Attaching Files in InfoPath 2003
Summary: Find out how the File Attachment control works in Microsoft Office InfoPath 2003 Service Pack (SP) 1, how to include it in a form, and how to work with the control programmatically. With the File Attachment control, users can attach files, which are then encoded and saved with the form data. (7 printed pages)
Scott Roberts, Microsoft Corporation
Applies to: Microsoft Office InfoPath 2003
Overview of the File Attachment Control
Microsoft Office InfoPath 2003 Service Pack (SP) 1 introduces several new controls, one of which is the File Attachment control. With this control, form users can attach files, which are then encoded and saved with the form data. Users can attach a file from the local file system, a shared location, or the Web.
Consider, for example, that the salespeople for a large corporation use a Microsoft Office Excel 2003 spreadsheet to track large amounts of sales data and analyze it by using charts and Microsoft PivotTable dynamic views. The corporate office wants to create an InfoPath form that the salespeople can use to report their quarterly earnings. By doing so, the corporation can gather data such as total sales per region.
The corporate office also wants to collect the detailed sales data and charts and store that information with the quarterly report form. The new File Attachment control in InfoPath SP 1 makes this possible. The salespeople can click the File Attachment control to attach the spreadsheet to the form, and the spreadsheet is saved with the form data. When the corporate office receives the form, they can double-click the spreadsheet file icon to open the spreadsheet in Excel and view the detailed sales data, charts, and PivotTable dynamic views.
Understanding How the File Attachment Control Works
Upon attaching a file, InfoPath first builds a header structure that includes information about the file. The structure consists of the items shown in the following list.
BYTE. Signature of the file.Table 1. Signature of the file
(ASCII C notation)
The first byte is a non-ASCII value, which reduces the probability that a text file may be misrecognized as a file attachment. The rest of the signature identifies the file as an InfoPath file attachment.
DWORD. Size of the header structure. The size includes this size field and the next four fields. The value of this field in InfoPath 2003 SP 1 is 20 bytes.
DWORD. Structure version. The value of this field is 1 for InfoPath 2003 SP 1.
DWORD. Size of the attached file.
DWORD. Size of the buffer needed to hold the name of the file.
File name buffer. Variable size.
After InfoPath builds the header structure, the structure is attached to the beginning of the file data, and both are Base64 encoded. This Base64 data is then stored with the XML data in the form. For more information about Base64 encoding, see the World Wide Web Consortium (W3C) protocol, The Content-Transfer-Encoding Header Field.
Designing a Form with a File Attachment Control
There are three basic steps that you must follow to add a File Attachment control to a form.
To add a File Attachment control to a form
Start InfoPath, and design a new blank form, or open an existing form in design mode.
In the Design Tasks pane, click Controls.
In the Controls task pane, under the File and Picture category, click or drag the File Attachment control into the view to add it to the form.
After you insert the File Attachment control into your form template, you can customize the control to include a default file attachment or to restrict the types of files users can attach to your form. You can customize the File Attachment control through the File Attachment Properties dialog box for the control, as shown in Figure 1.
Figure 1. File Attachment Properties dialog box
To open the File Attachment Properties dialog box, double-click the control, or on the Format menu, click File Attachment Properties. Use this dialog box to customize the File Attachment control as described in the following sections.
Specifying a Default Attachment
You can specify a default file attachment that is attached automatically when users complete the form. To specify a default file, click Browse, and in the Attach File dialog box, select a file. You can attach a file from the local file system, a shared location, or the Web. When you attach a file, the data in the file is encoded and stored with the form. When you attach a default file like this, the File Attachment control shows detailed information about the file that is attached.
Blocking Unsafe File Types
InfoPath does not allow certain file types, such as .exe, .com, or .bat, to be attached to a form. This restriction helps prevent malicious executable files from being transferred to your hard disk and affecting your system. To determine the types of files that are considered unsafe, InfoPath follows a model similar to that of Microsoft Office Outlook 2003, as documented in Microsoft Knowledge Base Article - 829982: Cannot open attachments in Microsoft Outlook. The list of blocked file types for InfoPath is also included in the Adding File Types with the UnsafeFileTypesAdd Key section of this article.
Specifying User Access to Attached Files
You can further customize the File Attachment control by specifying whether users of your form are allowed to browse, delete, and replace files. This option is enabled by default, so users can attach and remove files from the form. If you clear this check box in the Properties dialog box, users can open only the default file that you attach to the form template. This option is useful when you want to provide a default file (such as a Help file) that is always included in the form. If you do not attach a default file, clearing this option makes the File Attachment control useless.
Specifying a Restricted Set of Allowable File Types
You can further restrict the types of files that users can attach to your form by specifying a restricted set of allowable file types. This setting is not the same as the setting for unsafe file types. By selecting Allow the user to attach only the following file types, you can enter specific file types in the box for this option. Type the extension or extensions of the file types that you want to allow users to attach to the form. Use semicolons to separate multiple file name extensions (for example, doc; ppt; xls).
