Attaching Files in InfoPath 2003 

  • Article

 

Scott Roberts
Microsoft Corporation

September 2004

Applies to:
    Microsoft Office InfoPath 2003

Summary: With the File Attachment control available in Microsoft Office InfoPath 2003 Service Pack (SP) 1, users can attach files, which are then encoded and saved with the form data. Users can attach a file from the local file system, a shared location, or the Web. Find out how the File Attachment control works, how to include it in a form, and how to work with the control programmatically. (7 printed pages)

Contents

Introduction
Understanding How the File Attachment Control Works
Designing a Form with a File Attachment Control
Working with File Attachments Programmatically
Customizing the List of Blocked File Types
Conclusion

Introduction

Microsoft Office InfoPath 2003 Service Pack (SP) 1 introduces a number of new controls, one of which is the File Attachment control. With this control, form users can attach files, which are then encoded and saved with the form data. Users can attach a file from the local file system, a shared location, or the Web.

Consider, for example, that the sales people for a large corporation use a Microsoft Office Excel 2003 spreadsheet to track large amounts of sales data and analyze it by using charts and Microsoft PivotTable dynamic views. The corporate office wants to create an InfoPath form that the sales people can use to report their quarterly earnings. By doing so, the corporation can gather data such as total sales per region.

The corporate office also wants to collect the detailed sales data and charts and store that information with the quarterly report form. The new File Attachment control in InfoPath SP 1 makes this possible. The sales people can click the File Attachment control to attach the spreadsheet to the form, and the spreadsheet is saved with the form data. When the corporate office receives the form, they can double-click the spreadsheet file icon to open the spreadsheet in Excel and view the detailed sales data, charts, and PivotTable dynamic views.

Understanding How the File Attachment Control Works

Upon attaching a file, InfoPath first builds a header structure that includes information about the file. The structure consists of the items shown in the following list.

  • BYTE[4]. Signature of the file.

    Table 1. Signature of the file

    (decimal) 
    199
    		 
    73
    		 
    70
    		 
    65
    		 
    (hexadecimal) 
    C7
    		 
    49
    		 
    46
    		 
    41 
    (ASCII C notation) 
    \307
    		 
    I
    		 
    F
    		 
    A
    > **Note**   The first byte is a non-ASCII value, which reduces the probability that a text file may be misrecognized as a file attachment. The rest of the signature identifies the file as an InfoPath file attachment.

    • DWORD. Size of the header structure. The size includes this size field and the next four fields. The value of this field in InfoPath 2003 SP 1 is 20 bytes.

    • DWORD. Structure version. The value of this field is 1 for InfoPath 2003 SP 1.

    • DWORD. Reserved.

    • DWORD. Size of the attached file.

    • DWORD. Size of the buffer needed to hold the name of the file.

    • File name buffer. Variable size.

    After InfoPath builds the header structure, the structure is attached to the beginning of the file data, and both are Base64 encoded. This Base64 data is then stored with the XML data in the form. For more information about Base64 encoding, see the World Wide Web Consortium (W3C) protocol, The Content-Transfer-Encoding Header Field.

    Designing a Form with a File Attachment Control

    There are three basic steps involved in adding a File Attachment control to a form, as described in the following procedure.

    To add a File Attachment control to a form

    1. Start InfoPath, and design a new blank form, or open an existing form in design mode.
    2. In the Design Tasks pane, click Controls.
    3. In the Controls task pane, under the File and Picture category, click or drag the File Attachment control into the view to add it to the form.

    After you insert the File Attachment control into your form template, you can customize the control to include a default file attachment or to restrict the types of files users can attach to your form. You can customize the File Attachment control through the File Attachment Properties dialog box for the control, as shown in Figure 1.

    Figure 1. File Attachment Properties dialog box

    To open the File Attachment Properties dialog box, double-click the control, or on the Format menu, click File Attachment Properties. Use this dialog box to customize the File Attachment control as described in the following sections.

    Specifying a Default Attachment

    You can specify a default file attachment that is attached automatically when users fill out the form. To specify a default file, click Browse, and in the Attach File dialog box, select a file. You can attach a file from the local file system, a shared location, or the Web. When you attach a file, the data in the file is encoded and stored with the form. When you attach a default file this way, the File Attachment control shows detailed information about the file that is attached.

    Blocking Unsafe File Types

    InfoPath does not allow certain file types, such as .exe, .com, or .bat, to be attached to a form. This restriction helps to prevent malicious executable files from being transferred to your hard drive and affecting your system. To determine the types of files that are considered unsafe, InfoPath follows a model similar to that of Microsoft Office Outlook 2003, as documented in Microsoft Knowledge Base Article - 829982: Cannot open attachments in Microsoft Outlook. The list of blocked file types for InfoPath is also included in the Adding File Types with the UnsafeFileTypesAdd Key section of this article.

    Specifying User Access to Attached Files

    You can further customize the File Attachment control by specifying whether users of your form are allowed to browse, delete, and replace files. This option is enabled by default, so users are able to attach and remove files from the form. If you clear this check box in the Properties dialog box, users can open only the default file that you attach to the form template. This option is useful when you want to provide a default file (such as a Help file) that is always included in the form. If you do not attach a default file, clearing this option renders the File Attachment control useless.

    Specifying a Restricted Set of Allowable File Types

    You can further restrict the types of files that users can attach to your form by specifying a restricted set of allowable file types. This setting is not the same as the setting for unsafe file types. By selecting Allow the user to attach only the following file types, you can enter specific file types in the box for this option. Type the extension or extensions of the file types that you want to allow users to attach to the form. Use semicolons to separate multiple file extensions (for example, doc; ppt; xls).

