Re: Pre-filling FileField Values
Rick Faircloth wrote: However, if I want to take responsibility to designate an entire folder of files for upload, I should be able to do that, too. Not just one file at a time, but choose the folder and all its contents. With the extensions of RFC 2388 the HTTP protocol is perfectly capable of allowing a user-agent to upload an entire directory in one HTTP post. The choice not to implement that functionality in browsers is one made by browser vendors. Any inquiries as to why they made that choice should be directed to them. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311875 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Er, I had listed Java applets as an option about 15 messages ago, along with ActiveX and AIR. Am I missing something? On Thu, Aug 28, 2008 at 10:22 PM, Rick Faircloth [EMAIL PROTECTED]wrote: Ah-ha! I knew it! -Original Message- From: Azadi Saryev [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 9:54 PM To: CF-Talk Subject: Re: Pre-filling FileField Values there are also commercial java applets out there that allow a user to select multiple files at once (though not just pointing to the folder containing the files - actually selecting the files inside the folder, but they can click on and select multiple files in one 'select files' window, or in some cases even ctrl+a to select all of them at once). such applets are used on most of the photo sharing websites. of course, the users have to allow the applet to be installed first. sorry, no links. Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311782 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Because that isn't what HTTP was ever designed to do. They made a whole protocol just to handle this: FTP. I think this kind of argument is completely obsolete now. Both HTTP and FTP were designed to allow exchanges between computers made by computer scientists. Now, at least for HTTP, their role has been extended to low end users. As such, there is no reason the protocols could not be extended too. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311789 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
If they're still clicking and selecting then it isn't more risk per se, but creates issues in usability for the user. If they're not careful they could theoretically upload their entire My Documents folder without realizing it when they intended to send one file. Right, but the browser could calculate the total length of data, the number of files, estimate the time required, and ask for a confirmation. The maximum size allowed by the server to transfer could also be part of the protocol. After all, one could also delete all his files in his system, this is nor a reason to force him to delete files one at a time. Taking all users for idiots is not any better than limiting facilities for all in case one makes an error.. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311790 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
I'll bet if I asked all of my clients to zip up a folder of folders, only 10% would know how to do it without in-depth instruction. Then you have a problem. All depends on the kind of application you have and the kind of clients who are using it. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311791 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Because browsers weren't designed to allow you to do that. Again, this is not a reason they could not be upgraded to do it. Browsers were not designed to support tables and CSS either, now they do. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311792 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Right, but the browser could calculate the total length ... Could, yes, but I don't expect to see an upload a folder feature added to HTTP or the browsers as a standard any time soon. After all, one could also delete all his files in his system, this is nor a reason to force him to delete files one at a time. There's a big difference between accidentally deleting files and accidentally sending them to a server somewhere. In any case, this is getting to be off-topic and would be better taken to a standards body if anyone really wants to pursue the debate. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311793 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
Agreed... If limitations can be placed on uploading a single file and maintain an acceptable level of security, then the same should be true for a folder of files. And just because they can't now, doesn't they shouldn't be changed to do so. -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2008 1:29 PM To: CF-Talk Subject: Re: Pre-filling FileField Values Because browsers weren't designed to allow you to do that. Again, this is not a reason they could not be upgraded to do it. Browsers were not designed to support tables and CSS either, now they do. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311794 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
And before someone gets pedantic on me, I mean it is always going to be impossible in its current form, which is allowing arbitrary server-supplied JavaScript to modify the field value. Someone may well come up with some kind of authentication or authorization system where one can set different levels of access for trusted servers or something, but that's going in a different direction. On Fri, Aug 29, 2008 at 2:13 PM, Brian Kotek [EMAIL PROTECTED] wrote: No one is saying it can't be changed or added. The point is that it is not possible now, which was the root question being asked in this thread. Talking about what might be added in the future seems relatively pointless as far as giving an answer to the posed question. In fact, we're already far from the original question, which was actually about pre-populating file input fields. And going back to that, regardless of what the browser makers add in the future, this is always going to be impossible because there are just too many security issues associated with it. At this point we're just going into speculation or wish lists, which is fine, but probably going well off topic for this thread. On Fri, Aug 29, 2008 at 1:33 PM, Rick Faircloth [EMAIL PROTECTED]wrote: Agreed... If limitations can be placed on uploading a single file and maintain an acceptable level of security, then the same should be true for a folder of files. And just because they can't now, doesn't they shouldn't be changed to do so. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311800 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
