Get real path instead of 'fakepath' in file upload

Question

I face the following problem:

When a user uploads a file with the HTML file input and I then want to receive the file path itself. I only get C:/fakepath/filename.txt for example.

I understand that it is a security reason for browsers to know the exact path of the file. So i was wondering if it is even possible with some hack, some way in .net or with additional jquery/js plugin to get the full path of the file.

Why?

We dont want to upload the file itself to our server filesystem, neither to the database. We just want to store the local path in the database so when the same user opens the site, he can click on that path and his local file system opens.

Any suggestions or recommendations for this approach?

If this is really not possible like

How to resolve the C:\fakepath?

How To Get Real Path Of A File Using Jquery

we would need to come up with a diffrent idea I guess. But since some of the answers are really old, I thought maybe there is a solution to it by now. Thx everyone

@Teemu I thought maybe reading just exact this path would be possible with a browser. Not having access to the filesystem itself. Because for example IE is showing the real path in the input field. But you can not access it — G43beli, May 23 '18 at 09:27
The security feature here is to hide the pathname ... Use IE with file protocol if you want to get the real path. — Teemu, May 23 '18 at 09:32
but there is for example the https://www.javascripture.com/FileReader Is it possible to hash a file as base64 so it can be used anytime in a tag later for example and it will give me the same results? because I need to have the file after the session closes — G43beli, May 23 '18 at 09:47
You have already flagged up 2 duplicate question. You justification for posting this question (and by implication your thinking that these are not duplicates) is that the people whom write browsers may have decided to make their products less secure than they used to be. You really think its is likely? — symcbean, May 23 '18 at 09:54
Possible duplicate of [How to get full path of selected file on change of using javascript, jquery-ajax?](https://stackoverflow.com/questions/15201071/how-to-get-full-path-of-selected-file-on-change-of-input-type-file-using-jav) — symcbean, May 23 '18 at 09:54
What I am trying to ask is if there are any workarround existing by now. For me making browsers more insecure was never a disscussion. Having a way of read the path doesnt automatically means that the browser process has the right to write for example to the filesystem... @symcbean — G43beli, May 23 '18 at 10:03

score 1 · Answer 1 · answered May 23 '18 at 17:21

1

You can't do it.

And if you find a way, it's big security vulnerability that the browser manufacturer will fix when discovered.

answered May 23 '18 at 17:21

Terry Carmen

3,328
1
12
26

score 1 · Answer 2 · answered Feb 21 '19 at 04:01

As my goal was to make the uploaded file name visible to the End User and then send it via php mail() function, All I did to resolve this was:

in your js file

Old function:

var fileuploadinit = function(){
    $('#career_resume').change(function(){
        var pathwithfilename = $('#career_resume').val();
        $('.uploadedfile').html("Uploaded File Name :" + pathwithfilename).css({
            'display':'block'
        });
    });
};

Corrected function:

var fileuploadinit = function(){
    $('#career_resume').change(function(){
        var pathwithfilename = $('#career_resume').val();
        var filename = pathwithfilename.substring(12);
        $('.uploadedfile').html("Uploaded File Name :" + filename).css({
            'display':'block'
        });
    });
};
$(document).ready(function () {
fileuploadinit();
});

Old result:

Uploaded File Name :C:\fakepath\Coverpage.pdf

New result:

Uploaded File Name :Coverpage.pdf

Hope it helps :)

score 0 · Accepted Answer · answered May 23 '18 at 17:17

You'll need your own code running outside browser-box to do this, since browsers are designed NOT to allow this.

I mean something ugly like ActiveX, flash, COM object, custom browser extenstion or other fancy security breach that can open it's own OpenFileDialog and insert that value in your input field.

Get real path instead of 'fakepath' in file upload

3 Answers3

Linked

Related