Dave, it would appear that CF is aware of the true file type of an uploaded
file in spite of any file extension renaming. By way of a quick test I took
a JPG and renamed it to .MP3 and uploaded it. file.contenttype and
contentsubtype reflected the fact that the file was indeed an image/pjpeg
and not audio/mpeg. I'm not sure where the examination takes place, though I
would guess that the browser passes the content type as I have had trouble
in the past with files uploaded from Macs not having a content type at all
and therefore causing CFFILE to fail when the 'accept' attribute is used.
Steve
> -----Original Message-----
> From: Dave Watts [mailto:[EMAIL PROTECTED]]
> Sent: 09 May 2001 14:32
> To: CF-Talk
> Subject: RE: cffile vars
>
>
> > CFFile.ContentType and CFFile.ContentSubType - are they
> > reliable enough? I allow people to upload gif/jpg to one of
> > my sites, and ONLY jpg/gif but I bet some of them will try
> > to rename a .mp3 file into .gif or something. Can I use this
> > to filter other formats, rather then images?
>
> CF isn't going to examine the actual file content - it wouldn't know how!
> So, if someone renames an .mp3 file with a .jpg extension, for all intents
> and purposes, it's now a .jpg file, both to the uploading browser and to
> your server.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> voice: (202) 797-5496
> fax: (202) 797-5444
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
