Security Risks and Information
The first thing to take note of when allowing file uploads in custom forms is your target audience. Is this form going to be anonymous, user only, or administrator only?
Allowing anonymous people to upload files can be a security risk. John Doe could easily upload a Microsoft word document that contains a virus or worm. Please be careful with anonymous forms that can upload files. If you don't have a virus scanner you can use AVG Free Edition as a good, non-resource hogging alternative to Norton or McAffee. If you are unsure about anonymous forms then try using a site user or administrator only form as a safe alternative and let your users know that they need to register/login before they can fill out the form.
All that said, lets move on to adding a form with file upload capability.
Allowing File Uploads
Note: file uploading currently will not work with a donation form. This is due to invoicing and payment conflicts.
Travel to http://www.<yourwebsite>.com/forms/ to begin adding a form.
At the bottom of the screen where you are specifying the form fields, you will have the option to add a Field with the Field Type of File Upload.
**It is strongly recommended that you enable Captcha to protect you from malicious file uploads. You can enable Captcha by going to your Site Settings and setting the Use Captcha setting to True. This is to ensure that anonymous forms are filled out by a human and not a bot.**
Congratulations, your form is now ready for file upload capability!
Uploading a File
When the user clicks the Select File button, they can upload any of the following file types:
- Microsoft Word Document (DOC, DOCX)
- Text File (TXT)
- Adobe Acrobat PDF (PDF)
- Images (JPG, JPEG, GIF, TIFF, TIF, BMP)
Reviewing the Form with Uploaded File
If you are listed as a Form Recipient, you will receive an email stating that someone has filled out the form and you may view the submission by using the links provided in the email. You can also go to the Forms module and view or export the form entries. When you export Entries for your Custom Forms, you will have the option to Export with or without the uploaded files.