Working with File Attachments Programmatically
The Microsoft .NET Framework provides methods that you can use to work with file attachments programmatically. The Convert class includes methods for encoding and decoding Base64 data (for example, Convert.FromBase64String). You can use these methods to decode existing InfoPath file attachment data or to encode a file for storing in an InfoPath form.
When you insert a File Attachment control into an InfoPath form, InfoPath inserts the following processing instruction at the beginning of the XML template for the form, at a point before the root node:
This processing instruction is used by InfoPath, but it is not meant to be a security feature. If this processing instruction is removed or is not positioned before the root node, all File Attachment controls are disabled when users fill out the form.
When you use the NewFromSolutionWithData method to create a new form based on a form template, file attachment controls in the form are disabled until the form is saved and reopened.
Customizing the List of Blocked File Types
InfoPath follows a model similar to that of Outlook to let administrators customize the list of blocked file types. Administrators can use the following registry key settings to customize the way InfoPath handles file attachments. The InfoPath customizations are merged with the Outlook customizations as described in the following sections.
Adding File Types with the UnsafeFileTypesAdd Key
By default, the following file name extensions are considered unsafe by InfoPath 2003 SP 1:
ade, adp, app, asp, bas, bat, cer, chm, cmd, com, cpl, crt, csh, exe, fxp, hlp, hta, inf, ins, isp, its, js, jse, ksh, lnk, mad, maf, mag, mam, maq, mar, mas, mat, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, msc, msi, msp, mst, ops, pcd, pif, prf, prg, pst, reg, scf, scr, sct, shb, shs, tmp, url, vb, vbe, vbs, vsmacros, vss, vst, vsw, ws, wsc, wsf, wsh
In addition to the previously listed file types, InfoPath blocks any files that have CLSID as the extension.
Administrators can add file types to the list of unsafe types by adding the UnsafeFileTypesAdd key and setting its value to a semicolon-delimited list of extensions. The registry key is as follows:
The registry key type is REG_SZ.
The registry key values consist of a list of semicolon-delimited file name extensions. If only one extension is in the list, the format is ".ext". If more than one, the format is "ext;ext;ext;etc".
When there is only one extension, a period (".") must come before the extension. When there is more than one extension, the period is not required before each extension.
The InfoPath-specific list is merged with the Level1Add list for Outlook (from HKCU\Software\Microsoft\Office\11.0\Outlook\Security).
Removing File Types with the UnsafeFileTypesRemove Key
Administrators can remove files from the unsafe list by adding a key named UnsafeFileTypesRemove and setting its values to a semicolon-delimited list of extensions as previously described for the UnsafeFileTypesAdd key. The registry key to remove extensions from the unsafe list is as follows:
The registry key type is REG_SZ.
The registry key values consist of a list of semicolon-delimited file name extensions. This list is used together with the Level1Remove list for Outlook (from HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security).
For locations of the Level1Add and Level1Remove registry keys for Outlook, see Microsoft Knowledge Base Article - 829982: Cannot open attachments in Microsoft Outlook. In both cases in which you specify registry keys, the keys are version specific. In the case of Microsoft Office 2003 SP 1, the version in each registry key is 11.0.
The matrix of interactions between InfoPath and Outlook is shown in Table 1.
InfoPath Add Key
InfoPath Remove Key
Outlook Add Key
In unsafe list
Not in unsafe list
Outlook Remove Key
Not in unsafe list
Not in unsafe list
You can specify that an extension is allowed in Outlook but not in InfoPath; however, you cannot specify that an extension is allowed in InfoPath but not in Outlook. The attachment customization for InfoPath adds a further level of restriction in addition to the Outlook attachment restrictions.
If an extension exists in both the UnsafeFileTypesAdd and UnsafeFileTypesRemove keys, removing it takes precedence over adding it. This is consistent with the Outlook attachment customization model.
Disallowing Removals with the DisallowAttachmentCustomization Key
Administrators can disallow removals from the list of unsafe file types by adding the DisallowAttachmentCustomization registry key:
The registry key type is REG_DWORD.
This registry key does not require a value. The presence of the key is all that is needed to disallow removals.
The DisallowAttachmentCustomization key for Outlook only affects whether the remove key for Outlook is honored. The DisallowAttachmentCustomization key for InfoPath determines whether the UnsafeFileTypesRemove key for InfoPath is honored.
You have seen how you can use the File Attachment control introduced in InfoPath 2003 SP 1 to easily include information from many other file formats with your InfoPath forms. You have seen how to work with the control and how to use the options for providing file attachment functionality while designing your forms. You have also learned how file attachments work and how to access that functionality programmatically. Finally, you have learned how to control file attachment functionality through the registry.