DNN.FormAndList
DNN.FormAndList copied to clipboard
DNNCommunity
Add support for "Attachement" data type
On previous versions there's used to be an "unsupported" feature by means of which you could add a new field type called "attachement" into a form. This would then allow visitors to submit a form and attach a file. This is for example very usefull if you wan to create a simple "Work with us" form where you ask people a couple questions and want to allow them to upload their CV.
When the form is send and the configuration says it should also send and email, the attachement should also come attached to the email being sent.
Only a manifest is missing; after that it could be packed as extention (e.g. as DNN Library)
Please how we can integrate that datatype into forms ?, i think is a very very good job
@vmasanas @SCullman if I understand correctly, this would be an additional type installed separately from the module itself correct? I don't know that we want to add and maintain in the module a way for public visitors to upload anything as it may be a security issue or a way to spam...
@valadas I understand your concerns but if we apply DNN builtin filters for secure extensions this should be ok no? The main argument for this extension I've found in multiple sites where customers want a "Work with us" kind of form where they expect candidates to submit a CV. I've got this request many many times, hence the need for this extension.
Yes, my concern is 2-fold. 1 is the security (which we can handle with Dnn APIs for sure), the other is storage (as it could be used to fill storage quickly). So the ideal solution I would see that fits would need to not save to disk and integrate directly with email from the file in memory. But F&L kind of stores values in fields, so it would not retain that value if we do such a solution... Also it is a bit of a task, so I personally believe this should be some sort of addon field type just for those who need that feature as others would expect the value to be stored if they did not know it's not actually stored.
I am not against a PR for that if it comes in, we just have to make sure it's also properly documented so people know what to expect from an attachment field.
@valadas I aggree with your concerns but would apply also to ANY kind of form you provide on a web site where you allow users to send files. I guess the way to secure this would be to add a captcha to the form so that you have some additional security. And maybe also to limit the size of the files uploaded.
Well, it's true for many other form modules but for this one it was never the case. By design it only allowed logged in users to upload.
I think this should be added but just with option to send as attachment in mail, if module have configuration to send mail. Avoiding any security issue.
Yes, in my opinion I would approve a solution that comes in that does not touch the filesystem. If the file does get saved to the filesystem I would be more hesitant and would prefer it stays an optional installable component for security reasons.