Re: multiple file upload and CGI

nosbod, I have struggled with this myself and believe the limitation is in the HTML enctype="multipart/form-data" capability. My only "solution" is to offer the user a bunch of <input type="file"... fields on the form and then loop through my upload function in my Perl. I've seen several other sites do this as well, often asking for the number of files to upload first and then presenting as many file fields on a refreshed form.

OT: I also find it interesting that I can do nothing with this field on the client side, pre-server validation with javascript for e.g.

—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Comment on Re: multiple file upload and CGI Select or Download Code

Replies are listed 'Best First'.
[OT] File inputs and Javascript by Errto (Vicar) on Jan 25, 2005 at 14:16 UTC
OT: I also find it interesting that I can do nothing with this field on the client side, pre-server validation with javascript for e.g. I too have been bitten by this, but believe me it's a good idea. If this were not true, then any website you go to with Javascript turned on could have an invisible frame with a form and a file input button. Then a Javascript function could set the value to a known file location and submit it, and presto, some vital file from your hard drive has been whisked off to a server you don't know. I guess it could be less dangerous if it were read-only from scripts but even still...	[reply]
Re: [OT] File inputs and Javascript by mpeters (Chaplain) on Jan 25, 2005 at 17:17 UTC
Even if it's read-only, it could potentially give the webpage at least knowledge of your file tree. And this is sometimes too much information.	[reply]
Re: [OT] File inputs and Javascript by ryantate (Friar) on Jan 26, 2005 at 00:54 UTC
a Javascript function could set the value to a known file location and submit it, and presto, some vital file from your hard drive has been whisked off to a server you don't know. This hypothetical is no different from what theoretically could happen with the current DOM-integrated file upload form element. As it happens, secure modern JS implementations do the right thing and do not allow the behavior you describe. I am no big JS apologist but I happen to be reading O'Reilly's "Javascript: The Definitive Guide" and this specific issue was just covered. I would welcome adding directory-upload functionality to client-side JS.	[reply]