1

I have plupload working with drop_element: and browse_button:

However I want to also have the option to get the file from a URL like this: http://example.com/image.jpg

The idea would be to add it to the upload queue and take advantage of the built in properties and methods of plupload.

Davit on the plupload forum directed me to an example with mOxie.Image.load but I can't figure out how to integrate that with plupload. Does anyone here have an example of how to do that?

Here is the link to the thread I started on the plupload forum if that helps..

Piotr Kula
  • 9,597
  • 8
  • 59
  • 85
Ron
  • 73
  • 7

1 Answers1

1

I think it would be better to pass the URL to the server so it can download and process it there.

Sanitization and validation has to happen on the server.. but that should happen with plupload anyway. The server can download big files anyway but be sure to validate its an image and not some malicious binaries disguised as images.

There is no need (not sure if you can) download the image to the client and then tell plupload to send that.

Piotr Kula
  • 9,597
  • 8
  • 59
  • 85
  • I like your ideas, and the flakeyness of my current implementation is forcing me to rethink this. Can you give me an example of "pass the url to the server so it can download ..."? Do you mean to make a temporary copy of the file on my server first somehow without using plupload? Thanks – Ron Jan 18 '14 at 15:37
  • Are you using PHP or .NET? In .NET (because I work on it everyday) it is simple, using a WebRequest and the URL you want. You store it temporary on the server and do what you want with it. I am not sure if you can drag and drop an image from another site? But they can put in a link and your server can get it from that link. But rememebr to check the file headers to verify its an image and not some virus with a .jpg extension – Piotr Kula Jan 19 '14 at 17:17
  • 1
    I'm using PHP. And you gave me the answer. I will just temporarily save the image indicated by the url using built in php file read/write functions, as described here: http://stackoverflow.com/questions/724391/saving-image-from-php-url-using-php. Now I just need to figure out to verify filesize, filetype etc before doing the transfer or some hacker will enter a url for a multi-GB junk file (or worse, some malicious code as you said) which would waste my server resources. Thanks! – Ron Jan 20 '14 at 15:21