Flash File Uploader – Allow All Filetypes


A [d]online reader recently requested that the Flash File Uploader allow provision to upload all filetypes. And while I’d previously decided against such an option—due to security/malicious action issues, this was not the first time I received such a request. In fact, since the uploader was created a few years back, I’ve gotten dozens of requests for this feature. As such, I’ve decided that my disclaimer for downloading the uploader should adequately cover me from any litigation and wrote the feature into the latest version of the uploader.

For people wishing to just use the uploader without understanding the changes, simply add “all” as an item under the extensions flash variable in the swfobject embed code:

fo.addVariable("types", "video|text|pdf|audio|archive|office|image|all");

For those that wish to know the changes, the Flash loop that adds the array extensions to the “allowed” list also looks for the “all” option and changes a variable to true, if all filetypes are allowed. This is then passed to “upload.php” and skips the extensions test. Lastly, it’s passed to index.php to properly display the success message.

For your convenience, the link is the same as the last one.

Comments and feedback always welcome. Thanks again, Mike, for the assistance and to all the [d]online readers and commenters for your interest in the FFU and readership.

Flash File Uploader v3.0 – Custom Upload Directories


A number of posters on Donline have left comments requesting that the Flash File Uploader allow for users to specify a specific directory for the uploaded files. In the past, the uploader hardcoded the directory for uploads to be “/files”, with thumbnails automatically going into a newly-created child folder called “/.s/” (the auto-thumbnailing option was added in Version 2).

Some minor modifications to the Flash FLA, index.php and upload.php were made to enable users to specify their own directories for file uploads. Naturally, this opens up a security breach as wily coders can point to unspecified directories outside the current folder, if those directories are writeable. Hopefully, this won’t become an issue for you, but I’m requiring all users of the scripts to still read and accept my disclaimer before proceeding.

Read more