No one is saying it can't be changed or added. The point is that it is not possible now, which was the root question being asked in this thread. Talking about what might be added in the future seems relatively pointless as far as giving an answer to the posed question. In fact, we're already far from the original question, which was actually about pre-populating file input fields. And going back to that, regardless of what the browser makers add in the future, this is always going to be impossible because there are just too many security issues associated with it. At this point we're just going into speculation or wish lists, which is fine, but probably going well off topic for this thread. On Fri, Aug 29, 2008 at 1:33 PM, Rick Faircloth [EMAIL PROTECTED]wrote: Agreed... If limitations can be placed on uploading a single file and maintain an acceptable level of security, then the same should be true for a folder of files. And just because they can't now, doesn't they shouldn't be changed to do so. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311799 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Pre-filling FileField Values
Is there some way to pre-fill a filefield value? I'm trying this: cfloop from=1 to=#filenamelist.recordcount# index=i cfoutput#i#/cfoutputbr cfoutputfilenameList.recordcount = #filenameList.recordcount#/cfoutputbr input name=cfoutput#i#/cfoutput type=file value=cfoutput#filenameList.name[i]#/cfoutputbr /cfloop And it gives me the correctly rendered HTML: input name=1 type=file value=E:\UploadDirectory\2008_0819_sav_mlxchange_image.jpgbr input name=2 type=file value=E:\UploadDirectory\2008_0819_sav_mlxchange_image_data_and_photo_download.jpgbr input name=3 type=file value=E:\UploadDirectory\2008_0819_sav_mlxchange_image_data_download.jpgbr But when the filefields are displayed in the browser, the filefields are empty. Is there some way to get the E:\UploadDirectory\2008_0819_sav_mlxchange_image.jpg to show up in the dynamically created filefields? Thanks, Rick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311723 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
No. It's a security hole. Imagine being able to pre-fill it with C:\my documents\sensitive file.doc and then hiding the form field so they never even knew about it. You could upload any file you wanted from your user and all they would need to do was submit the form. Well, heck, you can automatically submit forms with JavaScript anyway... ~Brad - Original Message - From: Rick Faircloth [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Thursday, August 28, 2008 12:28 PM Subject: Pre-filling FileField Values Is there some way to pre-fill a filefield value? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311724 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Is there some way to pre-fill a filefield value? Forget it. Imagine it was possible, then a page could get directly some very sensitive files like your system files, or address book... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311725 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
and all they would need to do was submit the form. Not even, this could be done in an onload event ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311726 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
I see your point. How do the multiple file uploaders in javascript or flash get around this problem? -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 1:46 PM To: CF-Talk Subject: Re: Pre-filling FileField Values No. It's a security hole. Imagine being able to pre-fill it with C:\my documents\sensitive file.doc and then hiding the form field so they never even knew about it. You could upload any file you wanted from your user and all they would need to do was submit the form. Well, heck, you can automatically submit forms with JavaScript anyway... ~Brad - Original Message - From: Rick Faircloth [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Thursday, August 28, 2008 12:28 PM Subject: Pre-filling FileField Values Is there some way to pre-fill a filefield value? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311728 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
I would be interested in your use case for this. As everyone has already pointed out this is a huge security risk but even from a user standpoint it doesn't make sense to me why you would want to do this? Thank You Dan Vega [EMAIL PROTECTED] http://www.danvega.org On Thu, Aug 28, 2008 at 1:46 PM, Claude Schneegans [EMAIL PROTECTED] wrote: and all they would need to do was submit the form. Not even, this could be done in an onload event ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311730 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
Sigh... security...wouldn't need so much of it if we could all be trusted. Can't we just all be nice? :o) -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 1:45 PM To: CF-Talk Subject: Re: Pre-filling FileField Values Is there some way to pre-fill a filefield value? Forget it. Imagine it was possible, then a page could get directly some very sensitive files like your system files, or address book... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311733 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
From a browser standpoint, your hands are tied. If you can convince your users to install an ActiveX control or something then you can have free reign. I think Flash might give you more control, but I'm not too familiar. Check out the code behind this to see: http://www.asfusion.com/blog/entry/file-upload-with-coldfusion-flash-forms ~Brad - Original Message - From: Rick Faircloth [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Thursday, August 28, 2008 12:52 PM Subject: RE: Pre-filling FileField Values I see your point. How do the multiple file uploaders in javascript or flash get around this problem? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311734 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Rick Faircloth wrote: I see your point. How do the multiple file uploaders in javascript or flash get around this problem? I've never seen javascript that could do this, once a bug in I.E. that allowed to was closed. I did once read about an ActiveX that purported to allow this when used in I.E. but that was years ago. Flash can do it since it is not a 'Browser' but rather a desktop application or something like it. I've never played with this so I do not know the ins and outs, but that is my understanding. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311735 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
