Welcome Guest! You need to login or register to make posts.

Notification

Icon
Error

Options
Go to last post Go to first unread
Jbam4d  
#1 Posted : Monday, May 22, 2006 11:04:09 PM(UTC)
Jbam4d

Rank: Member

Groups: Member
Joined: 5/22/2006(UTC)
Posts: 3

Is is possible to detect the original path of uploaded files from the clients computer?

I'm designing a site for a photo lab, they have clients who upload files from multiple folders on their computers. Sometimes these users have sepecific instructions regarding files uploaded from specific folders, like "Make these type prints for photos in Folder A, do black and white prints for images in Folder B, etc..."

So basically just trying to detect the name of the folder in which these images where located on the clients computer, so I can replicate the folder structure on the server after upload.

Thanks...

Fedor  
#2 Posted : Wednesday, May 24, 2006 2:01:30 AM(UTC)
Fedor

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 7/28/2003(UTC)
Posts: 1,546

Thanks: 5 times
Was thanked: 58 time(s) in 57 post(s)
Quote:
Jbam4d (5/23/2006)
Is is possible to detect the original path of uploaded files from the clients computer?

I'm designing a site for a photo lab, they have clients who upload files from multiple folders on their computers. Sometimes these users have sepecific instructions regarding files uploaded from specific folders, like "Make these type prints for photos in Folder A, do black and white prints for images in Folder B, etc..."

So basically just trying to detect the name of the folder in which these images where located on the clients computer, so I can replicate the folder structure on the server after upload.


All browsers send the original path of uploaded file in standard multipart/form-data request. Image Uploader sends it as well. Here is example how to get it in ASP.NET:

Code:
Dim sourceFile As HttpPostedFile = Request.Files("SourceFile_1")
Dim fileName As String = sourceFile.FileName '<----original file path on client computer


If you use any other server platform (ASP, JSP, PHP, Pythoin, Perl, Ruby and so on), then you can either check our examples, or let us know, and we will post here the code snippet for your target platform.

Also I should note, that some platforms (for example PHP) doesn't provide the access to orignal file path. In this case you can use FileName_N upload field to get it.

Edited by user Wednesday, December 19, 2007 4:39:32 PM(UTC)  | Reason: Not specified

Best regards,
Fedor Skvortsov
Jbam4d  
#3 Posted : Wednesday, May 24, 2006 6:58:40 AM(UTC)
Jbam4d

Rank: Member

Groups: Member
Joined: 5/22/2006(UTC)
Posts: 3

Thanks for youre response.

I did a bit of research and did discover that in the new version of IE (ver. 7) that a form post will no longer include path information.

This was on the MSDN website:

Internet Explorer 7 or later. To improve security and prevent disclosure of system configuration details, file names no longer include folder (directory) details when submitted to the server process

http://msdn.microsoft.com/libra.../forms/formsoverview.asp

Do you think this functionailty (reading the paths) could be incorporated into future releases of the ImageUploadeder to bypass this future security implementation? Or maybe it is already but I am missing something? I'm assuming that it is browser specific since ImageUploader just handles a form post, but not sure.

Thanks again,
Jeremy
Alex Makhov  
#4 Posted : Wednesday, May 24, 2006 12:17:25 PM(UTC)
Alex Makhov

Rank: Advanced Member

Groups: Member
Joined: 8/3/2003(UTC)
Posts: 998

Hello,

Both Image Uploaders (ActiveX and Java version) send the “SourceFile_NN” field no matter what browser they run at. So you will be able to process the path information any way.
Sincerely yours,
Alex Makhov

UserPostedImage Follow Aurigma on Twitter!
Fedor  
#5 Posted : Wednesday, May 24, 2006 12:25:40 PM(UTC)
Fedor

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 7/28/2003(UTC)
Posts: 1,546

Thanks: 5 times
Was thanked: 58 time(s) in 57 post(s)
I also want to add, that version 3.5 for ActiveX and version 1.5 for Java sends the full local path.

However I am not sure that we will remain the same functionality in new version, as due our approach Image Uploader should provide the same level of security and privacy as browser does.
Best regards,
Fedor Skvortsov
Jbam4d  
#6 Posted : Thursday, May 25, 2006 12:47:13 AM(UTC)
Jbam4d

Rank: Member

Groups: Member
Joined: 5/22/2006(UTC)
Posts: 3

Thanks, I got it figured out. Appreciate your help.

