NON-Localized String: This is a query string argument for the storage key for managing access to the session. The repost control looks for this query string argument, takes the string from it and looks in the user Session in the location marked by the value of _QS_FILEPATH_SESSION_KEY. Why do we do this? We cannot send the filepath in the QS because it could be spoofed by a malevolent user to download any file on the Web Server. We secure this download function by only making it possible to download filepaths placed on the session (which should not normally be directly accessible by users). If we wish to improve security later, we can apply a transformation on the filepath in the Session such that this control can only use filepaths explicitly transformed for use with this control (just in case the user finds some other place where a filepath is stored on the session).
FileDownloadControl Class | com.plumtree.uiinfrastructure.filedownload Namespace