|
The FileUpload.Filename property return the filename without path.
The FileUpload.PostedFile.Filename property should return the fully qualified name, but it dosent!
It only return the filename whitout path.
What could be the problem?
Bear. | | BEARWHITE Thursday, October 01, 2009 5:51 PM | That's for security reasons. Providing the full path could potentially reveal the directory structure on the client, which might contain personal information (for instance, when uploading a file stored in the MyDocuments folder, the full path often contains the user name).
The uploaded path is (otionally) provided by the client and is therefore controlled by the browsers. Some decide not to send the full path for the aforementioned security concerns.
Firefox has been stripping the directory name for some time (I guess that was since version 3.0). IE8 has a setting ("Internet Options->Security->Custom Level->Miscellaneous->Include local directory path when uploading files to a server" aka URLAction) that is set to Disable by default on the Interet Zone. It is still enabled by default on Local Intranet, which is the environment you usually debug with, an this is a common source of elusive security related bugs.
I don't know what the other browsers are doing with this respect, but those two alone are more than enough: you cannot rely on having access to the full path of an uploaded file. You couldtry some javascript hack, but I would not rely on them in the long run.
HTH
--mc
- Unmarked As Answer byBEARWHITE Tuesday, October 06, 2009 5:53 AM
- Marked As Answer byBEARWHITE Friday, October 09, 2009 1:26 PM
- Marked As Answer byBEARWHITE Tuesday, October 06, 2009 5:52 AM
-
| | Mario Cossi Thursday, October 01, 2009 11:15 PM | That's for security reasons. Providing the full path could potentially reveal the directory structure on the client, which might contain personal information (for instance, when uploading a file stored in the MyDocuments folder, the full path often contains the user name).
The uploaded path is (otionally) provided by the client and is therefore controlled by the browsers. Some decide not to send the full path for the aforementioned security concerns.
Firefox has been stripping the directory name for some time (I guess that was since version 3.0). IE8 has a setting ("Internet Options->Security->Custom Level->Miscellaneous->Include local directory path when uploading files to a server" aka URLAction) that is set to Disable by default on the Interet Zone. It is still enabled by default on Local Intranet, which is the environment you usually debug with, an this is a common source of elusive security related bugs.
I don't know what the other browsers are doing with this respect, but those two alone are more than enough: you cannot rely on having access to the full path of an uploaded file. You couldtry some javascript hack, but I would not rely on them in the long run.
HTH
--mc
- Unmarked As Answer byBEARWHITE Tuesday, October 06, 2009 5:53 AM
- Marked As Answer byBEARWHITE Friday, October 09, 2009 1:26 PM
- Marked As Answer byBEARWHITE Tuesday, October 06, 2009 5:52 AM
-
| | Mario Cossi Thursday, October 01, 2009 11:15 PM | Yes - of course Mario!
Thank you for you reply.
BEAR - Unmarked As Answer byBEARWHITE Friday, October 09, 2009 1:26 PM
- Marked As Answer byBEARWHITE Tuesday, October 06, 2009 1:39 PM
-
| | BEARWHITE Tuesday, October 06, 2009 5:57 AM |
|
index > Visual C# Express Edition > FileUpLoad