RE: Mime Type for File Upload

2006-10-25 Thread Rick Faircloth
Robertson [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 8:33 PM To: CF-Talk Subject: Re: Mime Type for File Upload Bear in mind that cffile simply matches the mime type to its allowed extension... so if someone wants to upload an .exe file all they have to do is give it a .pdf

RE: Mime Type for File Upload

2006-10-25 Thread Martyn Bowis
submit form.cfm to upload.php and then redirect back to form.cfm Cheers, Martyn -Original Message- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 1:18 AM To: CF-Talk Subject: RE: Mime Type for File Upload if someone wants to upload an .exe file all

RE: Mime Type for File Upload

2006-10-25 Thread Mosh Teitelbaum
Rick Faircloth wrote: Need to specify the CFFILE Accept attributes for .doc and .pdf. What would those be? I know Accept = application/msword would accept Word docs, but would they be limited .doc filetype? And what about .pdf. application or text or ??? I want to limit uploads to .doc

RE: Mime Type for File Upload

2006-10-25 Thread Rick Faircloth
I've never use PHP, so I'll have to do some work to get that done...I'll check it out... Thanks for the tip! Rick -Original Message- From: Martyn Bowis [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 25, 2006 8:42 AM To: CF-Talk Subject: RE: Mime Type for File Upload Hi Rick, Use

RE: Mime Type for File Upload

2006-10-25 Thread Dave Watts
Use PHP as this can definitely determine mime type as well as file extension. I'm pretty sure that, just like CF, PHP just looks at the MIME type it's given. So, if you're using CF for everything else, you might as well use it for this also. You use the ACCEPT attribute of CFFILE to list

RE: Mime Type for File Upload

2006-10-25 Thread Dave Watts
if someone wants to upload an .exe file all they have to do is give it a .pdf extension. Plan your security for that as best you can. What type of security can prevent that? What can truly determine what type of file a file is except by extension? Well, the extension isn't what

RE: Mime Type for File Upload

2006-10-25 Thread Rick Faircloth
Thanks for the advice, Mosh! Rick -Original Message- From: Mosh Teitelbaum [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 25, 2006 9:44 AM To: CF-Talk Subject: RE: Mime Type for File Upload Rick Faircloth wrote: Need to specify the CFFILE Accept attributes for .doc and .pdf

RE: Mime Type for File Upload

2006-10-25 Thread Rick Faircloth
: Mime Type for File Upload if someone wants to upload an .exe file all they have to do is give it a .pdf extension. Plan your security for that as best you can. What type of security can prevent that? What can truly determine what type of file a file is except by extension? Well

RE: Mime Type for File Upload

2006-10-25 Thread Dave Watts
Thanks for the advice, Dave...and what does this mean in practice? you don't want to allow files to be placed where they could be potentially executed. Set the permissions on the directory where you write these files so that they can't be executed by CF or your web server, and don't make

RE: Mime Type for File Upload

2006-10-25 Thread Rick Faircloth
Thanks! -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 25, 2006 11:22 AM To: CF-Talk Subject: RE: Mime Type for File Upload Thanks for the advice, Dave...and what does this mean in practice? you don't want to allow files to be placed where

RE: Mime Type for File Upload

2006-10-25 Thread Martyn Bowis
Hi again, If CFFile does not read the file content when uploading, then perhaps you can use CFFILE to read the BINARY content of that file that has been uploaded (before renaming or making it available anywhere for anyone to access) and determine its header makeup from that? See the following

Re: Mime Type for File Upload

2006-10-24 Thread Dave Lyons
http://www.webmaster-toolkit.com/mime-types.shtml Need to specify the CFFILE Accept attributes for .doc and .pdf. What would those be? I know Accept = application/msword would accept Word docs, but would they be limited .doc filetype? And what about .pdf. application or text or ??? I

RE: Mime Type for File Upload

2006-10-24 Thread Martyn Bowis
Hi Rick, The following is a list of mime types: http://www.netdesign.co.nz/mime.htm I suggest that you use a cfswitch to validate your file uploads (see below). You could also add another switch that evaluates mime type ... Which I assume you are already doing, hence the need for the list.

Re: Mime Type for File Upload

2006-10-24 Thread Matt Robertson
Bear in mind that cffile simply matches the mime type to its allowed extension... so if someone wants to upload an .exe file all they have to do is give it a .pdf extension. Plan your security for that as best you can. For example don't allow file renaming! -- [EMAIL PROTECTED] Janitor, MSB

RE: Mime Type for File Upload

2006-10-24 Thread Martyn Bowis
headers to get the mime type. If not, then perhaps PHP is safer for file upload processing ? Cheers, Martyn -Original Message- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 25, 2006 1:33 PM To: CF-Talk Subject: Re: Mime Type for File Upload Bear in mind

RE: Mime Type for File Upload

2006-10-24 Thread Rick Faircloth
:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 8:21 PM To: CF-Talk Subject: RE: Mime Type for File Upload Hi Rick, The following is a list of mime types: http://www.netdesign.co.nz/mime.htm I suggest that you use a cfswitch to validate your file uploads (see below). You could also add another

RE: Mime Type for File Upload

2006-10-24 Thread Rick Faircloth
Thanks for the tip, Matt... Is that what Martyn's CFSwitch routine would do? Rick -Original Message- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 8:33 PM To: CF-Talk Subject: Re: Mime Type for File Upload Bear in mind that cffile simply matches

RE: Mime Type for File Upload

2006-10-24 Thread Rick Faircloth
Thanks for the reference, Dave... Rick -Original Message- From: Dave Lyons [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 8:06 PM To: CF-Talk Subject: Re: Mime Type for File Upload http://www.webmaster-toolkit.com/mime-types.shtml

RE: Mime Type for File Upload

2006-10-24 Thread Martyn Bowis
on Google, the coder's best adviser :o) Just search under PHP File Upload -Original Message- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 25, 2006 2:49 PM To: CF-Talk Subject: RE: Mime Type for File Upload Not quite sure what's happening here on the user

RE: Mime Type for File Upload

2006-10-24 Thread Rick Faircloth
Thanks for the explanation, Martyn...I see about implementing that security feature... Rick -Original Message- From: Martyn Bowis [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 10:22 PM To: CF-Talk Subject: RE: Mime Type for File Upload Hi Rick, When the user submits

RE: Mime Type for File Upload

2006-10-24 Thread Martyn Bowis
Hi again Rick, I guess what you really need is something simple like: cfset filePath = File.ServerDirectory / File.ServerFile cfset ext = File.ServerFileExt cfset mimetype = #getPageContext().getServletContext().getMimeType(filePath)# cfswitch expression=#ext# cfcase value=pdf

RE: Mime Type for File Upload

2006-10-24 Thread Andrew Tyrone
-Original Message- From: Martyn Bowis [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 10:21 PM To: CF-Talk Subject: RE: Mime Type for File Upload PS: I found the following link on Google that may help with evaluating the mime type: http://www.houseoffusion.com