我只是希望用户能够点击链接或按钮并下载文件(这是公共文件夹中的某个地方)
我尝试过:
#view < ;%= link_to原始爆炸输出,:action => :下载,:file_name => public / data / 02_blastout /#{@ bl_file}%> #controller def下载 send_file#{RAILS_ROOT} /#{params [:file_name]} end但是我收到这个错误:
:action =>download,:file_name =>public / data / 02_blastout / input0.fa_x_Glyma1aaunq.bl,:controller =>cvits} pre>感谢您的帮助!!
解决方案不要使用用户设置的参数 send_file 。这打开了一个巨大的安全漏洞,允许用户访问您的应用程序可读的任何文件(即整个应用程序,也可能是文件系统上的其他文件)。
相反,如果该文件是公开的,请链接到该文件本身。在你的情况下:
<%= link_to原始爆炸输出,/ data / 02_blastout /#{@ bl_file} %>不需要特殊的控制器操作。
I can't seem to find a simple and clear answer to this problem anywhere! Everything seems either outdated or incomplete!
I just want the user to be able to click on a link or button and download a file (that is somewhere in the public folder)
I tried this:
#view <%= link_to "Raw blast output" ,:action => :download, :file_name => "public/data/02_blastout/#{@bl_file}" %> #controller def download send_file "#{RAILS_ROOT}/#{params[:file_name]}" endbut I get this error:
No route matches {:action=>"download", :file_name=>"public/data/02_blastout/input0.fa_x_Glyma1aaunq.bl", :controller=>"cvits"}Thanks for the help!!
解决方案Don't use send_file with a parameter set by a user. This opens up a massive security hole, allowing a user to access any file that is readable by your application (namely, your entire application, but also possibly other files on the filesystem).
Rather, if the file is under public, link to the file itself. In your case:
<%= link_to "Raw blast output", "/data/02_blastout/#{@bl_file}" %>No need for a special controller action.
更多推荐
如何从rails应用程序下载文件
发布评论