Mike-- You are awesome. That is all.
-CPC On Fri, Jul 31, 2009 at 5:18 AM, Mike G <[email protected]> wrote: > > Did a ton of testing and here is what I found out. > > first, I did all this on a CF8 server on Win2K3; both in standard and > enterprise (J2EE install on Jrun) > > Regular Expressions. geez. > the flavor of regex for cfinput is different than the flavor for the > RE functions. > Regex server side does not work on input type = file, even though it > works on input type=text > Regex client side works for both types of fields. > > The webserver takes the upload and saves it to a temp file on the > server before it hands it off to CF, so bad files will make it to the > server, but with a random name (neotempnnnnn where n is a number) with > a .tmp file extension; and it is outside of the webroot. On standard > it ended up in > ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\ > in enterprise J2EE install it ended up in > jrun4\servers\[instance]\SERVER-INF\temp\cfusion-war-tmp\ but either > way it disappeared pretty quickly. > > using isImageFile() on the temp file is always no, must use the file > extension to evaluate it for a first check. > > So, you then use cffile to deal with the temp file, pretty much no > choice. If you use the accept attribute, you can list the acceptable > mime types, or if you are not picky about the kind of images you get, > you can use image/*; both work. If you wrap the cffile call in a try > catch, it does appear to use the mime-type to validate your file. But > it just appears to use the mime-type. I renamed an excel spreadsheet > to .jpg and uploaded it. It passed the try/catch test, but the > isImageFile() test reported a no. > > So, it looks like the best you can do is check on the client with a > regex, wrap the cffile in a try/catch and in the try/catch block > evaluate the image with isImageFile(). And not worry about the .tmp > file cuz CF takes care of that for you. > > I built the world's ugliest test page, which you can try out for > yourself and even download the code (Just rename the .txt to .cfm and > create a folder called temp at the same level as the file). > > http://www.frog-splat.com/uploadtester.cfm is where it is > > And, yes, I know the regex is horrid, but it works. > > Think I am gonna make a pot of coffee and kick the hen house to wake > up the rooster! Turn about is fair play. > > My next question is, where is the isExcelFile() function - sigh > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