Can't we just all be nice? :o) No. See the recent string of SQL Injection attacks for details. :) ~Brad ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311736 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Dan Vega wrote: I would be interested in your use case for this. As everyone has already pointed out this is a huge security risk but even from a user standpoint it doesn't make sense to me why you would want to do this? I've run into this request when working with corporate web applications. The process usually involves some regualar data upload by a user where the file follows a specific format including names. The idea being why should the poor overworked employee be bothered with navigating the file system and selecting the file when it is the same ever day|week|month. Couldn't they just click a button or something? I then reply, 'No they can't if you want this to be a quick and cheap application using a browser. Want to pay for me to learn AIR and we will discuss this/' At least that is how the reply is worded in my head. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311737 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
Actually, I was just responding to someone's request on the cf-newbie list for a way to upload an entire directory at once. I thought perhaps there was a way to auto-fill with a cfdirectory-generated list and corresponding fields for each file that would be pre-filled, then all the user would have to do is hit the submit button to upload all the files in the fields. Just trying to avoid each file being selected individually for the user. However, I could certainly use this feature in my real estate apps. Sometimes clients want to load 20 photos or more of a property and they complain about having to select each photo individually. I've used javascript to create an Add another file upload field function that clones the filefields and prevents the user from having to submit one file at a time, but they still have to select each file using Browse. At this point, I don't see how pre-filling the fields with values that the user is placing there is a security risk. I'm sure in some way that I'm not familiar with the function could be abused. It just seems like with some limitations placed on a group file upload, such as no hidden fields allowed, etc, that the function could be brought into use without security risks. The name of the file (which is often obscured in the filefields without working to view the filename) could be placed above the filefields when they are generated to assure the user of what's being uploaded. There are javascript solutions for this, so why can't CF have one that doesn't pose a security risk, if the javascript solutions don't? Rick -Original Message- From: Dan Vega [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 2:01 PM To: CF-Talk Subject: Re: Pre-filling FileField Values I would be interested in your use case for this. As everyone has already pointed out this is a huge security risk but even from a user standpoint it doesn't make sense to me why you would want to do this? Thank You Dan Vega [EMAIL PROTECTED] http://www.danvega.org On Thu, Aug 28, 2008 at 1:46 PM, Claude Schneegans [EMAIL PROTECTED] wrote: and all they would need to do was submit the form. Not even, this could be done in an onload event ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311738 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
I've never seen javascript that could do this
Now, I'm not a javascript code, and barely know how
to use jQuery, the most user-friendly js system I've seen.
However, after a little searching, I ran across this
script, which the author says will automatically generate
the needed number of filefields, then, using an iframe,
create multiple forms and use them to submit the filefields
one after another, thus uploading multiple
filefields with one pass. (If I understand it all with only
a cursory review.)
It looks fairly simple. Maybe I'll give that a try.
But here's the author's explanation:
The trick of my method is using multiple forms,
and using a hidden frame as the target of the form post.
I am creating multiple forms using a javascript loop,
just to make the total number of file upload fields variable
(defined by TotalFileFields variable). Each form contains
input type=file element. When upload button is called,
each form is posted one-by-one, and thus dividing the
process into multiple relayed requests.
And here's his code from
http://vinayakshrestha.wordpress.com/2007/03/20/javascript-multiple-files-upload-trick/
html
head
script type=text/javascript
TotalFileFields = 5;
StartUpload = false;
CurrentFormID = 1;
function FilesUpload() {
while (1) {
if (CurrentFormID TotalFileFields) return true;
if (eval('document.frm' + CurrentFormID + '.upFile.value') == ) {
CurrentFormID++;
continue;
}
break;
}
StartUpload = true;
eval('document.frm' + CurrentFormID + '.submit()');
return false;
}
function myIFrame_OnLoad() {
if (!StartUpload) return;
CurrentFormID++;
if (FilesUpload()) {
StartUpload = false;
CurrentFormID = 1;
alert('UPLOAD COMPLETE');
}
}
function GenerateUploadForms() {
for (i = 1; i = TotalFileFields; i++) {
document.write('form name=frm' + i + ' method=post
action=http://localhost/;
target=myIFrame enctype=multipart/form-data');
document.write('input type=file name=upFile//form\n');
}
}
/script
/head
body
script type=text/javascriptGenerateUploadForms();/script
input type=button value=UPLOAD onclick=FilesUpload();/
iframe id=myIFrame name=myIFrame onload=myIFrame_OnLoad();
style=display:none;/iframe
-Original Message-
From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2008 2:06 PM
To: CF-Talk
Subject: Re: Pre-filling FileField Values
Rick Faircloth wrote:
I see your point.
How do the multiple file uploaders in javascript or flash
get around this problem?
I've never seen javascript that could do this, once a bug in I.E. that
allowed to was closed.
I did once read about an ActiveX that purported to allow this when used
in I.E. but that was years ago.
