4.4: File Upload Control (Requires Server Controllers)
This control can be used to upload a file from you local computer to the server. You can drag the control onto a page in exactly the same manner as with other controls, but there are a few additional considerations due to the fact that a file is being uploaded instead of a simple value. This control supports two different approaches for handling the files uploaded to the server, Encode into Data and Upload to Directory, which are described in more detail below. For each control, you can choose which approach to use on the Page Display Bindings section of the Bindings tab on Page Design. Encode into Data This is the default option, and will cause the uploaded file to be base 64 encoded, with the resulting string inserted into the XML message. The Action Submission binding for each control indicates where the information will be inserted, and the following XML format will always be placed at this location:
<fileUpload success="true" name="myfile.png" type="image/png">base 64 encoded string</fileUpload>
The name attribute will contain the name of the file that has been uploaded, and the type attribute will indicate its mime type. If the upload fails for any reason then the success attribute will be set to false, and there will be an additional errorMsg attribute indicating the cause of the problem. Upload to Directory With this option, the uploaded file will be placed in a directory on the server rather than included in the XML message. In this mode, the information placed at the action submission binding location will be like the following:
<fileUpload success="true" name="myfile.png" type="image/png" location="c:\path\to\webapp\uploaded_files\01715441E103CDE532226B1C35826E17_myfile.png"/>
The success, name, and type attributes are the same as above. The location attribute will contain the full path to where the uploaded file has been placed. You can use file manipulation code/rules on the server to further process your uploaded files. By default, these files will be placed within a directory called uploaded_files located within the context location for the deployed web application. This means that they will be accessible to all users accessing the application. If required, you can change the directory in which the uploaded files are placed by editing the xgate.xml configuration file. (See section on the XGate Servlet.) This will contain a file_upload plugin element which can have an upload_dir attribute specified. If provided, this should contain the full path to the directory in which any uploaded files will be stored.
Restricting Selectable Files
When the Select File button is clicked, their browser will provide a standard file selection popup to enable the selection of the file that requires uploading. By default, this will show all files, but it is possible to suggest to the browser which types of files should be allowed. This can be done by adding a Custom Attribute to the control called accept, and a value indicating what files to allow, e.g. .png,.jpg. For more details on the supported values please see this page on the w3schools.com site. It is important to note that this is only a suggestion to the browser. Not all browsers support it, and those that do, still provide the option to select a different file. If required, you can perform some additional checks on the selected file by using an onchange event on the file upload control. This will be called whenever a file has been selected, and you can get the 'value' of the control to find the name of the selected file. (If using HTML5-compliant browsers you can obtain even more details using the File API) Regardless of any client-side checks and restrictions you put in place, there will still be ways for someone to circumvent them and send an arbitrary file to the server. Therefore, for security, you will need to add additional server-side checks as described below.
Customising Server-Side Functionality