Vulnerability in EPiServer.Forms
I know how to upload files programmatically with the BlobFactory.
This is my code:
var file = _contentRepository.Service.GetDefault<GenericMedia>(SiteDefinition.Current.GlobalAssetsRoot);
file.Name = createMessageFileData.FileName;
var fileExtension = createMessageFileData.FileName.Split('.');
var blob = _blobFactory.Service.CreateBlob(file.BinaryDataContainer, fileExtension[fileExtension.Length - 1]);
using (var s = blob.OpenWrite())
using (var sw = new StreamWriter(s))
file.BinaryData = blob;
return _contentRepository.Service.Save(file, SaveAction.Publish);
At the first line, I specify where I want to store the file.
Is there any way to specify a custom place to store the files unavailable for editors?
Do you mean you want to upload the files to a folder that the Editors cannot access?
Yes. That's correct.
I want to use the Blob Storage to store files, but unavailable for editors.
Can you upload to folder that has restricted access rights to it?
Well... That would work. But what I really want is to upload files outside of EPiServer, but I want to use the Blob Storage since it's easy to work with and I don't want to waste time creating my own logic to upload files to the webserver.
If this isn't possible I guess it's easier to create my own logic and it will also be easier to test(?).
Then I might use restricted folder for that - as "outside" of EPiServer using EPiServer blob storage as "proxy" is interesting case :)
If that's not a EPiServer site underneath - take care of licensing issues..
Ok, thanks for answering. Yes, it is indeed an interesting case. Maybe it's possible to use virtual paths instead?
FYI, there is an EPiServer site underneath. I don't understand what you mean "- take care of licensing issues..".
Thanks nontheless, Valdis. :)
I mean case when you would use just EPiServer empty site to upload files to server :)
Maybe not best practice... But you could create your own ContentFolder programmatically under root, and mess around with that. Maybe there's a better way to do it though. Haven't worked that much with this yet.
Another tip, to get Filenames, extension etc you can use the class "Path", it has some nice static methods.. :)
var _contentRepository = EPiServer.ServiceLocation.ServiceLocator.Current.GetInstance<EPiServer.IContentRepository>();
var test = _contentRepository.GetDefault<ContentFolder>(ContentReference.RootPage);
test.Name = "Test";
_contentRepository.Save(test, EPiServer.DataAccess.SaveAction.Publish, EPiServer.Security.AccessLevel.NoAccess);
One way is to configure your system to have two blob providers (e.g. FileBlobProvider) with two different physical paths, the one marked as default is the one that will be used from UI etc. You can then programatically save your "hidden" files to the non-default provider by calling GetProvider in BlobFactory.
This is exactly what I want. I will try it out and post my results here when I'm finished.
Tip: You can specify a location in the FileBlobProvider constructor:
var provider = new FileBlobProvider("c:\\mycustomlocation");
Here's the code you need to change:
var file1 = contentRepository..GetDefault<GenericMedia>(SiteDefinition.Current.GlobalAssetsRoot);
You're setting the GlobalAssetsRoots as the parent folder. Change it to current page instead.