<form class=“media” action=“<%== @form_action %>” method=“post” enctype=“multipart/form-data”>

<p>
  <input type="hidden" name="token" value="<%== form_token %>" />
  <input type="file" name="file" id="file" />
  <input type="submit" value="Upload" />
</p>

</form>