nothing special, in the windows folder just renamed myfile.xls to
myfile.jpg
Also, Keith, the guy who did the preso on cfimage just sent me this
email.
Here is the code I have been using on dev for a while:
if(isImageFile(form.upload1)){
//image processing stuff
msg = 'Image uploaded';
img = imageRead(form.upload1); //where upload1 is the name of
your file input
imageWrite(img,imgFileName); //imgFileName would contain the new
name for the image
fileDelete(form.upload1);
}else{
msg = 'not a supported image type';
fileDelete(form.upload1);
}
Works great on our install… returns true if it is a supported image
type and false if not. The file inputs contain the address of the .tmp
file once uploaded… however it is possible that there is some black
box magic involved and a direct call to the file would not work. I’ll
have to play with that. No need to cffile anything before you know it
is valid.
On Jul 31, 10:32 am, "Mark Davis" <[email protected]> wrote:
> Mike,
>
> I have been hammering this out this morning. I am trying to test the
> scenario where someone takes a file (such as excel or exe or something) and
> saves it as an image file.
>
> Every time I try this, the try/catch around my upload takes over due to
> violating the "accept" list. I can't even get to the IsImageFile() check.
> Even if I take a file, change the extension and how it is saved (Save as
> type...), it won't get past the try catch. How did you get yours to do
> that?
>
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf
>
> Of Mike G
> Sent: Friday, July 31, 2009 5:19 AM
> To: [email protected]
> Subject: [houcfug] Re: cfcatch question
>
> Did a ton of testing and here is what I found out.
>
> first, I did all this on a CF8 server on Win2K3; both in standard and
> enterprise (J2EE install on Jrun)
>
> Regular Expressions. geez.
> the flavor of regex for cfinput is different than the flavor for the RE
> functions.
> Regex server side does not work on input type = file, even though it works
> on input type=text Regex client side works for both types of fields.
>
> The webserver takes the upload and saves it to a temp file on the server
> before it hands it off to CF, so bad files will make it to the server, but
> with a random name (neotempnnnnn where n is a number) with a .tmp file
> extension; and it is outside of the webroot. On standard it ended up in
> ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\
> in enterprise J2EE install it ended up in
> jrun4\servers\[instance]\SERVER-INF\temp\cfusion-war-tmp\ but either way it
> disappeared pretty quickly.
>
> using isImageFile() on the temp file is always no, must use the file
> extension to evaluate it for a first check.
>
> So, you then use cffile to deal with the temp file, pretty much no choice.
> If you use the accept attribute, you can list the acceptable mime types, or
> if you are not picky about the kind of images you get, you can use image/*;
> both work. If you wrap the cffile call in a try catch, it does appear to
> use the mime-type to validate your file. But it just appears to use the
> mime-type. I renamed an excel spreadsheet to .jpg and uploaded it. It
> passed the try/catch test, but the
> isImageFile() test reported a no.
>
> So, it looks like the best you can do is check on the client with a regex,
> wrap the cffile in a try/catch and in the try/catch block evaluate the image
> with isImageFile(). And not worry about the .tmp file cuz CF takes care of
> that for you.
>
> I built the world's ugliest test page, which you can try out for yourself
> and even download the code (Just rename the .txt to .cfm and create a folder
> called temp at the same level as the file).
>
> http://www.frog-splat.com/uploadtester.cfmis where it is
>
> And, yes, I know the regex is horrid, but it works.
>
> Think I am gonna make a pot of coffee and kick the hen house to wake up the
> rooster! Turn about is fair play.
>
> My next question is, where is the isExcelFile() function - sigh- Hide quoted
> text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Houston ColdFusion
Users' Group" discussion list.
To unsubscribe, send email to [email protected]
For more options, visit http://groups.google.com/group/houcfug?hl=en
-~----------~----~----~----~------~----~------~--~---
