In addition to what Deanna said, why not specify the file types you will allow using CFFILE's ACCEPT parameter? The two for Excel are application/vnd.ms-excel and application/msexcel.
However CFFILE determines MIME type via the file extension, which isn't exactly hackproof. If you allow file renaming after upload some clown can upload any file type as an allowed file type, then rename it as part of some nefarious scheme. No idea how to fix that... -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212471 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