    Working with File Attachments Programmatically

    Microsoft .NET Framework provides methods that you can use to work with file attachments programmatically. The Convert class includes methods for encoding and decoding Base64 data (for example, Convert.FromBase64String). You can use these methods to decode existing InfoPath file attachment data or to encode a file for storing in an InfoPath form.

    When you insert a File Attachment control into an InfoPath form, InfoPath inserts the following processing instruction at the beginning of the XML template for the form, at a point before the root node:

    <?mso-infoPath-file-attachment-present?>

    This processing instruction is used by InfoPath, but it is not meant to be a security feature. If this processing instruction is removed or is not positioned before the root node, all File Attachment controls are disabled when users fill out the form.

    Note  When the NewFromSolutionWithData method is used to create a new form based on a form template, file attachment controls in the form will be disabled until the form is saved and reopened.

    Customizing the List of Blocked File Types

    InfoPath follows a model similar to that of Outlook to allow administrators to customize the list of blocked file types. Administrators can use the following registry key settings to customize the way InfoPath handles file attachments. The InfoPath customizations are merged with the Outlook customizations as described in the following sections.

    Adding File Types with the UnsafeFileTypesAdd Key

    By default, the following file extensions are considered unsafe by InfoPath 2003 SP 1:

    ade, adp, app, asp, bas, bat, cer, chm, cmd, com, cpl, crt, csh, exe, fxp, hlp, hta, inf, ins, isp, its, js, jse, ksh, lnk, mad, maf, mag, mam, maq, mar, mas, mat, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, msc, msi, msp, mst, ops, pcd, pif, prf, prg, pst, reg, scf, scr, sct, shb, shs, tmp, url, vb, vbe, vbs, vsmacros, vss, vst, vsw, ws, wsc, wsf, wsh

    In addition to the previously listed file types, InfoPath blocks any files that have CLSID as the extension.

    Administrators can add file types to the list of unsafe types by adding the UnsafeFileTypesAdd key and setting its value to a semicolon-delimited list of extensions. The registry key is:

    HKCU\Software\Microsoft\Office\11.0\InfoPath\Security\UnsafeFileTypesAdd

    The registry key type is REG_SZ.

    The registry key values comprise a list of semicolon-delimited file extensions. If only one extension is in the list, then the format is ".ext". If more than one, the format is "ext;ext;ext;etc". Note that when there is only one extension, a period (".") must precede the extension. When there is more than one extension, the period is not required before each extension.

    The InfoPath-specific list is merged with the Level1Add list for Outlook (from HKCU\Software\Microsoft\Office\11.0\Outlook\Security).

    Removing File Types with the UnsafeFileTypesRemove Key

    Administrators can remove files from the unsafe list by adding a key called UnsafeFileTypesRemove and setting its values to a semicolon-delimited list of extensions as previously described for the UnsafeFileTypesAdd key. The registry key to remove extensions from the unsafe list is:

    HKCU\Software\Microsoft\Office\11.0\InfoPath\Security\UnsafeFileTypesRemove

    The registry key type is REG_SZ.

    The registry key values comprise a list of semicolon-delimited file extensions. This list is used in conjunction with the Level1Remove list for Outlook (from HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security).

    For locations of the Level1Add and Level1Remove registry keys for Outlook, see Microsoft Knowledge Base Article - 829982: Cannot open attachments in Microsoft Outlook. In both cases in which you specify registry keys, the keys are version specific. In the case of Microsoft Office 2003 SP 1, the version in each registry key is 11.0.

    The matrix of interactions between InfoPath and Outlook is shown in Table 1.

    Table 2. Interactions between InfoPath and Outlook Registry Key Customizations

    Outlook Key InfoPath Add Key InfoPath Remove Key
    Outlook Add Key In unsafe list Not in unsafe list
    Outlook Remove Key Not in unsafe list Not in unsafe list

    You can specify that an extension is allowed in Outlook but not in InfoPath; however, you cannot specify that an extension is allowed in InfoPath but not in Outlook. The attachment customization for InfoPath adds a further level of restriction on top of the Outlook attachment restrictions.

    If an extension exists in both the UnsafeFileTypesAdd and UnsafeFileTypesRemove keys, removing it takes precedence over adding it. This is consistent with the Outlook attachment customization model.

    Disallowing Removals with the DisallowAttachmentCustomization Key

    Administrators can disallow removals from the list of unsafe file types by adding the DisallowAttachmentCustomization registry key:

    HKCU\Software\Policies\Microsoft\Office\11.0\InfoPath\Security\DisallowAttachmentCustomization

    The registry key type is REG_DWORD.

    This registry key does not require a value. The presence of the key is all that is needed to disallow removals.

    The DisallowAttachmentCustomization key for Outlook only affects whether or not the remove key for Outlook is honored. The DisallowAttachmentCustomization key for InfoPath determines whether or not the UnsafeFileTypesRemove key for InfoPath is honored.

    Conclusion

    You have seen how you can use the File Attachment control introduced in InfoPath 2003 SP 1 to easily include information from many other file formats with your InfoPath forms. You have seen how to work with the control and how to use the options for providing file attachment functionality while designing your forms. You have also learned how file attachments work and how to access that functionality programmatically. Finally, you have learned how to control file attachment functionality through the registry.

    © Microsoft Corporation. All rights reserved.