I’m using AjaxUpload to successfully attach a file to a form. What I don’t want is for the attachment to be uploaded to a folder on the server - is this possible?
I guess the file has to be stored somewhere on the server between the time you upload it with AjaxUpload and the time the form is sent.
I suppose so, then how do I guarantee the uploaded files can’t be ‘discovered’?
The files are temporarily stored in the folder assets/components/ajaxupload/cache/. The file name is a random hash and therefore hard to guess.
Make sure, that then content of the folder isn’t listed when the URL https://www.yourdomain.com/assets/components/ajaxupload/cache/ is requested directly.
You could probably restrict the access to this folder with a .htaccess file, but that would affect the thumbnails of the uploaded images in the form.
Maybe I’m misunderstanding but I seem to have to include the following in Formit and this specifies a folder to upload the file to. I can’t get the form to work without it…
&ajaxuploadFieldname=`image`
&ajaxuploadTarget=`/uploads/`
&ajaxuploadUid=`image`
I think you are right. It doesn’t seem to be possible to run the AjaxUploadAttachments hook, without running the AjaxUpload2Formit hook first. (Which seems a bit unnecessary if you only want to attach the files to an email.)
The simplest solution is probably to add a custom hook (after the email hook) that deletes the files again (from the /uploads/ folder) after the email is sent successfully. (And also restrict all access to the /uploads/ folder with .htaccess for good measure.)
Another solution may be to write a custom “AjaxUploadAttachments” hook, that uses the files from the /assets/components/ajaxupload/cache/ folder directly, without moving them first to another folder. This should be possible, but seems to be more complicated to program.
Thanks Harry - I’ll experiment and see what I can come up with.
The upload can’t be removed in the AjaxUploadAttachments hook, since the file will be needed in the email hook afterwards. You have to remove the attachment after the email hook as stated by Harry. Maybe there will be a new AjaxUpload version with a hook that removes the file.
1 Like
Thank you for clarifying
Please check this: https://github.com/Jako/AjaxUpload/raw/228bd3734aa7046da72377f5e9055b4ba88bf448/_packages/ajaxupload-1.6.6-rc1.transport.zip
Thank you Thomas - I’m not going to be able to test this until the end of the month I think, as I’ve put another solution in place for now. Would much sooner use this snippet if I can though.
The 1.6.6-rc1 package contains the AjaxUploadRemove hook that removes the upload after the email hook.