NAME¶
CGI::Application::Plugin::AJAXUpload - Run mode to handle a file upload and
return a JSON response
VERSION¶
This document describes CGI::Application::Plugin::AJAXUpload version 0.0.3
SYNOPSIS¶
use MyWebApp;
use CGI::Application::Plugin::JSON qw(to_json);
use CGI::Application::Plugin::AJAXUpload;
sub setup {
my $c = shift;
$c->ajax_upload_httpdocs('/var/www/vhosts/mywebapp/httpdocs');
$c->ajax_upload_setup(
run_mode=>'file_upload',
upload_subdir=>'/img/uploads',
);
return;
}
DESCRIPTION¶
This module provides a customisable run mode that handles a file upload and
responds with a JSON message like the following:
{status: 'UPLOADED', image_url: '/img/uploads/666.png'}
or on failure
{status: 'The image was too big.'}
This is specifically intended to provide a CGI::Application based back end for
AllMyBrain.com <
http://allmybrain.com>'s image upload extension
<
http://allmybrain.com/2007/10/16/an-image-upload-extension-for-yui-rich-text-editor>
to the YUI rich text editor <
http://developer.yahoo.com/yui/editor>.
However as far as I can see it could be used as a back end for any
CGI::Application website that uploads files behind the scenes using AJAX. In
any case this module does NOT provide any of that client side code and you
must also map the run mode onto the URL used by client-side code. That said a
working example is provided which could form the basis of a rich text editor.
INTERFACE¶
ajax_upload_httpdocs¶
The module needs to know the document root because it will need to to copy the
file to a sub-directory of the document root, and it will need to pass that
sub-directory back to the client as part of the URL. If passed a value it will
store that as the document root. If not passed a value it will return the
document root.
ajax_upload_setup¶
This method sets up a run mode to handle a file upload and return a JSON message
providing status. It takes a number of named parameters:
- upload_subdir
- This is the sub-directory of httpdocs_dir where the
files will actually be written to. It must be writable. It defaults to
'/img/uploads'.
- dfv_profile
- This is a Data::FormValidator profile. The hash array that
is validated consists of the fields described below. A very basic profile
is provided by default.
- value This is contains the actual data contained in
the upload. It will be untainted. One can of course apply filters that
resize the image (assuming it is an image) or scrub the HTML (if that is
appropriate).
- file_name This is the filename given by the browser.
By default it will be required to be no more than 30 alphanumeric, hyphen or
full stop, underscore characters; it will be untainted and passed through
unmodified. One could however specify a filter that completely ignores the
filename, generates a safe one and does other housekeeping.
- mime_type This is the file extension passed by the
browser.
- data_size By default this is required to be less
than 512K.
Note that this module's handling of file upload and data validation is somewhat
different from that expected by Data::FormValidator::Constraints::Upload and
Data::FormValidator::Filters::Image. Those modules work with file handles. The
Data::FormValidator profiles required by this module are expected to work with
the data and meta data.
- run_mode
- This is the name of the run mode that will handle this
upload. It defaults to ajax_upload_rm.
ajax_upload_default_profile¶
This returns a hash reference to the default Data::FormValidator profile. It can
be called as a class method.
_ajax_upload_rm¶
This private method forms the implementation of the run mode. It requires a
file CGI query parameter that provides the file data. Optionally it
also takes a
validate parameter that will make other more paranoid
checks. These checks are only optional because if the system is set up
correctly they should never fail.
It takes the following actions:
- --
- It will get the filename and data associated with the
upload and pass the data through the Data::FormValidator if a profile is
supplied.
- --
- If it fails the Data::FormValidator test a failed message
will be passed back to the caller.
- --
- If the validate parameter is set the setup will
check. If there is a problem a status message will be passed back to the
user.
- --
- The data will then be copied to the given file, its path
being the combination of the httpdocs_dir parameter, the
upload_subdir and the generated file name.
- -
- The successful JSON message will be passed back to the
client.
DIAGNOSTICS¶
Most error messages will be passed back to the client as a JSON message, though
in a sanitised form. One error 'Internal Error' is fairly generic and so the
underlying error message is written to standard error.
CONFIGURATION AND ENVIRONMENT¶
CGI::Application::Plugin::AJAXUpload requires no configuration files or
environment variables. However the client side code, the URL to run mode
dispatching and the general web server setup is not supplied.
DEPENDENCIES¶
This is using the "to_json" method from
CGI::Application::Plugin::JSON. As such that module needs to be exported
before this module. Or of course you could just define your own.
BUGS AND LIMITATIONS¶
Please report any bugs or feature requests to
"bug-cgi-application-plugin-ajaxupload@rt.cpan.org", or through the
web interface at <
http://rt.cpan.org>.
One really odd thing is that the content header of the AJAX reply cannot be
'application/json' as one would expect. This module sets it to
'text/javascript' which works. There is a very short discussion on the YUI
forum
<
http://yuilibrary.com/forum/viewtopic.php?f=89&t=4743&p=16459&hilit=POST+connection#p16459>.
AUTHOR¶
Nicholas Bamber "<nicholas@periapt.co.uk>"
LICENCE AND COPYRIGHT¶
Copyright (c) 2010, Nicholas Bamber "<nicholas@periapt.co.uk>".
All rights reserved.
This module is free software; you can redistribute it and/or modify it under the
same terms as Perl itself. See perlartistic.
The javascript code in the example draws heavily on the code provided by
AllMyBrain.com.
DISCLAIMER OF WARRANTY¶
BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE
SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE
SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO
THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR
CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO
LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR
THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER
SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.