0

I have a site where a user can upload a photo. I have no idea how to handle photos. To make a thumbnail out of a large res photo, do I just resize the width and the height? Or is there a better way to do this?

If you could point me to any resources or give me any tips, that would be great.

I'm using Ruby on Rails, if that matters. I don't really want gems for this because I want to learn how to do it myself.

irl_irl
  • 3,785
  • 9
  • 49
  • 60

3 Answers3

3

For some of this, "learning how to do it yourself" is going to be a significant undertaking. Resizing the image, for example. Go ahead and find an open source library (such as a gem) that resizes images and look through its source code. It's not impossible to do on your own, but a lot of that sort of thing is built on the expertise that's come before, etc. There's nothing wrong with making use of a tool somebody else has created, provided that you understand what the tool is doing.

A few points to hopefully help you out:

  1. Go with a white-list approach of which image formats you support. Don't just let users upload anything that they call an image.
  2. Each format you support is going to have its own standards (possibly multiple) for meta-data. Stripping out that data wholesale may or may not be a good idea. For example, a jpeg may contain its orientation in its EXIF data and if you strip that out you may be effectively rotating the image. Certain fields, such as geotagging, you may want to strip out in the effort to protect your users' privacy, etc. Again, look into existing libraries for this and see how they do it.
  3. DO NOT implicitly trust the file name extension for determining the type of the image. It's possible for a user to construct a malicious file that isn't really an image, pass it off as an image to an unsuspecting host, and effectively open a security flaw on that host as it tries to process the file as an image. There was a question about determining file type in Ruby here, and I'm sure there's a lot more to be found on the subject.
Community
  • 1
  • 1
David
  • 208,112
  • 36
  • 198
  • 279
  • Thanks for that. Very informative. Part of the parameters when uploading a file is content type. For example it shows "@content_type="image/jpeg"". This isn't reliable? – irl_irl Dec 20 '10 at 17:38
  • @GreenRails: It _should_ be reliable, but I tend to be paranoid when it comes to validating user input. I'm sure there are others, but there's a .NET discussion about the subject here: http://forums.asp.net/t/1331793.aspx – David Dec 20 '10 at 17:42
2

David answered the question well, but I thought I might be able to provide some more specific information regarding your question.

Use the Paperclip gem, combined with RMagick, an ImageMagick wrapper for Ruby. You can set post-processing options and create multiple resizings.

If you really want to do it yourself, checkout the actual gem at https://github.com/thoughtbot/paperclip and you'll see how that author does it. Part of the thought behind Ruby on Rails is DRTW (Don't Reinvent the Wheel). Utilize what's out there and build on it. It will save you time, and enable you to do more in the longrun.

Glenn
  • 1,092
  • 1
  • 10
  • 22
0

An alternative is to use a third party service such as http://resizer.co (I am not affiliated)

Replace a URL to an image from your site, say:

http://example.com/images/abc123.jpg

with the following (for a 200 x 200 image)

http://www.resizer.co?image=http://example.com/images/abc123.jpg&w=200&h=200

You may run into issues with distortion and the 'aspect ratio' not being maintained, but it could be a good start.

stef
  • 14,172
  • 2
  • 48
  • 70