I’m using AjaxUpload to successfully attach a file to a form. What I don’t want is for the attachment to be uploaded to a folder on the server - is this possible?
I guess the file has to be stored somewhere on the server between the time you upload it with AjaxUpload and the time the form is sent.
I suppose so, then how do I guarantee the uploaded files can’t be ‘discovered’?
The files are temporarily stored in the folder
assets/components/ajaxupload/cache/. The file name is a random hash and therefore hard to guess.
Make sure, that then content of the folder isn’t listed when the URL
https://www.yourdomain.com/assets/components/ajaxupload/cache/ is requested directly.
You could probably restrict the access to this folder with a
.htaccess file, but that would affect the thumbnails of the uploaded images in the form.
Maybe I’m misunderstanding but I seem to have to include the following in Formit and this specifies a folder to upload the file to. I can’t get the form to work without it…
&ajaxuploadFieldname=`image` &ajaxuploadTarget=`/uploads/` &ajaxuploadUid=`image`
I think you are right. It doesn’t seem to be possible to run the
AjaxUploadAttachments hook, without running the
AjaxUpload2Formit hook first. (Which seems a bit unnecessary if you only want to attach the files to an email.)
The simplest solution is probably to add a custom hook (after the
/uploads/ folder) after the email is sent successfully. (And also restrict all access to the
/uploads/ folder with
.htaccess for good measure.)
Another solution may be to write a custom “AjaxUploadAttachments” hook, that uses the files from the
/assets/components/ajaxupload/cache/ folder directly, without moving them first to another folder. This should be possible, but seems to be more complicated to program.
Thanks Harry - I’ll experiment and see what I can come up with.
The upload can’t be removed in the
AjaxUploadAttachments hook, since the file will be needed in the
Thank you for clarifying
Thank you Thomas - I’m not going to be able to test this until the end of the month I think, as I’ve put another solution in place for now. Would much sooner use this snippet if I can though.
The 1.6.6-rc1 package contains the AjaxUploadRemove hook that removes the upload after the email hook.