Support » Developing with WordPress » Plugin Development with FabricJS

  • I’ve developed a plugin for a client as part of their website which allows the visitor to design a wristband. They can add images to the Wristband design as well as text.

    I’m making an ajax call to post the design as JSON to the cart.

    The issue I’m having is the the JSON data can be quite large if the images are big and then the clients hosting will not allow this and I get a “Request Entity Too Large” error. I have made the typical changes to the php.ini file to increase the POST size but this does not resolve the issue. I have been told its a memory issue with only allows a max of 1MB.

    I’ve tried to reduce the image sizes when adding them to the canvas but I cannot reduce them to far as this will affect printing.

    So I’m stuck now on what to do…

    I don’t really want to upload images as they are only in the cart and they may not check out, so that will use a lot of resources when they are not needed.

    Would appreciate any thoughts or ideas you might have to get around this issue as the client doesn’t want to change hosting providers (they are using Dreamhost).

    Thanks

    JB

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    The image data has to be stored somewhere accessible. If accepting image uploads is out of the question, you could require users to post their image to a public image sharing site like imgur.com. Some users may be reluctant to place their imagery where it’s publicly accessible. I think many sites provide for limited sharing. Your client could register on whatever site is chosen and users can specify their imagery can only be accessed by your client. Ideally the chosen site would also provide an API so the server or whatever app is actually using the image can automatically retrieve the image without human intervention.

    I understand your reasons for not wanting to accept uploads, but it seems like those objections could be addressed. You could have a CRON script automatically delete images in a particular folder after a certain period of time. Along with any other cart data. Make it clear that users must checkout within that period of time or their cart will be emptied. When they checkout, move their image to a different folder that is safe from the deletion script. I personally would much rather do this than trying to manage the above third party image sharing scheme.

    Thanks for the advice.

    I like the idea of allowing guests to upload their images and then doing a cleanup.

    Moderator bcworkz

    (@bcworkz)

    You can use wp_handle_upload() to help validate the upload, but it places files in the WP uploads folder, which is less than desirable. Fortunately, the “upload_dir” filter can be used to change the upload destination. Allowing file uploads involves some significant security risks. Do everything reasonable to ensure the upload is a valid image file. wp_handle_upload() only does some rudimentary checks. I’m not a security expert, but I’ve heard a good, if rather involved check for valid image files is to use the image editor to alter the image somehow, like scaling or cropping. If the editor indicates success, the file is very likely valid. The altered file itself could be discarded, keeping the original. Though a file that has been altered by the editor is less likely to contain any hidden malicious payload.

    Also quarantine the destination folder so that it can only be accessed by code that requires access. Be sure that the folder and its files do not have the executable file permission. Uploads should only be accepted from registered users. While allowing purchases without registering can normally be a nice feature, it’s contraindicated where accepting uploads is involved. Accepting registrations through disposable email services is also a bad idea. The fact that only files from paying customers are kept for any length of time is helpful. The shorter time unpaid cart files are kept is the better for security. Weigh the risks against the fact that excessive security measures can cause you to lose customers.

    You can use wp_schedule_event() to cause periodic clean up code to run instead of setting up a formal CRONTAB. For WP events to work properly, your site should have enough traffic to trigger the event actions on a regular basis. They are only triggered by server requests, not clock events. The clock is only a secondary parameter used after a request is received.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.