The File Upload builder allows users to copy files from their client computer to a specific directory on the machine hosting the IBM® WebSphere® Portlet Factory servlet.
To support this upload functionality, the File Upload builder creates a page control that is used for selecting and uploading a file to the server. The HTML control created is of the form <input type="FILE"/>
. This control must exist within a <form>
element on the page.
For an HTML page which has a control such as <span name="uploadit" />
or pre-existing <input name="uploadit"/>
, you can apply this builder to that control, and the necessary attributes of that control are set for file upload. The parent form has its encoding type set appropriately for file upload and the form method is set to type POST
Post such elements with an <input type="submit">
button. For example, if you use the Button builder to enable form submission, for the Action Type
input, select Submit form and invoke action
, not Link to an action
WebSphere Portlet Factory must have file upload functionality enabled by a property setting.
File Upload builder operation
When the page is submitted, the following actions occur.
The builder checks for the maximum file size.
The file is uploaded in the directory specified in the builder subfolder input, provided that the file does not have the same name as a previously saved file in the directory.
The file is saved with the name specified.
The builder verifies whether a pre-existing file with the same name should be overwritten.
Once the file is uploaded to the server, the full path to the generated file is placed in the request input of the current HTTP request.
The location in the WAR (under WEB-INF/) to which files are uploaded by default is by necessity a temporary location.
Your application should treat it as such and move the files to the ultimate location after verifying they're appropriate to the application (right file extension(s), appropriate content, etc).
The location in the WAR doesn't make sense for long term storage for multiple reasons, including but possibly not limited to:
- the fact that the WAR on disk may be wiped out and replaced on a redeploy
- Use of a multinode cluster with multiple copies of the WAR on disk(s).
For security reasons, you should not enable file upload directly into the servable content area of the deployed application, to prevent malicious content from being uploaded into a location then downloadable from a browser.
The initial temporary upload location should be located below the WEB-INF folder of the deployed application, specifically for holding temporary uploaded files until the application has validated them and relocated them to a more permanent location.
Parent topic: Builder help
About using the builder call editor
Overview: creating forms
Files that are excluded from source control
Locating control builder calls on pages