Flash can do it since it is not a 'Browser' but rather a desktop
application or something like it. I've never played with this so I do
not know the ins and outs, but that is my understanding.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311740
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
Rick Faircloth wrote: (If I understand it all with only a cursory review.) Just reading your posted description, this is a way to just create multiple file upload controls. JavaScript can easily do this, I am unclear on what the benefit of making them all separate forms in iframes is, but I've done similar. What JavaScript can not do, as far as I know, is to populate those file controls with any predefined file names and paths. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311742 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
I thought perhaps there was a way to auto-fill with a cfdirectory-generated list and corresponding fields for each file that would be pre-filled, then all the user would First, CFDIRECTORY only has access to the files and directories on the server, not the client, so you wouldn't be able to list the user's folders and pre-populate the fields anyway. At this point, I don't see how pre-filling the fields with values that the user is placing there is a security risk. I'm sure in some way that I'm not familiar with the function could be abused. Ok, imaging that there is a widely used accounting program that stores its data file in the same location on every install. Now, imagine a malicious web author sending spam for free Paris Hilton pictures. The unsuspecting user visits the page, but it's asking for their age before it will let them through. No problem! Here's my age, click submit, and WHAM, they now have your accounting database. How? Because they put a file upload field with the path to your database pre-populated. Maybe the field was hidden, covered with an image, or re-positioned off screen so the user didn't see it. Whatever the case, the browser won't let you do that to prevent this scenario. It just seems like with some limitations placed on a group file upload, such as no hidden fields allowed, etc, that the function could be brought into use without security risks. The name of the file (which is often obscured in the filefields without working to view the filename) could be placed above the filefields when they are generated to assure the user of what's being uploaded. That's one of the faulty assumptions; that user's check for these sorts of things before they click submit. How many years did it take to train people to look for the lock icon when making a purchase? The browser vendors had to start changing the color of the address bar to get people to notice! There are javascript solutions for this, so why can't CF have one that doesn't pose a security risk, if the javascript solutions don't? I think the JS method someone mentioned exploited a bug in IE to get around that, and said bug has since been patched so even that won't work anymore. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311744 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
I wrote a multi uploader in flex / cf. If you need the source I could probably help you out. http://cfmu.riaforge.org Thank You Dan Vega [EMAIL PROTECTED] http://www.danvega.org On Thu, Aug 28, 2008 at 3:03 PM, Ian Skinner [EMAIL PROTECTED] wrote: Rick Faircloth wrote: (If I understand it all with only a cursory review.) Just reading your posted description, this is a way to just create multiple file upload controls. JavaScript can easily do this, I am unclear on what the benefit of making them all separate forms in iframes is, but I've done similar. What JavaScript can not do, as far as I know, is to populate those file controls with any predefined file names and paths. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311745 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
Just reading your posted description, this is a way to just create multiple file upload controls. That's not the way I read it. Again, the author's description: The trick of my method is using multiple forms, and using a hidden frame as the target of the form post. I am creating multiple forms using a javascript loop, just to make the total number of file upload fields variable (defined by TotalFileFields variable). Each form contains input type=file element. When upload button is called, each form is posted one-by-one, and thus dividing the process into multiple relayed requests. Note he states: When the upload button is called, each for is posted one-by-one, this dividing the process into multiple relayed requests. He seems to be saying that one click of the button sets off a series of auto-generated forms containing a filefield which is automatically submitted via js until there are no more files, at which point the function breaks... I tried his code as is, except for adding /body and /html to the page, but it doesn't work or look correct. And from his code, I can't see where the directory or files would be specified. Maybe this is not all there is to his code. Perhaps I'll email him about it. -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 3:04 PM To: CF-Talk Subject: Re: Pre-filling FileField Values Rick Faircloth wrote: (If I understand it all with only a cursory review.) Just reading your posted description, this is a way to just create multiple file upload controls. JavaScript can easily do this, I am unclear on what the benefit of making them all separate forms in iframes is, but I've done similar. What JavaScript can not do, as far as I know, is to populate those file controls with any predefined file names and paths. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311746 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Pre-filling FileField Values
JavaScript can easily do this, I am unclear on what the benefit of making them all separate forms in iframes is, but I've done similar. The iframes seems to be his method to allow triggering of forms submission one-after-another. I've got my cloning solution for easily creating additional filefields, but they still have to be Browsed one-at-a-time for the files. -Original Message- From: Dan Vega [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 3:16 PM To: CF-Talk Subject: Re: Pre-filling FileField Values I wrote a multi uploader in flex / cf. If you need the source I could probably help you out. http://cfmu.riaforge.org Thank You Dan Vega [EMAIL PROTECTED] http://www.danvega.org On Thu, Aug 28, 2008 at 3:03 PM, Ian Skinner [EMAIL PROTECTED] wrote: Rick Faircloth wrote: (If I understand it all with only a cursory review.) Just reading your posted description, this is a way to just create multiple file upload controls. JavaScript can easily do this, I am unclear on what the benefit of making them all separate forms in iframes is, but I've done similar. What JavaScript can not do, as far as I know, is to populate those file controls with any predefined file names and paths. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311747 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Well the way I read it, but I have not looked at the site. Is that this tool creates multiple file controls, then a user has to populate them with files, then the button submits them all. But I got to admit all that iframe and separate form stuff is an awful lot of work to do this rather simple functionality. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311748 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
