1. Introduction

This article describes how to create the custom pipeline which prevents the uploading of *.gif files.

This example may be customized at will. For instance, certain Users can be prohibited from uploading certain file types.

2. Pipeline Upload

2.1. Replacing a Processor

Please take a look at the web.config parameters <sitecore/processors/uiUpload>

</uiUpload>

We are going to replace the standard Sitecore.Pipelines.Upload.Save processor with our own one. This processor prevents certain files from uploading, e.g. *.gif files.

Here is the sample code:

 1 using System;
 2 using System.IO;
 3 using System.Web;
 4 using System.Web.UI;
 5 using Sitecore.Diagnostics;
 6 
 7 using Sitecore;
 8 using Sitecore.IO;
 9 using Sitecore.Pipelines.Upload;
10 
11 namespace Sitecore.Pipelines.Upload
12 {
13    /// <summary>
14    /// Custom upload
15    /// </summary>
16    public class CustomSave
17    {
18 
19       #region Public methods
20 
21       ///-------------------------------------------------------------
22       /// <summary>Custom uploading</summary>
23       ///-------------------------------------------------------------
24       public void Process(UploadArgs args) 
25       {
26          const string breakLine = @"\r\n";
27 
28          foreach(string key in args.Files) 
29          {
30             HttpPostedFile file = args.Files[key];
31 
32             if (file.FileName.Length > 0 && file.ContentLength > 0) 
33             {
34                string filename = FileUtil.MakePath(args.Folder, Path.GetFileName(file.FileName), '\\');
35                try 
36                {
37                   if ( Path.GetExtension(filename).Equals(".gif") )
38                   {
39                      string shortFileName = Path.GetFileName(filename);
40                      string respMess = string.Concat("<script>alert(\"You are prohibited from uploading *.gif files!", breakLine);
41                      respMess = string.Concat(respMess, "The file:", breakLine, "{0}", breakLine,"has not been uploaded!\")</script>");
42                      respMess = string.Format(respMess, shortFileName);
43                      HttpContext.Current.Response.Write(respMess);
44                      Log.Warn(string.Concat("File has not been uploaded: ", shortFileName, " due to restriction!"), this);
45                      continue;
46                   }
47                   if (!args.Overwrite) 
48                   {
49                      filename = FileUtil.GetUniqueFilename(filename);
50                   }
51                   file.SaveAs(filename);
52 
53                   EventDispatcher.DispatchTrace("File has been uploaded: " + filename);
54                }
55                catch(Exception ex) 
56                {
57                   Log.Error("Could not save posted file: " + filename, ex, this);
58                }
59             }
60          }
61       }
62 
63       #endregion  
64 
65    }
66 }

The uiUpload pipeline is run not as part of the Sheer event, but as part of the form loading process in response to a post back. This is because the uploaded files are only available during the "real" post back, and not during a Sheer UI event. In this sense, the uiUpload pipeline has not been designed to provide UI. In order to provide feedback to a User, the processor should resort to some trick which emits the JScript code, for example:

HttpContext.Current.Response.Write("<script>alert(\"You are prohibited from uploading *.gif files!\"</script>");

We must correct web.config parameters <sitecore/processors/uiUpload>:

Assume that we upload several files:

File1.gif
File2.gif
File3.png
File4.jpg

We will get the following alerts for each uploaded gif file in the Sitecore Client:

preventing upload

However, File3.png and File4.jpg files will be successfully uploaded .

2.2. Adding a Processor

In this example we add a new processor rather than replace an existing processor. If there is at least one forbidden .gif file among all the files, this processor will output a warning and stop the uploading process. None of the files will be uploaded into the /upload folder. Here is the sample code:

 1 using System;
 2 using System.IO;
 3 using System.Web;
 4 using System.Web.UI;
 5 using Sitecore.Diagnostics;
 6 
 7 using Sitecore;
 8 using Sitecore.IO;
 9 using Sitecore.Pipelines.Upload;
10 
11 namespace Sitecore.Pipelines.Upload
12 {
13    /// <summary>
14    /// Custom upload
15    /// </summary>
16    public class CustomSave
17    {
18 
19       #region Public methods
20 
21       ///-------------------------------------------------------------
22       /// <summary>Custom uploading</summary>
23       ///-------------------------------------------------------------
24       public void Process(UploadArgs args) 
25       {
26          foreach(string key in args.Files) 
27          {
28             HttpPostedFile file = args.Files[key];
29 
30             if (file.FileName.Length > 0 && file.ContentLength > 0) 
31             {
32                string filename = FileUtil.MakePath(args.Folder, Path.GetFileName(file.FileName), '\\');
33                if ( Path.GetExtension(filename).Equals(".gif") )
34                {
35                   string respMess = "<script>alert(\"You are prohibited from uploading *.gif files!\")</script>";
36                   HttpContext.Current.Response.Write(respMess);
37                   Log.Warn("Uploading *.gif files are prohibited!", this);
38                   //Finish uploading dialog
39                   Done done = new Done();
40                   done.Process(args);
41                   //Prevent other processors from execution
42                   args.Abort();
43                   //Break uploading process
44                   return;
45                }
46             }
47          }
48       }
49 
50       #endregion  
51 
52    }
53 }

In order to call this processor, we must modify the Web.config parameters as shown below (see the processor definition in bold):