Learning ActionScript 2.0 in Adobe Flash 
Learning ActionScript 2.0 in Adobe Flash |
|
|
|
| Working with External Data > About file uploading and downloading > About FileReference API functionality and security | |||
|
|||
|
|||
|
|||
Flash Player and the FileReference API (see About file uploading and downloading) support file uploads and downloads. Although the player has no restriction on the size of files you can upload or download, the player officially supports uploads/downloads of up to 100 MB. The FileReference API does not let the Flash application that initiates the file transfer do the following:
When a server requires authentication, the only potentially successful operation is to perform file downloading using the Flash Player browser plug-in. Uploading on all Flash players, or downloading through the stand-alone or external Flash Player, fails on a server that requires authentication. Use FileReference event listeners to determine whether operations completed successfully or to handle errors.
Both file uploading and downloading are restricted to the SWF file's domain, including any domains that you specify using a cross-domain policy file. You need to put a policy file on the server if the SWF file that initiates the uploading or downloading doesn't come from the same domain as the server. For more information on cross-domain policy files and security, see Restricting networking APIs.
When calls to FileReference.browse(), FileReferenceList.browse(), or FileReference.download() are executing, playback of the SWF file pauses on the following platforms: Mac OS X Flash Player browser plug-ins, the Macintosh external Flash Player, and the Macintosh stand-alone player on Mac OS X 10.1 and earlier. The SWF file continues to run on all Windows players and in the Macintosh stand-alone Flash Player on Mac OS X 10.2 and later.
|
WARNING |
When allowing users to upload files to a server, you should always be careful to check the file type before saving the file to the hard disk. For example, you wouldn't want to allow a user to upload a server-side script that could be used to delete folders or files on the server. If you only want to allow users to upload an image file, make sure the server-side script that uploads the files checks that the file being uploaded is a valid image. |
For an example of an application that uses the FileReference API, see Adding file upload functionality to an application.
|
|||
|
|||
|
|||
|
|
|
|