There are javascript solutions for this, so why can't CF have one that doesn't pose a security risk, if the javascript solutions don't? Rick It should be pointed out that CF is not involved in this limitation at all. If you want to make a case for change it would need to be made with the HTTP|HTML standard boards and the browser makers who follow their recommendations. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311749 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Ian Skinner wrote: But I got to admit all that iframe and separate form stuff is an awful lot of work to do this rather simple functionality. I just read through the post for that multiple file loader JavaScript. The problem he is trying to get around using multiple forms is size limits and timeouts on an individual large request with multiple files in it. By breaking the process up into separate requests, one for each file. There is nothing to this tool about automatically populating these file controls that I can see. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311750 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
I believe the Zip functionality that was suggested to the CFnewbie poster would be an ideal solution for your 20 photos. You can instruct the client to zip all of the photos into a zip file and then upload using the form. You can check to see if it is a .zip file, if it is, you can unzip it to your app directory and then loop over the image files inside to process them into your site. (if you resize/thumbnail/etc) Good luck, William Actually, I was just responding to someone's request on the cf-newbie list for a way to upload an entire directory at once. I thought perhaps there was a way to auto-fill with a cfdirectory-generated list and corresponding fields for each file that would be pre-filled, then all the user would have to do is hit the submit button to upload all the files in the fields. Just trying to avoid each file being selected individually for the user. However, I could certainly use this feature in my real estate apps. Sometimes clients want to load 20 photos or more of a property and they complain about having to select each photo individually. I've used javascript to create an Add another file upload field function that clones the filefields and prevents the user from having to submit one file at a time, but they still have to select each file using Browse. At this point, I don't see how pre-filling the fields with values that the user is placing there is a security risk. I'm sure in some way that I'm not familiar with the function could be abused. It just seems like with some limitations placed on a group file upload, such as no hidden fields allowed, etc, that the function could be brought into use without security risks. The name of the file (which is often obscured in the filefields without working to view the filename) could be placed above the filefields when they are generated to assure the user of what's being uploaded. There are javascript solutions for this, so why can't CF have one that doesn't pose a security risk, if the javascript solutions don't? Rick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311751 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
tool creates multiple file controls, then a user has to populate them with files, then the button submits them all. Very well could be. Like I said, I don't understand the js stuff enough to know. I did leave a comment for him, however, which was moderated, so I hope to hear from him with a working example. I'll let everyone know. -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 3:48 PM To: CF-Talk Subject: Re: Pre-filling FileField Values Well the way I read it, but I have not looked at the site. Is that this tool creates multiple file controls, then a user has to populate them with files, then the button submits them all. But I got to admit all that iframe and separate form stuff is an awful lot of work to do this rather simple functionality. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311753 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Pre-filling FileField Values
This issues just sounds like it could be addressed by placing limitations on what type of files are acceptable in the upload. Such as with cffile... I don't really know. -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 3:51 PM To: CF-Talk Subject: Re: Pre-filling FileField Values There are javascript solutions for this, so why can't CF have one that doesn't pose a security risk, if the javascript solutions don't? Rick It should be pointed out that CF is not involved in this limitation at all. If you want to make a case for change it would need to be made with the HTTP|HTML standard boards and the browser makers who follow their recommendations. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311754 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
Thanks for the suggestion, William. I'll keep that in my notes as a solution next time I'm confronted with that issue. Rick -Original Message- From: William Seiter [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 3:57 PM To: CF-Talk Subject: Re: Pre-filling FileField Values I believe the Zip functionality that was suggested to the CFnewbie poster would be an ideal solution for your 20 photos. You can instruct the client to zip all of the photos into a zip file and then upload using the form. You can check to see if it is a .zip file, if it is, you can unzip it to your app directory and then loop over the image files inside to process them into your site. (if you resize/thumbnail/etc) Good luck, William Actually, I was just responding to someone's request on the cf-newbie list for a way to upload an entire directory at once. I thought perhaps there was a way to auto-fill with a cfdirectory-generated list and corresponding fields for each file that would be pre-filled, then all the user would have to do is hit the submit button to upload all the files in the fields. Just trying to avoid each file being selected individually for the user. However, I could certainly use this feature in my real estate apps. Sometimes clients want to load 20 photos or more of a property and they complain about having to select each photo individually. I've used javascript to create an Add another file upload field function that clones the filefields and prevents the user from having to submit one file at a time, but they still have to select each file using Browse. At this point, I don't see how pre-filling the fields with values that the user is placing there is a security risk. I'm sure in some way that I'm not familiar with the function could be abused. It just seems like with some limitations placed on a group file upload, such as no hidden fields allowed, etc, that the function could be brought into use without security risks. The name of the file (which is often obscured in the filefields without working to view the filename) could be placed above the filefields when they are generated to assure the user of what's being uploaded. There are javascript solutions for this, so why can't CF have one that doesn't pose a security risk, if the javascript solutions don't? Rick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311755 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Pre-filling FileField Values
