This might be something new in CF 7. Both wpd and xls are coming back as application/octet-stream. Which is very wrong.
Now what I do is temporarily upload the file. Check it's original extension against the approved list, if it's good rename it and enter it in the db, if not delete the temp copy and throw an error. Ugly but it works. Tim -----Original Message----- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: Thursday, July 21, 2005 7:37 PM To: CF-Talk Subject: Re: Upload security? In addition to what Deanna said, why not specify the file types you will allow using CFFILE's ACCEPT parameter? The two for Excel are application/vnd.ms-excel and application/msexcel. However CFFILE determines MIME type via the file extension, which isn't exactly hackproof. If you allow file renaming after upload some clown can upload any file type as an allowed file type, then rename it as part of some nefarious scheme. No idea how to fix that... -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212477 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
