Vulnerability in EPiServer.Forms
Now I have got a question from my customer if there is an easy way to create a registrationform from which the enduser can upload multiple files? The form enduser should be able to enter name and some other information, in addition to uploading files from their PC. In addition there should be an restriction to the files being uploaded (fileextenxions, size of the file etc).
My question is: How can I do this in CMS 6?
If you would like it to be a part of Xforms, Anders Hattestad presents this solution: http://world.episerver.com/Blogs/Anders-Hattestad/Dates/2013/1/Upload-within-Xform/
Not very easy, but fully possible :)
Once the form is submitted, you can create a HttpPostedFile-object of the posted file, and find a lot of interesting information :) It's all shown in Anders example above.
It my come handy, however you will have to come up with something for uploading multiple files at a time. Search for jQuery multiple-file upload plugin.
Hi, thanks for your replies! I am pretty new to uploading files and XFOrms in general. Do I have to make an XForm to get this to work?
Yes you do, you have to create page type that contains property of type XForm and then you can design your form structure and save it in XForm repository and select it as form to be used in that page. If you need more info on XForms I recommend to lookup section in developer guide.
Well, if the customer have a need for creating several forms with this functionality, then XForms is the way to go. BUT, if it's a static form then I would personally stay away from using XForms and just create a page type or a dynamic content with the form.
The customer needs a form that contains several inputfields, some dropdownlists, and the fileupload. Choises done in the dropdownlists is the basis of other drop down lists.
When the end user pushes the "Save" button, all fields are saved and the files should be saved on the server as well.
What is the best way to implement this? I am dembted to do this without XForm if that will be possible ;)
According to requirements I would go with simple form, dynamic content + form to accomplish this. XForm are not really a good subject for customization, extensions. Changing dropdown values depending on other values are pretty easy achievable using client side scripting. In this case XForm infrastructure may give you a nice looking dashboard gadget to overview submitted data otherwise - I would go for a simplest solution and advance it later if needed.
One more question. Why do you want to create a dynamic content? what do you actually meen by that?
We usually use dynamic content to decrease the amount of page types needed. Dynamic content can be inserted anywhere were you have the TinyMCE-editor. See this blog post: http://blog.fredrikhaglund.se/blog/2011/06/28/dynamic-content-in-episerver-cms-6-r2/
When it comes to storing the Form-data, you can actually use XForms functionality without using XForms as the actual form (confusing? :)). See: http://antecknat.se/blog/2008/06/27/using-xforms-to-store-information/
Or you can just use Dynamic Data Store: http://tedgustaf.com/blog/2009/10/introduction-to-episerver-dynamic-data-store-dds/
Thank you for your description Erik. I think I go for the Dynamic content and then using the Dynamic Data Store :) I will let you know if I run into trouble ;)