_filename’, if you’re planning to process the uploaded file through a script that validates the file by its file extension, you’re going to have lots of problems.

A possible solution is to rename it before continuing on the process.


# controller
def uploaded
  file = params[:file]
  x = file.open
  File.rename(x.path, "/tmp/#{file.original_filename}")
  # by default Rack uploaded files stores itself in /tmp

  y = File.open("/tmp/#{file.original_filename}")

  # do anything with y that requires file-extension validation
end