Hi Debra,
You can't really restrict the types of files being _uploaded_. (You can obviously check them when they arrive, and throw them away if you don't like them.) Even if the page itself limited the upload type though, it's certainly possible for anyone to bypass that so it would offer no security benefit. You must check on the server side to be sure.
>> How can I restrict the file size that can be uploaded?
WebServer procedure.
NetTalk extension
Settings / Security
"Maximum POST Size".
This limits the size of a single POST - which could include multiple files being uploaded. (If you are using the new Uploader though, each file is sent as a separate post, so this setting effectivly sets the max file size).
>> How can I restrict the types of files that can be saved after uploading?
WebHandler procedure, right-click, choose Source, and look for the
p_web.SaveFile PROCEDURE(STRING p_name,STRING p_filename,*STRING p_file,LONG p_len)
method. (hint, there are 2 SaveFile methods, you want the second one.)
In there, before the parent call, you can inspect the p_filename parameter and reject it by doing a RETURN before the PARENT call.
For example;
st StringTheory
code
st.SetValue(p_filename)
case lower(st.ExtensionOnly)
of 'zip'
orof 'png'
! do nothing, allow Parent call to work.
else
Return
end
Cheers
Bruce
Topic: File Upload - Restrict File Type and Size (Read 2479 times)