Voja Nejeem
|
| Posted: 09/29/2004, 1:09 AM |
|
Hi All,
Can somebody please explain the idea of the File Upload component? Is it for general file uploads to the server or does the uploaded file have to be stored in a database?
I inserted a file upload component on a blank page, and ccs inserted a Record form. I could upload a file to the temporary folder, but it didn't get transferred to the file folder. Is that a step I have to do myself? Also, I couldn't add more than one file to upload, although it looks like I should be able to add several files, and it should list their names and sizes, and I should be able to tick some and delete them before uploading
And what does it mean to put a file uploader in an editable grid? Does that mean that each record that is displayed can have its own set of upload files?
I'm finding this all a bit confusing, so any help is appreciated. I am using ccs version 2.3.2 with jsp.
Thank you.
Voja
|
|
|
 |
peterr
Posts: 5971
|
| Posted: 09/29/2004, 2:16 AM |
|
Voja,
We do not recommend uploading files to the database. The File Upload component uploads files to the server.
The File Upload component is just a control like TextBox, ListBox, etc. therefore it should be placed within forms in the same way. For example you could change a TextBox to FileUpload and then it will act little differently - by allowing you to upload a file and store its filename in the database field.
Uploading multiple files requires an application, just like adding multiple records in the database is handled by an application consisting of a form of two. For example it wouldn't make sense for a TextBox to allow you to add several Employee Names at the same time. Instead, you could create a record form or editable grid. In the same way you can create your own application that allows multiple file uploads, whether via a record form, or an editable grid. Thus you can use the File Upload control to create what you described, or anything else that handles files.
Each record can have its own set of uploaded files if you create an additional table to store such one-to-many or many-to-many relations. This would be same as storing multiple tasks assigned to each person.
If your files don't get transferred to the file folder then this could be a technical issue that you can report to our support.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
 |
|
Voja Nejeem
|
| Posted: 09/29/2004, 5:06 AM |
|
Hi Peter,
Thank you for your help - it's starting to make sense.
Are there any tutorials or code samples you could point me to that demonstrate using the file uploader?
Voja
|
|
|
|
peterr
Posts: 5971
|
| Posted: 09/29/2004, 6:16 AM |
|
The basic example would be to just insert the FileUpload component into a Record form.
I am not aware of more complex examples at this time except those from dataobjx: http://forums.codecharge.com/posts.php?post_id=50791&s_keyword=upload
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
Kevin A
|
| Posted: 01/18/2005, 11:33 PM |
|
 I tried your file upload tool (FUT) several version ago and decided to wait until it matured. I just installed the latest version of CCS and have a project that requires upload functionality so I build a new page and inserted the FUT. I found that the file name of the file is modified by prefixing a timestamp and then your FUT inserted the new filename into the database. There does not appear to be a means to tell the FUT to LEAVE THE FILE NAME ALONE.
By changing the code in the function InsertRow():
$this->ds->FileUpload->SetValue(substr(strstr($this->FileUpload->GetValue(),'.'),1));
I end up with the real file name in the database and by changing the code in the Classes.php/function move(): else if (!@copy($this->TemporaryFolder . $this->Value, $this->FileFolder . $FileName)) I set the file name to the real file name.
Will CCS PLEASE setup a checkbox that fixes this?
|
|
|
|
peterr
Posts: 5971
|
| Posted: 01/19/2005, 9:47 PM |
|
That could open up a security hole and I don't think that we'd want to add an option that supports security vulnerabilities.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
Kevin
|
| Posted: 01/20/2005, 12:12 AM |
|
Could you point me to some reading on this 'security hole'? I must not understand what is going on....
Thanks
|
|
|
|
peterr
Posts: 5971
|
| Posted: 01/20/2005, 12:59 AM |
|
I'm not aware of such readings/materials since this issue is related to application design and I don't know which applications have particular problems and who describes them.
In multiuser environment the simplest problem would be, for example, that a manager can upload a file named 'salaries.xls' and an employee can overwrite it with his version of the same filename, could be by accident or maliciously. This assumes common application design where different user roles may be uploading files into the same location on the system. Of course this scenario can be prevented by the developer (you), but since CCS is used to output almost-complete applications it still may not be a good idea for us to put other developers at risk.
Another scenario is that a user may know the filename used and uploaded by someone else and access it on his computer. The access to Web pages can be restricted within CCS for each user group, but not to the filesystem.
And other vulnerability scenerios may be possible depending on the application. Thus it could be even more embarassing if someone found and described specific vulnerability and say that we included an option for it. I guess a programming method for this could be provided if we receive requests from more users for this with more details - at least then if a security alert is issued we'd point to those requests
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
|
