For security reasons, no web server is ever allowed to browse a client computer's filesystem. Nor, for that matter, is a client computer allowed to browse the server's filesystem, except to the extent that the web application permits.
The file upload function that the inputFile tag supports instructs the client's web browser to open a local dialog box in order to select a file for uploading. The actual file data transfer is done by the browser using special form properties (MIME encoding). The server knows how to handle this data format (if it was properly configured), but the client is completely and totally responsible for everything else.
Anything beyond that would require client-side signed code in a special JavaScript or
Java Applet.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.