process them into your site. (if you resize/thumbnail/etc) Oh, yes, definitely. The image processing of CF 8 is the main reason why I upgraded from CF 4.5! I was s glad to see those capabilities! -Original Message- From: William Seiter [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 3:57 PM To: CF-Talk Subject: Re: Pre-filling FileField Values I believe the Zip functionality that was suggested to the CFnewbie poster would be an ideal solution for your 20 photos. You can instruct the client to zip all of the photos into a zip file and then upload using the form. You can check to see if it is a .zip file, if it is, you can unzip it to your app directory and then loop over the image files inside to process them into your site. (if you resize/thumbnail/etc) Good luck, William Actually, I was just responding to someone's request on the cf-newbie list for a way to upload an entire directory at once. I thought perhaps there was a way to auto-fill with a cfdirectory-generated list and corresponding fields for each file that would be pre-filled, then all the user would have to do is hit the submit button to upload all the files in the fields. Just trying to avoid each file being selected individually for the user. However, I could certainly use this feature in my real estate apps. Sometimes clients want to load 20 photos or more of a property and they complain about having to select each photo individually. I've used javascript to create an Add another file upload field function that clones the filefields and prevents the user from having to submit one file at a time, but they still have to select each file using Browse. At this point, I don't see how pre-filling the fields with values that the user is placing there is a security risk. I'm sure in some way that I'm not familiar with the function could be abused. It just seems like with some limitations placed on a group file upload, such as no hidden fields allowed, etc, that the function could be brought into use without security risks. The name of the file (which is often obscured in the filefields without working to view the filename) could be placed above the filefields when they are generated to assure the user of what's being uploaded. There are javascript solutions for this, so why can't CF have one that doesn't pose a security risk, if the javascript solutions don't? Rick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311756 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Sometimes clients want to load 20 photos or more of a property and they complain about having to select each photo individually. Exact, one should be able to upload every thing like *.jpg in a directory, or select several files in it. I've implemented another solution were clients can send all their images in one zip file, and I unzip it on the server. Of course, there is no gain in size, and users must be able to zip files, but at least for this application, it doesn't look like it is asking too much ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311757 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Rick Faircloth wrote: This issues just sounds like it could be addressed by placing limitations on what type of files are acceptable in the upload. Such as with cffile... I don't really know. But the point is that cffile... would happily accept anything right now. ColdFusion does not care and is *NOT* limiting you here. Your BROWSER is limiting you. Adobe could put all the limits we want! But until the makers of Internet Explorer and FireFox and Opera and all the others get together and decide to go against the recommendations created by the HTTP and HTML standards or these standards are changed, it will not do any good at all. And how would Adobe fixing cffile... to be secure protect uses for unscrupulous programmers using ASP, .NET, PHP, PERL, CGI, JAVA, C++ and anything else that could be used to program an page. Especially since the security whole we are talking about does not even require an Application processor. I could hand code a file stealing form in Notepad and save it to a server and then manually collect all the files from the Web Server if this where allowed. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311758 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
The bottom line is that you cannot use JavaScript to set the value of a file field. You just can't do it. The browser makers went out of their way to make sure that this is impossible due to the devastating security issues that would result if it were allowed. There is absolutely no way to insert a value into a file input element using JavaScript. The only way a value can be put in there is a result of the user choosing a file in the file selection dialog box. All the multi-upload JavaScript tricks are doing is creating separate hidden file input fields, but the user still has to explicitly choose a file value to put into it. Regards, Brian On Thu, Aug 28, 2008 at 5:03 PM, Rick Faircloth [EMAIL PROTECTED]wrote: This issues just sounds like it could be addressed by placing limitations on what type of files are acceptable in the upload. Such as with cffile... I don't really know. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311760 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Pre-filling FileField Values
Yes, getting the basic standards which restrict functionality would be another whole game... -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 6:05 PM To: CF-Talk Subject: Re: Pre-filling FileField Values Rick Faircloth wrote: This issues just sounds like it could be addressed by placing limitations on what type of files are acceptable in the upload. Such as with cffile... I don't really know. But the point is that cffile... would happily accept anything right now. ColdFusion does not care and is *NOT* limiting you here. Your BROWSER is limiting you. Adobe could put all the limits we want! But until the makers of Internet Explorer and FireFox and Opera and all the others get together and decide to go against the recommendations created by the HTTP and HTML standards or these standards are changed, it will not do any good at all. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311762 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
