How exactly is the client's disk file system path of a file upload ever relevant to the server? Imagine that you got a String
with value "c:\path\to\password.txt"
, how would you as being a web server running at a physically different machine ever grab its contents?
Only browsers exposing a security bug like MSIE incorrectly sends the full file path along with the file content. Other (read: the sane) browsers don't send this information, they only sends the file name along with the file content. Even then, this information is useless. You can't use new File()
on it for the very simple reason because that file isn't on the server's disk file system, but on the client's disk file system.
You should be interested in the actual file content, not in the file path and less in the file name.
InputStream content = uploadedFile.getInputStream();
Just write it to a FileOutputStream
on server's disk file system and then use that File
instead.