2

I want a form uploads some files to the server but I want it is transparent for user. I have a input tag outside the form which is cloned to the form with cloneNode() [Javascript] every time the user changes its value. The name of the input tag is "files[]". Mozilla Firefox clones the input correctly but IE doesn't copy its value and with IE the inputs inside the form are empty. How can I copy the input field correctly with IE?

A piece of code:

In the Javascript function called when input.onChange:

InputCopy = InputParent.childNodes[i].cloneNode(true);
document.getElementById('divFromForm').appendChild(InputCopy);

The HTML input tag: <input type="file" id="archivoAnadir" name="files[]" onChange="anadir(this.value)">

The PHP request:

foreach ($_FILES["files"]["name"] as $key => $file) {
    $query = "...";
    mysql_query($consulta) or die("...");

    if (!is_uploaded_file( $_FILES["files"]["tmp_name"][$key] )) die("...");
    if (!move_uploaded_file($_FILES["files"]["tmp_name"][$key], "media/" . $file)) die ("..." . $file);
}

Thanks.

Improve this question
3
  • Could you post the code here? Or at least the relevant parts. It makes the debugging process easier: being able to see the code :] Commented Jan 17, 2010 at 10:15
  • Actually, if it is actually possible to copy an input of type=file including the value into a form (which is what it seems you're suggesting is possible for firefox), that would be quite a security risk. Please show us the code. Commented Jan 17, 2010 at 10:27
  • Because of I couldn't modifying "value", I used cloneNode() and appendChild(). I think it isn't a security risk because I am copying a input field which user has changed. I can't change it. Commented Jan 17, 2010 at 11:00

1 Answer 1

Reset to default
2

Edit: Funnily enough, the very same question was asked only a week ago on SO. The comments in the accepted answer provide a good explanation why this can't be done.

I am pretty sure this is not working due to a security restriction, and rightly so.

In my perception, IE generally tends to be more strict with stuff like this, maybe because they've been so badly burned (and had such gaping security holes) in the past.

You could argue that the user did set the value, and copying the element thus should be ok. But this kind of stuff is what back doors for some cross-site-frame-something shenanigans (that work when frame A is in this domain, frame B in that, the user is Male and under thirty, and the Moon is in Virgo) are made of, so I find it understandable that it is forbidden.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.