the user still has to explicitly choose a file value to put into it And that's good...the user should know exactly what they're uploading and be able to control that. However, if I want to take responsibility to designate an entire folder of files for upload, I should be able to do that, too. Not just one file at a time, but choose the folder and all its contents. Why not? -Original Message- From: Brian Kotek [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 6:35 PM To: CF-Talk Subject: Re: Pre-filling FileField Values The bottom line is that you cannot use JavaScript to set the value of a file field. You just can't do it. The browser makers went out of their way to make sure that this is impossible due to the devastating security issues that would result if it were allowed. There is absolutely no way to insert a value into a file input element using JavaScript. The only way a value can be put in there is a result of the user choosing a file in the file selection dialog box. All the multi-upload JavaScript tricks are doing is creating separate hidden file input fields, but the user still has to explicitly choose a file value to put into it. Regards, Brian ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311763 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
However, if I want to take responsibility to designate an entire folder of files for upload, I should be able to do that, too. Not just one file at a time, but choose the folder and all its contents. Because browsers weren't designed to allow you to do that. If you want to escape the limitations of the browser, you'll need to use another client. This is something you could build fairly easily with AIR. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311765 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
However, if I want to take responsibility to designate an entire folder of files for upload, I should be able to do that, too. Not just one file at a time, but choose the folder and all its contents. Why not? I think you're completely missing the whole security issue that would be created if they allowed that. You see it as functionality to make life easier for the users. The hackers see it as a golden opportunity to do a drive-by upload of your entire hard drive. Fortunately the people who design the protocols and standards have the ability to recognize this, and I, for one, am thankful for that. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311766 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
but at least for this application, it doesn't look like it is asking too much ;-) Ha! Claude! Are you kidding! I'll bet if I asked all of my clients to zip up a folder of folders, only 10% would know how to do it without in-depth instruction... -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 5:30 PM To: CF-Talk Subject: Re: Pre-filling FileField Values Sometimes clients want to load 20 photos or more of a property and they complain about having to select each photo individually. Exact, one should be able to upload every thing like *.jpg in a directory, or select several files in it. I've implemented another solution were clients can send all their images in one zip file, and I unzip it on the server. Of course, there is no gain in size, and users must be able to zip files, but at least for this application, it doesn't look like it is asking too much ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311761 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Ha! Claude! Are you kidding! I'll bet if I asked all of my clients to zip up a folder of folders, only 10% would know how to do it without in-depth instruction... For those types I generally just deploy an FTP account and craft a URL that they can click on such as: ftp://user:[EMAIL PROTECTED]/ Then they can just drag and drop the files into the Explorer window and it uploads them to the server. Depending on the application a process can either run periodically to sweep the files in and process them into a general file/image library, or they can click the import images button when adding a record and it will go pull in anything in the upload folder. Gets around the whole click and select each file individually issue, the ZIP issue, AND the HTTP timeout issue all at once. If you craft your user interface well then it becomes easy for the users. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311764 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
On Thu, Aug 28, 2008 at 7:03 PM, Rick Faircloth [EMAIL PROTECTED]wrote: the user still has to explicitly choose a file value to put into it And that's good...the user should know exactly what they're uploading and be able to control that. However, if I want to take responsibility to designate an entire folder of files for upload, I should be able to do that, too. Not just one file at a time, but choose the folder and all its contents. Why not? Because that isn't what HTTP was ever designed to do. They made a whole protocol just to handle this: FTP. I'm somewhat confused about your point now. It's clear that what you're attempting to do is simply not possible using only a web broswer and a form. There are other avenues such as AIR, ActiveX, Java applets, or FTP that will do this. But unless you start mailing standards bodies and browser makers with enhancement requests, this avenue is closed. I can tell you that it makes functional testing a pain, because if you want to use something like Selenium to test a page that does a file upload, you're out of luck. Annoying? Maybe in some cases. Likely to change? Unlikely to the point of being moot, I'm afraid. Regards, Brian ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311767 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
Sounds like a good idea! -Original Message- From: Justin Scott [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 7:07 PM To: CF-Talk Subject: Re: Pre-filling FileField Values Ha! Claude! Are you kidding! I'll bet if I asked all of my clients to zip up a folder of folders, only 10% would know how to do it without in-depth instruction... For those types I generally just deploy an FTP account and craft a URL that they can click on such as: ftp://user:[EMAIL PROTECTED]/ Then they can just drag and drop the files into the Explorer window and it uploads them to the server. Depending on the application a process can either run periodically to sweep the files in and process them into a general file/image library, or they can click the import images button when adding a record and it will go pull in anything in the upload folder. Gets around the whole click and select each file individually issue, the ZIP issue, AND the HTTP timeout issue all at once. If you craft your user interface well then it becomes easy for the users. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311768 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Pre-filling FileField Values
