aw, shucks. t'wernt nothin that any of y'all couldn't of done with a house and european trance blasting in your headphones.
On Jul 31, 8:42 am, "Mark Davis" <[email protected]> wrote: > Mike...you are clearly the man > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > > Of Mike G > Sent: Friday, July 31, 2009 5:19 AM > To: [email protected] > Subject: [houcfug] Re: cfcatch question > > Did a ton of testing and here is what I found out. > > first, I did all this on a CF8 server on Win2K3; both in standard and > enterprise (J2EE install on Jrun) > > Regular Expressions. geez. > the flavor of regex for cfinput is different than the flavor for the RE > functions. > Regex server side does not work on input type = file, even though it works > on input type=text Regex client side works for both types of fields. > > The webserver takes the upload and saves it to a temp file on the server > before it hands it off to CF, so bad files will make it to the server, but > with a random name (neotempnnnnn where n is a number) with a .tmp file > extension; and it is outside of the webroot. On standard it ended up in > ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\ > in enterprise J2EE install it ended up in > jrun4\servers\[instance]\SERVER-INF\temp\cfusion-war-tmp\ but either way it > disappeared pretty quickly. > > using isImageFile() on the temp file is always no, must use the file > extension to evaluate it for a first check. > > So, you then use cffile to deal with the temp file, pretty much no choice. > If you use the accept attribute, you can list the acceptable mime types, or > if you are not picky about the kind of images you get, you can use image/*; > both work. If you wrap the cffile call in a try catch, it does appear to > use the mime-type to validate your file. But it just appears to use the > mime-type. I renamed an excel spreadsheet to .jpg and uploaded it. It > passed the try/catch test, but the > isImageFile() test reported a no. > > So, it looks like the best you can do is check on the client with a regex, > wrap the cffile in a try/catch and in the try/catch block evaluate the image > with isImageFile(). And not worry about the .tmp file cuz CF takes care of > that for you. > > I built the world's ugliest test page, which you can try out for yourself > and even download the code (Just rename the .txt to .cfm and create a folder > called temp at the same level as the file). > > http://www.frog-splat.com/uploadtester.cfmis where it is > > And, yes, I know the regex is horrid, but it works. > > Think I am gonna make a pot of coffee and kick the hen house to wake up the > rooster! Turn about is fair play. > > My next question is, where is the isExcelFile() function - sigh- Hide quoted > text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
