In IE7 (and probably all famous browsers, including old Firefox 2), if we submit a file like '//server1/path/to/file/filename' it works properly and gives the full path to the file and the filename.
I have no clue how to overcome this 'new feature' because it causes all upload forms in my webapp to stop working on Firefox 3.
There's a major misunderstanding here. Why on earth do you need the full file path on the server side? Imagine that I am the client and I have a file at c:/path/to/passwords.txt
and I give the full file path to you. How would you as being a server ever get its contents? Do you have an open TCP connection to my local disk file system? Really?
It will only work when both the client and server runs at physically same machine, because you will then have the access to the same hard disk file system. This would obviously only occur when you're locally developing your website and thus both the webbrowser (client) and webserver (server) by coincidence runs at the same machine.
That the full file path is being sent in MSIE and other ancient webbrowsers is due to a security bug. The W3 and RFC2388 specifications have never mentioned to include the full file path. Only the file name. FireFox is doing its job correctly.
To handle uploaded files, you should not need to know the full file path. You should rather be interested in the full file contents which the client has already sent to the server in the request body in case of a multipart/form-data
request. Change your form to look like the following as stated in RFC2388:
<form action="upload-script-url" method="post" enctype="multipart/form-data">
<input type="file" name="file">
<input type="submit">
</form>
How to obtain the contents of the uploaded file in the server side depends on the server side programming language you're using.
Java/JSP: you'd like to use Apache Commons FileUpload API to parse it. You should end up with an InputStream
with the file contents which you in turn can write to any OutputStream
to your taste. You can find an example in this answer.
Java/JSF: you'd like to use Tomahawk's t:inputFileUpload
component or any other file upload component provided by the component library you're using. Also here, you'd like to obtain the file contents in flavor of an InputStream
. See this blog for an example.
PHP: the file contents is already implicitly stored on the temp disk. You'd like to use move_uploaded_file()
function to move it to the desired location. See also PHP manual.
ASP.NET: no detailed answer from me since I don't do it, but Google has found some examples for me: ASP.NET example, ASP.NET 2.0 example
Whenever you want to obtain the file name part of the uploaded file, you should trim the full path off from the file name. This information is namely completely irrelevant to you. Also see for example this Apache Commons FileUpload FAQ entry
Why does FileItem.getName() return the whole path, and not just the file name?
Internet Explorer provides the entire path to the uploaded file and not just the base file name. Since FileUpload provides exactly what was supplied by the client (browser), you may want to remove this path information in your application.