Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
lot of sites use a file selector where when you choose your file, the selector displays the path, so it should be possible
-
Depends on your point of entry...is your code running before or after upload? The file chooser generally includes the path but it is not a given
-
Spam2087y@BindView - thats exactly what he said... But I've no idea how to access that information on the server side and google isn't very helpful either.
-
Nope. You cannot access actual file path. It usually shows fake path to protect privacy of the user!
-
Pretty sure you can't directly,ie, it's not passed to the server, just the original name.
Maybe with some js trickery you can retrieve it and pass it as hidden parameter in the form. -
@nbamaral That would be breach of personal data if it can be done. Path name in which the file is stored might be confidential right? The uploader would not want to expose under which directory he stores his files!
-
@code-god
I agree with you on privacy matter.
Just wondering if js can expose the properties of the file field once the file is selected.
Never tried it though, probably can't be done like you said :) -
@nbamaral I have worked with it. Modern Browsers just give you fakepath of the file. JS can access the content of the file but not the real path where it is stored.
-
@Triskelion
I never saw it on the server side either, I'm thinking of $_FILE in php.
I am in a phone, can't really test if it can be retrieved / hijacked by means of js. The path must be somewhere, or is the file read on selection? -
castihell347yIt's not possible to get the real path of the file upload. The Browser will not allow as this would be a security risk. Cannot be done with JS.
Hey ... Is it possible to figure out the clients path (f.e. C:\Users\...) to a file he uploaded to a website on the server side?
My boss thinks it could be done and wants me to programm it. But I think we'd need a zero day vulnerability in a specific (and probably very old) browser to do something like that... That would be a huge security issue...
Wouldn't it?
What do you think?
undefined
i need some backup