Input.uploadedFile
Input.uploadedFile($fieldName, $uploadDir, $allowedExtensions)
Description
Returns the uploaded file path for the given $fieldName.
Returns an empty string '' if it does not pass the following validation checks:
- Illegal file name patterns (e.g. '..')
- Common evasion tactics (e.g. double extensions)
- File extension is within list of
$allowedExtensions - File MIME type is inferred from file content and is a fuzzy match for the file extension.
If validated, the file will be written to $uploadDir with a random filename.
$uploadDir is relative to app/data/files. If it does not exist, it will be created.
We recommend creating a subfolder for every user.
// For the given tag:
// <input type="file" name="config">
$path = Input.uploadedFile('config', 'configs', ['json', 'xml']);
//= e.g. 'configs/fjwgSj73Fjs4q434q.json'
Complete example:
function main {
Response.sendPage({
body: formHtml(),
css: Css.plugin('base')
});
}
// Will automatically get called instead of 'main' when
// the form is submitted.
function post {
$exts = ['json', 'xml'];
$path = Input.uploadedFile('config', 'configs', $exts);
if $path {
print($path);
}
else {
print(Input.lastUploadError());
}
}
// Note: Upload forms need `enctype="multipart/form-data"`
template formHtml {
<main>
<h1>> Upload Config File
<form action="/upload" method="post" enctype="multipart/form-data">
{{ Web.csrfToken(true) }}
<input type="file" name="config">
<small>> Supported files: .json, .xml
<input type="submit" name="submit" value="Upload">
</>
</>
}