Input.uploadedFile
Input.uploadedFile($fieldName, $uploadDir, $allowedExtensions)
Description
Returns the uploaded file path for the given $fieldName
.
Returns an empty string ''
if it does not pass the following validation checks:
- Illegal file name patterns (e.g. '..')
- Common evasion tactics (e.g. double extensions)
- File extension is within list of
$allowedExtensions
- File MIME type is inferred from file content and is a fuzzy match for the file extension.
If validated, the file will be written to $uploadDir
with a random filename.
$uploadDir
is relative to app/data/files
. If it does not exist, it will be created.
We recommend creating a subfolder for every user.
// For the given tag: // <input type="file" name="config"> $path = Input.uploadedFile('config', 'configs', ['json', 'xml']); //= e.g. 'configs/fjwgSj73Fjs4q434q.json'
Complete example:
function main { Response.sendPage({ body: formHtml(), css: Css.plugin('base') }); } // Will automatically get called instead of 'main' when // the form is submitted. function post { $exts = ['json', 'xml']; $path = Input.uploadedFile('config', 'configs', $exts); if $path { print($path); } else { print(Input.lastUploadError()); } } // Note: Upload forms need `enctype="multipart/form-data"` template formHtml { <main> <h1>> Upload Config File <form action="/upload" method="post" enctype="multipart/form-data"> {{ Web.csrfToken(true) }} <input type="file" name="config"> <small>> Supported files: .json, .xml <input type="submit" name="submit" value="Upload"> </> </> }