On 24/09/10 01:36, Neil Kandalgaonkar wrote:
Good point, but in this case I'm just storing the path to a temporary file.
The file isn't even sensitive data; it's just a user-uploaded media file for which the user has not yet selected a license, although we anticipate they will in a few minutes.
Hello Neil,
The file path might be sensitive, you do not want to potentially expose your path hierarchy. At least, I would not do it :)
About your issue, assuming the media file has been entered in the image/media database table :
- When the user is redirected to a new page upon upload, you might just pass the file ID by parameter / session.
- When the user is allowed to upload several files and then is prompted for licences, you might just look at the database for files owned by user for which licence is null.