Input.getUploadedFile

Input.getUploadedFile($fieldName, $uploadDir, $allowedExtensions, $maxFileSizeKb = 0) -> string

Description

Returns the uploaded file path for the given $fieldName.

Returns an empty string '' if it does not pass validation (see below).

If validated, the file will be written to $uploadDir with a random filename.

$uploadDir is relative to app/data/files. If the directory does not exist, it will be created.

Validation Checks

A file is not valid in the following cases:

Illegal file name patterns (e.g. '..')
Common evasion tactics (e.g. double extensions)
File extension is not within list of $allowedExtensions
File MIME type (as detected by the file content) does not match file extension.

Example

// HTML tag:
// <input type="file" name="config">

$path = Input.getUploadedFile('config', 'configs', ['json', 'xml'])

//= e.g. 'configs/fjwgSj73Fjs4q434q.json'

Complete example:

fn main {
    Output.sendPage({
        main: formHtml(),
    })
}

// Will automatically get called instead of 'main' when
// form is submitted.
fn mainPost {

    $path = Input.getUploadedFile('config', 'configs', ['json'])

    if $path {
        $content = File.read($path, true)
        $data = Json.decode($data)
        print($data)
    }
    else {
        print(Input.getUploadError())
    }
}

// Note: Upload forms need enctype="multipart/form-data".
tm formHtml {

    <h1> Upload Config File

    <form action="/upload" method="post" enctype="multipart/form-data">
        {{ Web.csrfToken(true) }}

        <input type="file" name="config">
        <small> Supported files: .json, .xml

        <button type="submit">Upload</button>
    </>
}

Input.getUploadedFile

Description

Validation Checks

Example

See Also