Upload file 2.0

Displays a text box and button that allows a user to upload a file in a specific category in Content Studio. The component also support anonymous users to upload files.

Component properties
Category	AS EPT
Version	1.0
Complies with Xhtml 1.0 / 1.1 rules	Yes
Supported server programming languages	C# Visual Basic.NET
Output content type	inline

When to use

This component is used to offer a possibility for visitor to upload a file on the Web site.

Upload file 2.0

Version:

1.0

Description:

Upload file (supports anonymous uploads). This component must be placed in a form element and the caller must have read, create, save and publish permission in the destination category.

Server language:

c#|vb

Upload destination:

A Content Studio category to upload file in. The caller must have read, create, save and publish permission in the category selected.

Component name:

variable name

A name that identifies this component. If you have more than one instance of the component on a single page this value must be unique for each instance.

Component options

Button text:

variable name

A text that should be the caption of the button used to open the dialog that performs the actual upload process.

Delete button text:

variable name

A text to that should be the caption of the delete button

Upload dialog options

Popup window width:

Specifies the width of the upload popup window.

Popup window height:

Specifies the height of the upload popup window.

Save/OK button text:

variable name

A text that should be the caption of the OK (Save file) button

Cancel button text:

variable name

A text that should be the caption of the button that cancels the upload process.

File upload caption:

variable name

A text that should act as a label for the textbox displayed next to the browse for file button. The caption of the this button is supplied by the web browser an cannot be configured.

Description text:

variable name

A text that should act as label for the textbox where the caller can enter a descriptive text for the file to upload.

File overwrite confirmation text:

variable name

A message to display if a user is about to overwrite an already uploaded file. If you add the % (percent) characted into the message this character will will be replaced with the actual filen name.

Text box class name.:

A CSS class that will be specified for the text boxes.

Button class name:

A CSS class name that will be applied to all of the buttons displayed during the upload process.

Attributes:

variable name

A value that specified attributes for the generated text box, ex. onclick="onButtonClick()". The value of this property must either be empty or a valid attribute syntax ex. onclick="onLinkClick();" style="color: grey". If this syntax is invalid an error will be generated

Upload properties and restrictions

Use original file name

Indicates whether to store the uploaded file in the server using the original file name or not. If not set Content Studio will provide a file name and the file cannot be updated later using this component. The format of this file name ensures that no one can detect it, ex. FF74BD2B-2FBE-40af-A1FD-AE07587AE883.jpg.

Show description field

A value that indicates whether the description field should be displayed or not. This field enables the caller to enter a description for the uploaded file.

Allow file overwrite

Allow users to overwrite existing files. This is a way to protect any file already uploaded into the category from beeing overwritten by this component.

Max file size:

Indicates a value the limits the maximum size of the files (in bytes) that can be uploaded. A value of zero indicates no limit.

Allowed file exensions:

variable name

A list of allowed file extensions. ex. jpg,gif,bmp. Use an empty value to allow any file extension.

Denied file extension:

variable name

A list of extensions. ex. jpg,gif,bmp that is not allowed to upload. Use an empty value to allow any file extension. If both allowed and denied extensions are specified the deny list is processed before the allow list.

Upload file 2.0: programming interface

Upload destination: A Content Studio category to upload file in. The caller must have read, create, save and publish permission in the category selected.
Component name: A name that identifies this component. If you have more than one instance of the component on a single page this value must be unique for each instance.
Component options
Button text: A text that should be the caption of the button used to open the dialog that performs the actual upload process.
Delete button text: A text to that should be the caption of the delete button
Upload dialog options
Popup window width: Specifies the width of the upload popup window.
Popup window height: Specifies the height of the upload popup window.
Save/OK button text: A text that should be the caption of the OK (Save file) button
Cancel button text: A text that should be the caption of the button that cancels the upload process.
File upload caption: A text that should act as a label for the textbox displayed next to the browse for file button. The caption of the this button is supplied by the web browser an cannot be configured.
Description text: A text that should act as label for the textbox where the caller can enter a descriptive text for the file to upload.
File overwrite confirmation text: A message to display if a user is about to overwrite an already uploaded file. If you add the % (percent) characted into the message this character will will be replaced with the actual filen name.
Text box class name.: A CSS class that will be specified for the text boxes.
Button class name: A CSS class name that will be applied to all of the buttons displayed during the upload process.
Attributes: A value that specified attributes for the generated text box, ex. onclick="onButtonClick()". The value of this property must either be empty or a valid attribute syntax ex. onclick="onLinkClick();" style="color: grey". If this syntax is invalid an error will be generated
Upload properties and restrictions
Use original file name: Indicates whether to store the uploaded file in the server using the original file name or not. If not set Content Studio will provide a file name and the file cannot be updated later using this component. The format of this file name ensures that no one can detect it, ex. FF74BD2B-2FBE-40af-A1FD-AE07587AE883.jpg.
Show description field: A value that indicates whether the description field should be displayed or not. This field enables the caller to enter a description for the uploaded file.
Allow file overwrite: Allow users to overwrite existing files. This is a way to protect any file already uploaded into the category from beeing overwritten by this component.
Max file size: Indicates a value the limits the maximum size of the files (in bytes) that can be uploaded. A value of zero indicates no limit.
Allowed file exensions: A list of allowed file extensions. ex. jpg,gif,bmp. Use an empty value to allow any file extension.
This property is used in the user interface to allow file extensions to upload. However since these extensions is passed as query strings a hacker can easily bypass the rules specified here. However in Content Studio there are several layers of security policies that prevent users from uploading dangerous files that can execute on the server. See the Remarks section for more information.
Denied file extension: A list of extensions. ex. jpg,gif,bmp that is not allowed to upload. Use an empty value to allow any file extension. If both allowed and denied extensions are specified the deny list is processed before the allow list.
This property is used in the user interface to restrict file extensions to upload. However since these extensions is passed as query strings a hacker can easily bypass the rules specified here. However in Content Studio there are several layers of security policies that prevent users from uploading dangerous files that can execute on the server. See the Remarks section for more information.

This component must be placed in a form element and the caller must have read, create, save and publish permission in the destination category.

Restriction for uploaded file types
By uploading files that can execute on the server such as ASPX or ASP files a hacker can gain some control over the server. For this reason Content Studio has several layers of security policies to prevent this. In the bottom there is the global WriteActiveContent policy that checks that any file type that can execute on the server side is prohibited for user that has not this "developer" policy set. As a second layer you should restrict allowed file extensions on the category to upload files to. By default all types of files are allowed to upload but it is wise to restrict this list to only the documents really needed. For more information see Content Studio security overview

The Upload file 2.0 AS component

Summary

When to use

Programming interface

Parameters

Remarks