Restricting files from being uploaded.

The uiUpload pipeline is not run as part of a Sheer event, but as part of loading a form in response to a post back. This is because the uploaded files are only available during a "real" post back and not a Sheer UI event. In this sense the uiUpload pipeline has not been designed to provide UI.

To restrict what kind of files that are uploaded, a developer should provide his own upload processor instead of the default.

The default upload processor looks like this:

using System;
using System.IO;
using System.Web;
using Sitecore.Diagnostics;
using Sitecore.IO;

namespace Sitecore.Pipelines.Upload {

///===============================================================
///

///===============================================================
public class Save {

#region Public methods

///-------------------------------------------------------------
///

///-------------------------------------------------------------
public void Process(UploadArgs args) {
foreach(string key in args.Files) {
HttpPostedFile file = args.Files[key];

if (file.FileName.Length > 0 && file.ContentLength > 0) {
string filename = FileUtil.MakePath(args.Folder, Path.GetFileName(file.FileName), '\\');

try {
if (!args.Overwrite) {
filename = FileUtil.GetUniqueFilename(filename);
}

file.SaveAs(filename);

EventDispatcher.DispatchTrace("File has been uploaded: " + filename);
}
catch(Exception ex) {
Log.Error("Could not save posted file: " + filename, ex, this);
}
}
}
}

#endregion
}
}

To provide feed back to the user, a processor could emit script code that shows an alert to the user.

HttpContext.Current.Response.Write("<script>alert('You are prohibited from uploading these kinds of files.')</script>");