Yes I understand you wanting to replicate browser security, but being able to generate a folder structure on the server that matches the client is pretty useful. Important enough where we wouldn't upgrade to a future release if it didn't have that functionality.

Also, not sure why in the help guide it lists the field as 'SourceFileName_N'? That wasn't working until I dropped the 'source' text and just used 'FileName_N', which then was giving me the data in needed.

Thanks again.
janetsmith  
#7 Posted : Thursday, May 25, 2006 9:58:33 AM(UTC)
janetsmith

Rank: Member

Groups: Member
Joined: 2/1/2006(UTC)
Posts: 40

Yes, I agree with Jbam4d.

This feature can prevent user from uploading the same file to the server.
Fedor  
#8 Posted : Thursday, May 25, 2006 11:50:36 AM(UTC)
Fedor

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 7/28/2003(UTC)
Posts: 1,546

Thanks: 5 times
Was thanked: 58 time(s) in 57 post(s)
Quote:
Yes I understand you wanting to replicate browser security, but being able to generate a folder structure on the server that matches the client is pretty useful. Important enough where we wouldn't upgrade to a future release if it didn't have that functionality.


Our security approach is that common version of Image Uploader, which works on all domains, should have the same security level as browser has. However we can use less strict approach for private label version when Image Uploader is bound hard way to the specific domain. In this case the risk of cross site scripting attack is limited to the specific domain. So way if you use private label version, then we can built the version with less security level then browser has.

Quote:
Also, not sure why in the help guide it lists the field as 'SourceFileName_N'? That wasn't working until I dropped the 'source' text and just used 'FileName_N', which then was giving me the data in needed.


I am sorry, there was mistake in the documentation. That is why in previous post I have posted FileName_N instead of link to the online documentation. :) In Image Uploader 4.0 documentation we have fixed it already.
Best regards,
Fedor Skvortsov
Fedor  
#9 Posted : Thursday, May 25, 2006 12:00:46 PM(UTC)
Fedor

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 7/28/2003(UTC)
Posts: 1,546

Thanks: 5 times
Was thanked: 58 time(s) in 57 post(s)
Quote:
Yes, I agree with Jbam4d.

This feature can prevent user from uploading the same file to the server.


Well, may be in this case we should send something like MD5 hash code build from original file path. In this case you could compare hash codes instead of the file pathes.
Best regards,
Fedor Skvortsov
lwb1962  
#10 Posted : Thursday, June 21, 2007 11:39:21 PM(UTC)
lwb1962

Rank: Member

Groups: Member
Joined: 6/20/2007(UTC)
Posts: 5

I am not able to get the SourceFile_NN value no matter what (to be able to process the path information from the client side).
lwb1962  
#11 Posted : Friday, June 22, 2007 4:47:47 AM(UTC)
lwb1962

Rank: Member

Groups: Member
Joined: 6/20/2007(UTC)
Posts: 5

I am going to assume that the sourceFile.FileName value has been stripped in your compiled code so that it no longer contains the clients path because I am nt able to get anything back except the file name extension.
Alex Makhov  
#12 Posted : Sunday, June 24, 2007 12:41:08 PM(UTC)
Alex Makhov

Rank: Advanced Member

Groups: Member
Joined: 8/3/2003(UTC)
Posts: 998

Hello,

SourceFile_NN and sourceFile.FileName variables contain the file name with its extension only. Please, read the POST Field Reference article carefully.

Edited by user Monday, October 27, 2008 11:35:23 PM(UTC)  | Reason: Not specified

Sincerely yours,
Alex Makhov

UserPostedImage Follow Aurigma on Twitter!
lwb1962  
#13 Posted : Sunday, June 24, 2007 6:46:02 PM(UTC)
lwb1962

Rank: Member

Groups: Member
Joined: 6/20/2007(UTC)
Posts: 5

Hmmmm...please see page 1 of this topics posts...including yours:

Both Image Uploaders (ActiveX and Java version) send the “SourceFile_NN” field no matter what browser they run at. So you will be able to process the path information any way.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.