>> My question is, why do I have to go to a temp file first You don't. It is just a good idea to upload and manipulate your files away from it's final destination.
>>and does the code I'm using below result in the upload being secure It all depend on the security of the files final destination. If the destination dir is secure, the file is secure (In theory). >> Also, how do I deal with naming conflicts. You have to check and see if a file of the same name exists i.e. fileexists(). If it does you will need to rename the uploaded file or it will over write the original. On Fri, Feb 29, 2008 at 9:43 AM, Mark Fuqua <[EMAIL PROTECTED]> wrote: > Good Morning, > > I have been working with cffile for the first time and in the process, > read > several places that you should upload files to a temp location outside > your > webroot for security reasons. My original problem was with trying to > eliminate spaces from file names...so now this is the process I'm > using...upload to a temp file, remove spaces and replace with _ then move > the file to final location(code below) > > My question is, why do I have to go to a temp file first and does the code > I'm using below result in the upload being secure in it's final > version/location? > > Also, how do I deal with naming conflicts...does move allow for the same > options as upload...rename, overwrite ect.? It doesn't seem to allow for > a > result struc. [I actually figured this one out...running fileExists before > move.] > > Thanks for the help, just trying to make sure i'm not doing something > really > stupid. > > Mark > > > > > <!---Query for job folder name---> > <cfquery name="jobfolder" datasource="#Application.dbDSN#"> > select jobfoldername > from jobs > where jobId = #session.jobId# > </cfquery> > > > > > <cfoutput> > <cffile action = "upload" > fileField = "FileToUpload" > destination = "c:/temp" > accept = "image/pjpeg, image/jpg, application/pdf" > nameConflict = "MakeUnique" > result="result"> > > > <cfdump var="#result#"> > > > > > <cfset NoSpaceServerFileName = reReplace( > Result.ServerFileName, "\s+","_", > "all")> > > > <cffile action="rename" > source="c:\temp\#Result.serverFileName#.pdf" > destination="C:\temp\#NoSpaceServerFileName#.pdf"> > > <cffile action="move" > source="C:\temp\#NoSpaceServerFileName#.pdf" > > destination="C:\cfusionmx7\wwwroot\pyramidhomeworks\JobAdmin\JobFiles\#jobFo > lder.jobFolderName#\#NoSpaceServerFileName#.pdf" result="moveresult"> > <br /><cfdump var="#jobFolder#"> > > > > > </cfoutput> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:300180 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
