Paperclip is not supporting .doc file

Asked 20/3, 2014 at 8:16 Answered 30/8, 2016 at 0:50

Solved ruby-on-rails ruby file validation paperclip

In rails 4.0.2, I am using paperclip gem to upload files. But it is not supporting .doc file. Below the file upload field, it is showing an error message as "has an extension that does not match its contents"

In model, the validation for checking the content type is given below :

validates_attachment_content_type :document, :content_type => ['application/txt', 'text/plain',
'application/pdf', 'application/msword',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.oasis.opendocument.text',
'application/x-vnd.oasis.opendocument.text',
'application/rtf', 'application/x-rtf', 'text/rtf', 
'text/richtext', 'application/doc', 'application/docx', 'application/x-soffice', 'application/octet-stream']

Gems which is used right now

rails (4.0.2, 4.0.0, 3.2.13, 3.2.8, 3.0.4, 3.0.3)

paperclip (3.5.2, 2.3.11, 2.3.8)

How can I solve this issue?

Schwenk answered 20/3, 2014 at 8:16 Comment(4)

Try updating to the most recent Paperclip gem (4.1.1). There were changes made for file content spoofing detection at v4.0.0. – Logos 20/3, 2014 at 8:32

I updated the paperclip gem but still it is not uploading .doc files. – Schwenk 20/3, 2014 at 9:30

Do you get any error message in the log file? The spoofing detector will log more details about the content type mismatch. – Logos 20/3, 2014 at 9:33

Yea. In server log I got this error " Command :: file -b --mime-type '/tmp/a0a39a5929c7b0340ffe48845259f90420140320-7217-b6m4ta' [paperclip] Content Type Spoof: Filename 163710.doc (["application/msword", "application/word", "application/x-msword", "application/x-word", "text/plain"]), content type discovered from file command: . See documentation to allow this combination." – Schwenk 20/3, 2014 at 9:37

add this to an initializer to disable spoofing protection:

require 'paperclip/media_type_spoof_detector'         
module Paperclip         
 class MediaTypeSpoofDetector        
    def spoofed?         
      false       
    end       
  end        
end

For centOS

 module Paperclip     
 class MediaTypeSpoofDetector      
 def type_from_file_command      
  begin       
    Paperclip.run("file", "-b --mime :file", :file => @file.path)
  rescue Cocaine::CommandLineError
    ""
  end       
end      
end      
end

from https://github.com/thoughtbot/paperclip/issues/1429

Hexagon answered 20/3, 2014 at 8:31 Comment(3)

I followed what you suggested but still .doc file is not getting uploaded. – Schwenk 20/3, 2014 at 9:30

try with 'application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' – Hexagon 20/3, 2014 at 9:36

Changing the spoofed? method to simply return false will disable spoofing detection which could leave you exposed to security issues. Read here github.com/thoughtbot/paperclip#security-validations for more details about this. – Logos 20/3, 2014 at 10:8

It's a bad idea to skip spoofing checking. Because Paperclip adds it for security reason. See this article for details: http://robots.thoughtbot.com/prevent-spoofing-with-paperclip

The spoof validation checks if file's extension matches it's mime type. For example a txt file's mime type is text/plain, when you upload it to Paperclip everything goes fine. But if you modify the extension to jpg then upload it, the validation fails because jpg file's mime type should be image/jpeg.

Note that this validation is for security checking so there's not a normal way to skip it. Even when you use do_not_validate_attachment_file_type it's not skipped. But for some files Paperclip can't recognize file -> mime type mapping correctly.

In this case the right way is adding content type mapping to Paperclip configuration. Like this:

# Add it to initializer
Paperclip.options[:content_type_mappings] = {
  pem: 'text/plain'
}

In this way it works without breaking spoofing validation. If you don't know what mime type a file is, you can use file command:

file -b --mime-type  some_file.pdf    # -> application/pdf

Elana answered 24/4, 2014 at 14:52 Comment(0)

You can authorize all content types using do_not_validate_attachment_file_type :file

You can enable spoofing using has_attached_file :file,

class Upload
  #validate_media_type == false means "authorize spoofing"
  has_attached_file :file, validate_media_type: false

  #authorize all content types
  do_not_validate_attachment_file_type :file_if_content_type_missing
end

Bashuk answered 30/8, 2016 at 0:50 Comment(0)

The error in the server log means that your OS file command cannot get you the MIME type for a .doc file. This happens for me with ubuntu 12.04.

To get around this, I slightly altered MediaTypeSpoofDetector to use mimetype if file --mime didn't work.

module Paperclip
  class MediaTypeSpoofDetector
    private

    def type_from_file_command
      # -- original code removed --
      # begin
      #   Paperclip.run("file", "-b --mime-type :file", :file => @file.path)
      # rescue Cocaine::CommandLineError
      #   ""
      # end

      # -- new code follows --
      file_type = ''    

      begin
        file_type = Paperclip.run('file', '-b --mime-type :file', file: @file.path)
      rescue Cocaine::CommandLineError
        file_type = ''
      end

      if file_type == ''
        begin
          file_type = Paperclip.run('mimetype', '-b :file', file: @file.path)
        rescue Cocaine::CommandLineError
          file_type = ''
        end
      end

      file_type
    end
  end
end

Logos answered 20/3, 2014 at 10:2 Comment(0)

Try putting do_not_validate_attachment_file_type :document validation in model.

Jura answered 10/4, 2014 at 12:35 Comment(0)

Recommended topics

Hot tags