I have an input type="file" field that I am using to accept a file upload.
This works, but I'm having problems with the filename property.
In firefox, this:
MyInputField.postedfile.filename
returns the filename...and just the filename. Which is what I want.
In IE, however, this returns the ENTIRE local user's system path to the file
+ the filename. Which, is pretty useless for most applications. (Actually,
it seems like a security issue.)
Is there a workaround for this short of parsing the entire filepath looking
for backslashes? I can certainly do that, but maybe there is a better way to
grab just the filename when the end-user is using IE.
-Darrel
10  2767 
Check the FileInfo class.
Darrel,
System.IO.Path.GetFileName (MyInputField.postedfile.filename)
will always return the filename and extension regardless of the browser
type.
Eliyahu
"darrel" <no*****@hotmail.com> wrote in message
news:Oi*************@TK2MSFTNGP12.phx.gbl... I have an input type="file" field that I am using to accept a file upload.
This works, but I'm having problems with the filename property.
In firefox, this:
MyInputField.postedfile.filename
returns the filename...and just the filename. Which is what I want.
In IE, however, this returns the ENTIRE local user's system path to the
file + the filename. Which, is pretty useless for most applications. (Actually,
it seems like a security issue.)
Is there a workaround for this short of parsing the entire filepath
looking for backslashes? I can certainly do that, but maybe there is a better way
to grab just the filename when the end-user is using IE.
-Darrel
System.IO.Path.GetFileName(string);
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.
"darrel" <no*****@hotmail.com> wrote in message
news:Oi*************@TK2MSFTNGP12.phx.gbl... I have an input type="file" field that I am using to accept a file upload.
This works, but I'm having problems with the filename property.
In firefox, this:
MyInputField.postedfile.filename
returns the filename...and just the filename. Which is what I want.
In IE, however, this returns the ENTIRE local user's system path to the
file
+ the filename. Which, is pretty useless for most applications. (Actually,
it seems like a security issue.)
Is there a workaround for this short of parsing the entire filepath
looking
for backslashes? I can certainly do that, but maybe there is a better way
to
grab just the filename when the end-user is using IE.
-Darrel
> System.IO.Path.GetFileName (MyInputField.postedfile.filename)
will always return the filename and extension regardless of the browser
type.
Easy enough.
Out of curiosity, isn't IE's default behavior a bit of a security issue? It
seems odd that I can grab somone's entire directory structure to the file
they are uploading.
-Darrel
> Out of curiosity, isn't IE's default behavior a bit of a security issue? It
seems odd that I can grab somone's entire directory structure to the file
they are uploading.
First, you are only getting the directory path to a single file, not their
entire directory structure. Second, your server-side app has no access to
the client's file system. Third, the entire path is used by IE to upload the
file. Fourth, the app is not "grabbing" the file path; the user is
voluntarily supplying it.
IOW, if there was a security issue, it would have been taken care of, as
have the existing security issues.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.
"darrel" <no*****@hotmail.com> wrote in message
news:us**************@TK2MSFTNGP09.phx.gbl... System.IO.Path.GetFileName (MyInputField.postedfile.filename)
will always return the filename and extension regardless of the browser
type.
Easy enough.
Out of curiosity, isn't IE's default behavior a bit of a security issue?
It
seems odd that I can grab somone's entire directory structure to the file
they are uploading.
-Darrel
i disagree, i believe it to be a security bug, but a low priority one. after
upload, the server knows one valid dir path, it can use in an attack.
-- bruce (sqlwork.com)
"Kevin Spencer" <ke***@DIESPAMMERSDIEtakempis.com> wrote in message
news:OD**************@TK2MSFTNGP12.phx.gbl... Out of curiosity, isn't IE's default behavior a bit of a security issue?
It
seems odd that I can grab somone's entire directory structure to the file
they are uploading.
First, you are only getting the directory path to a single file, not their
entire directory structure. Second, your server-side app has no access to
the client's file system. Third, the entire path is used by IE to upload
the file. Fourth, the app is not "grabbing" the file path; the user is
voluntarily supplying it.
IOW, if there was a security issue, it would have been taken care of, as
have the existing security issues.
--
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
What You Seek Is What You Get.
"darrel" <no*****@hotmail.com> wrote in message
news:us**************@TK2MSFTNGP09.phx.gbl... System.IO.Path.GetFileName (MyInputField.postedfile.filename)
will always return the filename and extension regardless of the browser
type.
Easy enough.
Out of curiosity, isn't IE's default behavior a bit of a security issue?
It
seems odd that I can grab somone's entire directory structure to the file
they are uploading.
-Darrel
Well, Bruce, if you're correct, it will be addressed at some future point.
Personally, I don't see the need to send the entire path to the server, so
it could be remedied by browser manufacturers, working with the W3C.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.
