tags:

views:

127

answers:

5
+1  Q: 

Find Path of File to be Uploaded

Hello all,

I would like to know the paths of certain files that a user is about to upload using my form. I know this isn't allowed using JavaScript for secruity reasons but the system I am building is an internal one for staff. Is there maybe a JavaScript certificate or something that I can place on our servers to say that I can do this? In the same way as Flash allows for a Policy file.

I had a quick google and could not find anything like the above. What are my options? I mean how can I get the paths of the file soon to be uploaded, I will take any sort of implementation idea to overcome this. If I can't find a solution then what I am trying to build is well and truly buggered!

I thought of asking users to upload a text file that contains these paths, but this isn't exactly user friendly.

Thanks all

A: 

JavaScript was designed this way for a reason. It prevents remote systems from snooping on the user. Doing otherwise would be a serious security problem.

If you really need to see the local file system you will have to use Java.

Diodeus  2009-10-27 15:34:14
Please note: I have said this is an internal system for the staff.
Abs  2009-10-27 15:35:36
That does not change the facts.
Diodeus  2009-10-27 15:36:55
The reason I commented the above was to let you know I am aware of the reason why file-paths are not left out in the open, as I said in my question.
Abs  2009-10-27 15:39:45
A: 

Maybe you can with a browser extension. You con overcome lots of restrictions from XUL in Firefox

Victor  2009-10-27 15:34:18
This might be an option, but then I will have to impose a restriction on staff to only use the FF browser.
Abs  2009-10-27 15:36:12
You can do extensions for IE as well, and I guess for Opera and eventually for Chrome, but that would be opening another can of worms, I see your point...
Victor  2009-10-27 15:39:08
Yes, I would like the problem solved but not to that extent. Thank you for the suggestion, at least I have options now.
Abs  2009-10-27 15:41:42
+1  A: 

You can get the path to be uploaded just fine, but you cannot change it...

var fil = document.getElementById("FileUpload1");
alert(fil.value); // will show file name
Josh Stodola  2009-10-27 15:40:28
It will only show filename, not file path, right?
Abs  2009-10-27 15:42:18
@Abs: that depends. See the MSDN docs for a possible solution for IE: http://msdn.microsoft.com/en-us/library/ms535128(VS.85).aspx
NickFitz  2009-10-27 15:52:50
I see, so on low security it works - just tried Blakewell's answer and I am sure Josh's will work now. Hmm, this might be the best solution, unless someone comes up with another idea! This one will work but then its an extra fact staff have to remember to do...
Abs  2009-10-27 15:56:51
@Abs: you should be able to specify that security setting for the Intranet zone in your Group Security Policy via Active Directory,or something like that - I'm not a Windows sysadmin, but I know that this kind of setting change should be deployed from a central location, rather than getting individuals to change it.
NickFitz  2009-10-27 16:23:35
Something to consider: I am not 100% certain, but I believe a posted file only includes the file name (not the path). So what you can do is, on your form submit event, you can grab the file value with Javascript and blow it into a hidden field to be submitted to the server.
Josh Stodola  2009-10-27 17:15:52
The problem is there is no way to reference that value (the full path) in all browsers.
Abs  2009-10-27 17:23:25
I understand that, but accept that this is as good as it gets.
Josh Stodola  2009-10-27 18:08:46
A: 

Why not open an OpenDialog box? This works well with IE, which you may be able to dictate since you are working internally. 

<html>
<head>
<script>
function attachFile(){
  document.forms[0]['file'].click();
  document.getElementById("FileOP").innerHTML += "<br />"+document.forms[0]['file'].value;
  return;
}
</script>
</head>
<body>
<form style="margin: 0px; padding: 0px;">
<input type="file" name="file" style="display: none" />
</form>

<a href="javascript:attachFile()">Attach File</a>
<br />
<div id="FileOP">
</div>
</body>
</html>
Blake Blackwell  2009-10-27 15:43:59
For me this returned "C:\fakepath\test.php"? On IE8, Windows Vista.
Abs  2009-10-27 15:48:41
Did you "Allow Blocked Content"? You can create your page as a "trusted site" to ignore this message once you get past this issue.
Blake Blackwell  2009-10-27 15:58:54
Also, what file did you select? If you selected "test.php" than that is what the OpenFileDialog would resolve to.
Blake Blackwell  2009-10-27 15:59:56
A: 

If you are open to browser extensions you might want to see if Google Gears would allow to do this. Its available for most browsers and platforms.

Craig  2009-10-28 04:01:06

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?