The hackers see it as a golden opportunity to do a drive-by upload of your entire hard drive. But why is there more risk for a user to upload a single directory, and *only* a single directory of their choosing than to upload single files. Is it just to protect them from themselves? With the limitation of the function to one directory without recursion, I don't see how those poses risk to a user's or my server's hard drive. No recursion and limitation on file types... How would the one folder method be more risky than the one file method? And I'm asking because I really want to understand, not because I think I know what's better... -Original Message- From: Justin Scott [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 7:11 PM To: CF-Talk Subject: Re: Pre-filling FileField Values However, if I want to take responsibility to designate an entire folder of files for upload, I should be able to do that, too. Not just one file at a time, but choose the folder and all its contents. Why not? I think you're completely missing the whole security issue that would be created if they allowed that. You see it as functionality to make life easier for the users. The hackers see it as a golden opportunity to do a drive-by upload of your entire hard drive. Fortunately the people who design the protocols and standards have the ability to recognize this, and I, for one, am thankful for that. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311769 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Pre-filling FileField Values
Oh, Dave... I don't want to have to learn something new right now. I'm trying too hard to keep CF8, CFEclipse, SVN, hand-coding everything, and CSS-layout sites working correctly in my brain. You're just trying to give me a migraine! :o) Before I learn another app right now, my clients will have to push way more than 20 Browse buttons looking for files. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 7:14 PM To: CF-Talk Subject: RE: Pre-filling FileField Values However, if I want to take responsibility to designate an entire folder of files for upload, I should be able to do that, too. Not just one file at a time, but choose the folder and all its contents. Because browsers weren't designed to allow you to do that. If you want to escape the limitations of the browser, you'll need to use another client. This is something you could build fairly easily with AIR. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311770 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
I hear what you're saying. I just like to rail against the limitations some. Whether 'tis nobler in the mind to suffer the slings and arrows of outrageous misfortune, or to take arms against a sea of troubles and by opposing end them... -Original Message- From: Brian Kotek [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 7:48 PM To: CF-Talk Subject: Re: Pre-filling FileField Values On Thu, Aug 28, 2008 at 7:03 PM, Rick Faircloth [EMAIL PROTECTED]wrote: the user still has to explicitly choose a file value to put into it And that's good...the user should know exactly what they're uploading and be able to control that. However, if I want to take responsibility to designate an entire folder of files for upload, I should be able to do that, too. Not just one file at a time, but choose the folder and all its contents. Why not? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311771 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Pre-filling FileField Values
How would the one folder method be more risky than the one file method? If they're still clicking and selecting then it isn't more risk per se, but creates issues in usability for the user. If they're not careful they could theoretically upload their entire My Documents folder without realizing it when they intended to send one file. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311772 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
there are also commercial java applets out there that allow a user to select multiple files at once (though not just pointing to the folder containing the files - actually selecting the files inside the folder, but they can click on and select multiple files in one 'select files' window, or in some cases even ctrl+a to select all of them at once). such applets are used on most of the photo sharing websites. of course, the users have to allow the applet to be installed first. sorry, no links. Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ Rick Faircloth wrote: Oh, Dave... I don't want to have to learn something new right now. I'm trying too hard to keep CF8, CFEclipse, SVN, hand-coding everything, and CSS-layout sites working correctly in my brain. You're just trying to give me a migraine! :o) Before I learn another app right now, my clients will have to push way more than 20 Browse buttons looking for files. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311773 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
Well, I just set up something that to say: You're about to upload xyz (file or folder). Are you sure this is what you want to do? Yes No Of course I don't want all that on my server, so maybe I would have to limit the name of the folder their uploading to a specific name. cfdirectory action=upload recursive=no specifyDirectory=yes directoryName=Photos dataLimit=yes DataSizeLimit=100 (MB) MaxNumberofFiles=100 UseThread=yes ThreadName=PhotoUpload Whatever...I'm tired...FTP or having the client zip their files sounds good... Looks like it nobler in the mind to suffer... -Original Message- From: Justin D. Scott [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 9:56 PM To: CF-Talk Subject: RE: Pre-filling FileField Values How would the one folder method be more risky than the one file method? If they're still clicking and selecting then it isn't more risk per se, but creates issues in usability for the user. If they're not careful they could theoretically upload their entire My Documents folder without realizing it when they intended to send one file. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311775 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Pre-filling FileField Values
Ah-ha! I knew it! -Original Message- From: Azadi Saryev [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 9:54 PM To: CF-Talk Subject: Re: Pre-filling FileField Values there are also commercial java applets out there that allow a user to select multiple files at once (though not just pointing to the folder containing the files - actually selecting the files inside the folder, but they can click on and select multiple files in one 'select files' window, or in some cases even ctrl+a to select all of them at once). such applets are used on most of the photo sharing websites. of course, the users have to allow the applet to be installed first. sorry, no links. Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ Rick Faircloth wrote: Oh, Dave... I don't want to have to learn something new right now. I'm trying too hard to keep CF8, CFEclipse, SVN, hand-coding everything, and CSS-layout sites working correctly in my brain. You're just trying to give me a migraine! :o) Before I learn another app right now, my clients will have to push way more than 20 Browse buttons looking for files. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311776 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
