Yes but if you understand the problems with that then you would know that a file can be uploaded that is pretending to be a png or whatever it wants to be, and actually be a cfml or any other executable file.
There has been enough discussion on this matter to adhere to the fact that the uploads directory should never, ever be in the webroot or even accessible from the URL. Google it, and you will see what I mean and refer too. fckEditor was a victim of this and as was Adobe and anyone one else who used this exploitation. Regards, Andrew Scott http://www.andyscott.id.au/ > -----Original Message----- > From: Steve Bryant [mailto:st...@bryantwebconsulting.com] > Sent: Wednesday, 5 January 2011 7:38 AM > To: cf-talk > Subject: Re: Beta Tester Wanted for new CF (MVC) Framework > > > Andrew, > > I'll have to ponder that. > > Right now the following XML would create a table with two file fields, one of > which would accept only images and the other would accept only vcard files. > > <table entity="Contact"> > <field name="ContactImage" Label="Image" type="image" > folder="images" /> > <field name="VCard" Label="vCard File" type="file" folder="vcards" > accept="text/x-vcard" extensions="vcf" /> </table> > > This limitation would provide JavaScript checks for any forms using the built- > in form tags and server-side checks for the service component checking both > mime-type and file extension. > > It makes it really easy to limit file types. > > I could probably change the framework a bit so that it also has a built-in set of > mime-types and file extensions to refuse unless they are explicitly allowed in > those attributes. > > Do you think that would be enough to leave off the warning or at least make > it a bit more mild? > > Thanks, > > Steve > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340422 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
