1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178
|
NAME
CGI::Application::Plugin::AJAXUpload - Run mode to handle a file upload
and return a JSON response
VERSION
This document describes CGI::Application::Plugin::AJAXUpload version
0.0.3
SYNOPSIS
use MyWebApp;
use CGI::Application::Plugin::JSON qw(to_json);
use CGI::Application::Plugin::AJAXUpload;
sub setup {
my $c = shift;
$c->ajax_upload_httpdocs('/var/www/vhosts/mywebapp/httpdocs');
$c->ajax_upload_setup(
run_mode=>'file_upload',
upload_subdir=>'/img/uploads',
);
return;
}
DESCRIPTION
This module provides a customisable run mode that handles a file upload
and responds with a JSON message like the following:
{status: 'UPLOADED', image_url: '/img/uploads/666.png'}
or on failure
{status: 'The image was too big.'}
This is specifically intended to provide a CGI::Application based back
end for <AllMyBrain.com>'s <image upload extension> to the <YUI rich
text editor>. However as far as I can see it could be used as a back end
for any CGI::Application website that uploads files behind the scenes
using AJAX. In any case this module does NOT provide any of that client
side code and you must also map the run mode onto the URL used by
client-side code. That said a working example is provided which could
form the basis of a rich text editor.
INTERFACE
ajax_upload_httpdocs
The module needs to know the document root because it will need to to
copy the file to a sub-directory of the document root, and it will need
to pass that sub-directory back to the client as part of the URL. If
passed a value it will store that as the document root. If not passed a
value it will return the document root.
ajax_upload_setup
This method sets up a run mode to handle a file upload and return a JSON
message providing status. It takes a number of named parameters:
upload_subdir
This is the sub-directory of *httpdocs_dir* where the files will
actually be written to. It must be writeable. It defaults to
'/img/uploads'.
dfv_profile
This is a Data::FormValidator profile. The hash array that is
validated consists of the fields described below. A very basic
profile is provided by default.
*value* This is contains the actual data contained in the upload. It
will be untainted. One can of course apply filters that resize the
image (assuming it is an image) or scrub the HTML (if that is
appropriate).
*file_name* This is the filename given by the browser. By default it
will be required to be no more than 30 alphanumeric, hyphen or full
stop, underscore characters; it will be untainted and passed through
unmodified. One could however specify a filter that completely
ignores the filename, generates a safe one and does other
housekeeping.
*mime_type* This is the file extension passed by the browser.
*data_size* By default this is required to be less than 512K.
Note that this module's handling of file upload and data validation
is somewhat different from that expected by
Data::FormValidator::Constraints::Upload and
Data::FormValidator::Filters::Image. Those modules work with file
handles. The Data::FormValidator profiles required by this module
are expected to work with the data and meta data.
run_mode
This is the name of the run mode that will handle this upload. It
defaults to *ajax_upload_rm*.
ajax_upload_default_profile
This returns a hash reference to the default Data::FormValidator
profile. It can be called as a class method.
_ajax_upload_rm
This private method forms the implementation of the run mode. It
requires a *file* CGI query parameter that provides the file data.
Optionally it also takes a *validate* parameter that will make other
more paranoid checks. These checks are only optional because if the
system is set up correctly they should never fail.
It takes the following actions:
-- It will get the filename and data associated with the upload and
pass the data through the Data::FormValidator if a profile is
supplied.
-- If it fails the Data::FormValidator test a failed message will be
passed back to the caller.
-- If the *validate* parameter is set the setup will check. If there is
a problem a status message will be passed back to the user.
-- The data will then be copied to the given file, its path being the
combination of the *httpdocs_dir* parameter, the *upload_subdir* and
the generated file name.
- The successful JSON message will be passed back to the client.
DIAGNOSTICS
Most error messages will be passed back to the client as a JSON message,
though in a sanitised form. One error 'Internal Error' is fairly generic
and so the underlying error message is written to standard error.
CONFIGURATION AND ENVIRONMENT
CGI::Application::Plugin::AJAXUpload requires no configuration files or
environment variables. However the client side code, the URL to run mode
dispatching and the general web server setup is not supplied.
DEPENDENCIES
This is using the "to_json" method from CGI::Application::Plugin::JSON.
As such that module needs to be exported before this module. Or of
course you could just define your own.
BUGS AND LIMITATIONS
Please report any bugs or feature requests to
"bug-cgi-application-plugin-ajaxupload@rt.cpan.org", or through the web
interface at <http://rt.cpan.org>.
One really odd thing is that the content header of the AJAX reply cannot
be 'application/json' as one would expect. This module sets it to
'text/javascript' which works. There is a very short discussion on the
<YUI forum>.
AUTHOR
Nicholas Bamber "<nicholas@periapt.co.uk>"
LICENCE AND COPYRIGHT
Copyright (c) 2010, Nicholas Bamber "<nicholas@periapt.co.uk>". All
rights reserved.
This module is free software; you can redistribute it and/or modify it
under the same terms as Perl itself. See perlartistic.
The javascript code in the example draws heavily on the code provided by
AllMyBrain.com.
DISCLAIMER OF WARRANTY
BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH
YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
NECESSARY SERVICING, REPAIR, OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE
TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
|