Actually, I was just responding to someone's request on the cf-newbie list for a way to upload an entire directory at once.
I thought perhaps there was a way to auto-fill with a cfdirectory-generated list and corresponding fields for each file that would be pre-filled, then all the user would have to do is hit the submit button to upload all the files in the fields. Just trying to avoid each file being selected individually for the user. However, I could certainly use this feature in my real estate apps. Sometimes clients want to load 20 photos or more of a property and they complain about having to select each photo individually. I've used javascript to create an "Add another file upload field" function that clones the filefields and prevents the user from having to submit one file at a time, but they still have to select each file using "Browse". At this point, I don't see how pre-filling the fields with values that the user is placing there is a security risk. I'm sure in some way that I'm not familiar with the function could be abused. It just seems like with some limitations placed on a "group file upload", such as no hidden fields allowed, etc, that the function could be brought into use without security risks. The name of the file (which is often obscured in the filefields without working to view the filename) could be placed above the filefields when they are generated to assure the user of what's being uploaded. There are javascript solutions for this, so why can't CF have one that doesn't pose a security risk, if the javascript solutions don't? Rick > -----Original Message----- > From: Dan Vega [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 28, 2008 2:01 PM > To: CF-Talk > Subject: Re: Pre-filling FileField Values > > I would be interested in your use case for this. As everyone has already > pointed out this is a huge security risk but even from a user standpoint it > doesn't make sense to me why you would want to do this? > > > Thank You > Dan Vega > [EMAIL PROTECTED] > http://www.danvega.org > > > On Thu, Aug 28, 2008 at 1:46 PM, Claude Schneegans < > [EMAIL PROTECTED]> wrote: > > > >>and all they would need > > to do was submit the form. > > > > Not even, this could be done in an onload event ;-) > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311738 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
