Feature request: a way to void local file storage for file fields

[hughbris]

I have custom form actions defined by a plugin that upload files to cloud storage locations. I would like to explicitly not store them locally because they are sensitive (I use write-only credentials to upload them).

I looked through $form->uploadFiles() and it looks to error out when destination is not set (around line 604).

I would find it useful to be able to suppress form upload with something like destination: false. I couldn't see an obvious elegant patch for this, unfortunately.

I don't know if the use case(s) justify this, but thought I'd ask. I could probably create a custom form action to clean up the uploaded files to work around this limitation.

[hughbris]

I had the bright idea to create a destination directory that is a symlink to /dev/null. Could have been a great hack. What happened was that an exception was thrown at line 1025 in copyFiles() (PLUGIN_FORM.FILEUPLOAD_UNABLE_TO_MOVE).

That would have followed failing the is_dir() test on line 1023. Seems that is_dir does follow symlinks, but /dev/null is not a directory.

I've tried to think of constructive suggestions to work around this:

• add a test: is_link AND readlink is '/dev/null' (a bit case-specific and also Unix-specific)
• add an event onCopyFormUploads or something, trigger it, and bind copyFiles to it in the plugin. This would allow plugins to override it.
• support destination: false as mentioned originally.

This is tricky. In the meantime, I might have to run a cleanup script on cron.

[hughbris]

Just stumbled on this, note to self to try it: https://github.com/getgrav/grav-plugin-form/issues/287#issuecomment-458526436

[mahagr]

We are already implementing this and it will be a free plugin.

I'm not sure if the first version will allow private files in S3, but it already stores those with random uuids so they are impossible to locate unless you know the name. But it shouldn't be too hard to implement ACL-protected files.