开发者

ASP.net FileUpload Control not maintaining state across multiview panels

For the sake of simplicity, I have a simple 2 panel multiview. On the first there's an FileUpload control and, on the second, a button that sends an email with the file as an attachment. When I check "FileUpload1.HasFile" on second tab it comes back as false. And if I go back to View 1, all states for every other contro开发者_运维百科l has been properly maintained except for the fileupload wich is blank.

<asp:MultiView ID="MultiView1" runat="server" ActiveViewIndex="0">
    <asp:View ID="Step1" runat="server">
      <asp:FileUpload ID="FileUpload1" runat="server" Width="450" EnableViewState="true" />
    </asp:View>
    <asp:View ID="Step2" runat="server">
      <asp:Button ID="btnSubmitForm" runat="server" Text="Submit Data" onclick="btnSubmitForm_Click" />
    </asp:View>
</asp:MultiView>

When user navigates to View 2 and clicks the button:

//Initialize smtp server
            SmtpClient smtp = new SmtpClient("myHost");

            //Initialize mail message object
            MailMessage mail = new MailMessage();

//Set all mail message params (to, cc, subject etc...)

//attach file, this is where it fails to recognize the attached document. bool is false :(
if (FileUpload1.HasFile)
{
mail.Attachments.Add(new Attachment(FileUpload1.PostedFile.InputStream, FileUpload1.FileName));
}

any ideas???


File Uploads are considered security sensitive. When a user picks a file to upload, the form submit will have to take place before any other redirects. To have the browser allow the value to be "restored" from state could lead to the old days of file fishing. This is where a site would have a form with a hidden file upload control with a pre-populated value. When the user submitted the form, the browser would upload the file too, if it existed.

Modern security standards block these attempts. If you want the user to upload a file, you can't navigate to a new page. You can either redesign to do everything on one page, or take the uploaded file during page navigation, store it to some temp location, return a unique id to the new page and on submission of that page tie the two together. And implement a cleanup for people who click back or just don't proceed with the second page.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