[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 268
  • Last Modified:

ASP: Upload Image Using Only Hidden Input Field

Ok, so here's the deal.  I need a way to upload files without any user interaction.  The file will be located in the browsers temp folder, and the file name(s) are know.  I think my issue is that I'm populating the hidden input field correctly. But here's the code anyhow:

This are the form and hidden field tags:

<form name="frmPicture" method="post" action="UploadPage.asp" enctype="multipart/form-data" >
    <input type="hidden" name="txtData" accept="image/x-png" >


Here's the code used to load the PNG file:

      Function ReadBinaryFile(FileName)  
            Const adTypeBinary = 1    
            Dim BinaryStream  
            Set BinaryStream = CreateObject("ADODB.Stream")  
            BinaryStream.Type = adTypeBinary        
            BinaryStream.Open          
            BinaryStream.LoadFromFile FileName
            ReadBinaryFile = BinaryStream.Read
      End Function

And this would be where we're filling the form field:

    document.all.fldData.value = ReadBinaryFile("MyPicture.PNG")

Finally, here's the code that accepts the form submittal:

<%
    If Request("savepicture") <> "" Then
       
            SaveBinaryData Server.MapPath("_TempFile.png"), StringToMultiByte(Request.Form("txtData"))

            response.Redirect("_TempFile.png")

    End If

      Function SaveBinaryData(FileName, ByteArray)
            Const adTypeBinary = 1
            Const adSaveCreateOverWrite = 2
            
            Dim BinaryStream
            Set BinaryStream = CreateObject("ADODB.Stream")
            
            BinaryStream.Type = adTypeBinary
            
            BinaryStream.Open
            BinaryStream.Write ByteArray
            
            BinaryStream.SaveToFile FileName, adSaveCreateOverWrite
      End Function
      
%>
0
dperish
Asked:
dperish
  • 4
  • 3
  • 2
1 Solution
 
dperishAuthor Commented:
FYI: This was a typo, and I am using the same field name (fldData) on both pages (not txtData):
   
    SaveBinaryData Server.MapPath("_TempFile.png"), StringToMultiByte(Request.Form("txtData"))
0
 
VirusMinusCommented:
Why are you using a hidden field like this -> <input type="hidden" name="txtData" accept="image/x-png" >

If you knwo the location and filename why don't you directly upload it?
0
 
VirusMinusCommented:
if you're doing this without user interaction you could even do away with the form
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
dperishAuthor Commented:
Virus, thanks for the replies.  I'm using the hidden field because the user should not have to browse for this file in this application.  There will be a known image-file in the temp folder waiting to be uploaded.

>if you're doing this without user interaction you could even do away with the form

How would one go about doing this - short of using a COM component or Java Applet?  As far as I can see, the file contents must be posted in a form field before the data is transfered from the browser to the server.

This method that I'm using assumes that the server URL will be defined in the users' trusted zone, with extra laxed security settings.  If what you're implying is true, then what's to stop every website I visit from initiating an upload of my entire drive to their servers?

Thanks again.
0
 
VirusMinusCommented:
there are componentless upload scripts out there ->

http://www.asp101.com/articles/jacob/scriptupload.asp

You could do want you want quite easily with a little modification of the code
0
 
dperishAuthor Commented:
Virus, thanks again for the quick reply.  I'll have to take a closer look at this upload class tomorrow.  At first glance however, I'm not positive that this will work, as the file in the example client-page is still using a regular <input type=file /> field.  I'm almost begining to think that if I find a decent solution for this issue in ASP VBS/JS, it just may end up being a new IE defect.   ;^)>

Thanks,
-dp
0
 
mk_bCommented:
This is not posiable. It is a security risk. You aren't allowed to force a file to be
downloaded without specific action on the part of the user. By
pre-populating a file control and triggering a "submit", you could suck up
a file from the user's hard disk without his knowledge.
0
 
mk_bCommented:
Just had a second thought. It some times happens???

look into some ftp compnents? im not sure if its posiable but maybe worth a look!
0
 
dperishAuthor Commented:
Mk, thanks for the replies.  I'm not sure that an FTP solution will work in this particular situation, but I'll keep it in mind as I wrestle with this one.

Thanks,
-dp
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now