One of the features syntax provides via content input forms is a widget that allows users to upload files to the site and make them available to visitors. This feature entails more than just putting the uploaded files in a directory in your public site root. This article focuses on how files are served to site visitors and we won't touch upon how the actual upload is handled.

1. Uploaded files are saved to your sites filestore. This path is specified by the datastore, path preference.
2. The datastore, url preference tells syntax to prepend that path to file path saved in the records table. Syntax also prepends the record id to the file. By default, the datastore url is '/files'. If you change this, you'll have to change an apache rewrite.
3. When a user requests a document, a rewrite rule sends the request through public/files.php this file does the following:
   • Checks if the file's extension matches the FILES_PASSTHRU_REGEX, if so it is sent to the user. By default, the files passthru regular expression is meant to catch image files.
   • If it is not a file, it checks to make sure that the user is allowed to read the record that the file is attached to by parsing out the record id. If so, the file is sent, otherwise a 403 Access Forbidden header is sent

One last thing to note is that newer versions of files.php will save bandwidth by looking for a If-Modified-Since header from the browser and if the file hasn't been changed since that file, it'll respond witha 304 Not Modified header.