"Bruce Barker" <br******************@safeco.com> wrote in message
news:Ow**************@TK2MSFTNGP15.phx.gbl... i disagree, i believe it to be a security bug, but a low priority one.
after upload, the server knows one valid dir path, it can use in an attack.
-- bruce (sqlwork.com)
"Kevin Spencer" <ke***@DIESPAMMERSDIEtakempis.com> wrote in message
news:OD**************@TK2MSFTNGP12.phx.gbl... Out of curiosity, isn't IE's default behavior a bit of a security issue?
It
seems odd that I can grab somone's entire directory structure to the
file
they are uploading.
First, you are only getting the directory path to a single file, not
their entire directory structure. Second, your server-side app has no
access to the client's file system. Third, the entire path is used by IE
to upload the file. Fourth, the app is not "grabbing" the file path; the
user is voluntarily supplying it.
IOW, if there was a security issue, it would have been taken care of, as
have the existing security issues.
--
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
What You Seek Is What You Get.
"darrel" <no*****@hotmail.com> wrote in message
news:us**************@TK2MSFTNGP09.phx.gbl... System.IO.Path.GetFileName (MyInputField.postedfile.filename)
will always return the filename and extension regardless of the browser
type.
Easy enough.
Out of curiosity, isn't IE's default behavior a bit of a security issue?
It
seems odd that I can grab somone's entire directory structure to the
file
they are uploading.
-Darrel
> First, you are only getting the directory path to a single file, not their entire directory structure. Second, your server-side app has no access to
the client's file system. Third, the entire path is used by IE to upload
the file. Fourth, the app is not "grabbing" the file path; the user is
voluntarily supplying it.
IOW, if there was a security issue, it would have been taken care of, as
have the existing security issues.
Well, everything you said made perfect sense. Well, except that last
sentence, which we all know isn't entirely true. ;o) ;o) ;o)
-Darrel
>Well, except that last sentence, which we all know isn't entirely true. ;o) ;o) ;o)
Note that I didn't say in my response to Bruce that he was correct. I said
"IF he is correct." My feeling is that there is no security issue there.
Otherwise, it would have been addressed by now. But I can't say with any
authority.
Perhaps it would be better to say that the last point is debatable. ;-)
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.
"darrel" <no*****@hotmail.com> wrote in message
news:eE*************@TK2MSFTNGP09.phx.gbl... First, you are only getting the directory path to a single file, not
their
entire directory structure. Second, your server-side app has no access to
the client's file system. Third, the entire path is used by IE to upload
the file. Fourth, the app is not "grabbing" the file path; the user is
voluntarily supplying it.
IOW, if there was a security issue, it would have been taken care of, as
have the existing security issues.
Well, everything you said made perfect sense. Well, except that last
sentence, which we all know isn't entirely true. ;o) ;o) ;o)
-Darrel
Perhaps it would be better to say that the last point is debatable. ;-)
We can agree on that. ;o)
-Darrel This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Jesper Hermansen |
last post by:
Hi!
I'm making a system that will generate Winamp-playlists.
To make it easy for the user to add a file to the list, I'm using <input
type="file">.
The problem with this is that I only get...
|
by: hamacher |
last post by:
I have a particular need to an application . . .
I need users to specify a directory (with path) on their filesystem on
an HTML page. All I need at the server is a string representation of
the...
|
by: Laermans_k |
last post by:
Hi,
Does anyone have a solution to use the <input type="file"
id="filechooser"> and the <input type="submit" id="submitbutton"> in 1
button click?
I've already tried to create a javascript...
|
by: Mr Gordonz |
last post by:
Hi all,
I want to put a button on a page, and when the user clicks it, the standard
Windows "Open File" dialogue box opens, and the user can browse/select a
file on their PC. Having selected a...
|
by: Mark Sandfox |
last post by:
Is there a way to restrict the user to only selecting and sending either a
..gif or .jpg. Everything I have read says this option can not be done by
design (security reasons). I find that irronic...
|
by: IkBenHet |
last post by:
Hello,
I am uploading a file using this form in ASP.NET. I have also added a
simpel textfield:
<form runat="server" enctype="multipart/form-data">
<input type="file" id="oFile" Name="oFile"...
|
by: Robert S |
last post by:
I am trying to use POST to transfer data to another page. When I do
this, '.' characters get converted to"_". For example:
#index.html:
<form action="test.php" method="post">
<input...
|
by: kevin |
last post by:
Hi, I am trying to create a page so the user can browse the network,
select a file and have that file name (text) inserted into our sql DB
so I can build the hyperlink path later on.
Here's what...
|
by: cssExp |
last post by:
alright suppose i have the following.
<input type="file" name="upload" />
<input type="text" name="discription" />
<input type="image" onclick="addFile();" src="images/addfile.jpg" name="add"...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
