PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

File should be attached only and not be uploaded on server

  1. devdemo

    Hi team,

    I am a technical person and using Gravity Forms in some websites but I have an issue that I would like to discuss here. I have created a sample form at -

    You can see there are 2 fields - Name and File.

    A user enters his name and selects a file (suppose PDF) and send to us. Then we receive an email with user details and attached PDF. Also we can view the user's details in Admin Panel >> Forms >> Entries. It shows an icon to view the file and file is saved into a folder on our server.

    Now my question is that is there any setting or option in Gravity Form plugin to set that the attached file (PDF) should not be saved into a folder on our server? I mean that PDF should be received as an attachment in email only.

    I am asking you this question because a new issue can be raised due to storing the attached file (PDF) into a folder oo our server. Suppose the name of the pdf is testing-sample-file.pdf. Now if a user searches the term "Testing sample file pdf" in google then Google will list this PDF file too in searched result which we do not want because we do not want to make these files (PDF) public so that nobody should be able to access these file out of the website where Gravity form has been implemented.

    So, please suggest me if there is any solution for this issue.

    Thanks and regards,

    Posted 11 years ago on Wednesday July 11, 2012 | Permalink
  2. I'm going to move this to feature requests.

    There is no setting you can mark to prevent saving the attachment.

    There is an index.html file in the wp-content/uploads/gravity_forms/ folder, which will be returned when someone requests a directory listing. Have you checked your site in a search engine to see if any of the uploads are indexed?

    If you're concerned about someone guessing the name of a file stored on your server, you can delete the upload after you've downloaded it, or rename the uploaded file programmatically to prevent someone from guessing the name.

    Also, with Host Gator, directory indexes are enabled by default, which is not very secure in itself. For example, unrelated to Gravity Forms:

    You might want to configure your server to disable directory indexes. There may be a setting in the host's control panel, or you might have to add this to your top level .htaccess file:

    Options -Indexes

    If the host allows overrides in the .htaccess file like that, it will work fine. If the host does not allow that directive, all sites will return a 500 Internal Server Error. Check with your host before making any changes.

    Posted 11 years ago on Wednesday July 11, 2012 | Permalink