Summary
Displays a text box and button that allows a user to upload a file in a specific category in Content Studio. The component also support anonymous users to upload files.
Category | AS EPT |
Version | 1.0 |
Complies with Xhtml 1.0 / 1.1 rules | Yes |
Supported server programming languages | C# Visual Basic.NET |
Output content type | inline |
When to use
This component is used to offer a possibility for visitor to upload a file on the Web site.
Programming interface
Parameters
- Upload destination
- A Content Studio category to upload file in. The caller must have read, create, save and publish permission in the category selected.
- Component name
- A name that identifies this component. If you have more than one instance of the component on a single page this value must be unique for each instance.
- Component options
- Button text
- A text that should be the caption of the button used to open the dialog that performs the actual upload process.
- Delete button text
- A text to that should be the caption of the delete button
- Upload dialog options
- Popup window width
- Specifies the width of the upload popup window.
- Popup window height
- Specifies the height of the upload popup window.
- Save/OK button text
- A text that should be the caption of the OK (Save file) button
- Cancel button text
- A text that should be the caption of the button that cancels the upload process.
- File upload caption
- A text that should act as a label for the textbox displayed next to the browse for file button. The caption of the this button is supplied by the web browser an cannot be configured.
- Description text
- A text that should act as label for the textbox where the caller can enter a descriptive text for the file to upload.
- File overwrite confirmation text
- A message to display if a user is about to overwrite an already uploaded file. If you add the % (percent) characted into the message this character will will be replaced with the actual filen name.
- Text box class name.
- A CSS class that will be specified for the text boxes.
- Button class name
- A CSS class name that will be applied to all of the buttons displayed during the upload process.
- Attributes
- A value that specified attributes for the generated text box, ex. onclick="onButtonClick()". The value of this property must either be empty or a valid attribute syntax ex. onclick="onLinkClick();" style="color: grey". If this syntax is invalid an error will be generated
- Upload properties and restrictions
- Use original file name
- Indicates whether to store the uploaded file in the server using the original file name or not. If not set Content Studio will provide a file name and the file cannot be updated later using this component. The format of this file name ensures that no one can detect it, ex. FF74BD2B-2FBE-40af-A1FD-AE07587AE883.jpg.
- Show description field
- A value that indicates whether the description field should be displayed or not. This field enables the caller to enter a description for the uploaded file.
- Allow file overwrite
- Allow users to overwrite existing files. This is a way to protect any file already uploaded into the category from beeing overwritten by this component.
- Max file size
- Indicates a value the limits the maximum size of the files (in bytes) that can be uploaded. A value of zero indicates no limit.
- Allowed file exensions
-
A list of allowed file extensions. ex. jpg,gif,bmp. Use an empty value to allow
any file extension.
This property is used in the user interface to allow file extensions to upload. However since these extensions is passed as query strings a hacker can easily bypass the rules specified here. However in Content Studio there are several layers of security policies that prevent users from uploading dangerous files that can execute on the server. See the Remarks section for more information.
- Denied file extension
-
A list of extensions. ex. jpg,gif,bmp that is not allowed to upload. Use an empty
value to allow any file extension. If both allowed and denied extensions are specified
the deny list is processed before the allow list.
This property is used in the user interface to restrict file extensions to upload. However since these extensions is passed as query strings a hacker can easily bypass the rules specified here. However in Content Studio there are several layers of security policies that prevent users from uploading dangerous files that can execute on the server. See the Remarks section for more information.
Remarks
This component must be placed in a form element and the caller must have read, create, save and publish permission in the destination category.
Restriction for uploaded file types
By uploading files that can execute on the server such as ASPX or ASP files a hacker
can gain some control over the server. For this reason Content Studio has several
layers of security policies to prevent this. In the bottom there is the global