I’m using Ruby on Rails on my local WEBrick server.
I’m generating some images of websites from urls, writing them to my local filesystem, and displaying them. I name the images by their url but replace all \ with -. Some images seem to not be loading because it cannot find the images on my filesystem, and I get the broken image icon. However, I see that all the images are there when I check my filesystem.
This is the error I get in my logs:
Started GET "/images/image_site/http:--www.urbandictionary.com-define.php?term=slim%20shady.jpg?1309465379" for 127.0.0.1 at Thu Jun 30 13:23:06 -0700 2011
ActionController::RoutingError (No route matches "/images/image_site/http:--www.urbandictionary.com-define.php"):
This is my html code:
<img alt="Http:--www.urbandictionary.com-define.php?term=slim%20shady" class="site_image" src="/images/image_site/http:--www.urbandictionary.com-define.php?term=slim%20shady.jpg?1309465379">
What going on and how can I fix this? Please let me know if I need to provide more information.
Looks like you’re not properly encoding your image names in the
srcattribute. I’d guess that you have a file with a name like this:But when you have this:
The filename looks like this:
because everything after the first
?is considered to be part of the query string.Replacing the slashes with hyphens is not good enough, you’re still leaving all sorts of holes for confusion and nefarious intent. Instead, you should generate the image file names completely, something like
id.jpgwhereidis the image’s ID in your database. Then, store the original filename in your database and only show that filename (properly encoded!) to people, don’t use it in your local file system.A quick fix would be to properly URL encode your
srcattributes. But you really should fix up how you handle the images or you will leave yourself open to all sorts of trouble.