Home
XSLT Processor
Website Editor
CGI XSLT Processor
The style and source
Global parameters
Stylesheets
Stylesheet elements
Functions
Files upload
Details
Characters model
Data types
Result tree fragments
Variables scope
Conflict resolution
The key function
The document function
Curly brackets in attributes
Extensions
Extension modules
XSL message handlers
XML tree class
Files upload

Xsltp.pl CGI program supports files upload routines. To do file upload declare a global parameter of file type as
<xsl:param name="file" as="file"/>
Then, later in your code you can call the save-file function to store the file on the local disk. Example,
<xsl:if test="save-file($file, string expression)">...</xsl:if>
Here, the string expression is the name of the new file (with path). The save-file function returns true if it succeeds and false if it fails. In scalar context, file variable is a string passed by a browser. It is an error if a new file cannot be opened for writing. The file-name function discards the file path and returns the file name file-name('c:\some\file.txt') returns 'file.txt'. The file extension you can get as substring-after(file-name($file),'.'). More precisely, the file-name function returns the string end consisting of alphanumeric characters, point, minus and underscore symbols.

Always check that the extension of the saved file is not xsl, since if some user can upload the file *.xsl this means that she/he can upload programs. Consequences are obvious. Since version 1.5 the processor raises the error if the extension of the file is .xsl.

The safety of the file upload depends on the host configuration.
Copyright © 2004 www.dopscripts.com