I may not fully understand what it is you are asking for but did you consider using the "accept" attribute of cffile for a file upload to match the mime-type of the allowed file types? Thus, if you only allow JPEG, GIF and PNG images if someone uploads a XLS file it will be kicked back since the file mime-type does not match your allowed list of acceptable types.
http://en.wikipedia.org/wiki/Internet_media_type#Type_image Maybe this will help. Good luck. -JSLucido On Wed, Jan 16, 2013 at 4:23 PM, Matt C <[email protected]> wrote: > I'm looking for an alternative to CF's IsImageFile (which doesn't seem to > be in OpenBD I assume?). GetFileInfo might be able to help, but can > someone tell me if the "type" returned by this function is just based on > the file's extension or if it digs a little deeper to find the type? > > I allow my users to upload a file (supposedly an image) with a form to a > temp, restricted directory on my server so I can check the file before > blobbing it and inserting it into my database. I rename the file as I > upload it to avoid any issues with wierd names, such as (my "funny" > img.jpg) or (../../index.cfm). Since I apparently can't read the filename > BEFORE uploading it, I lose the extension when I rename. I figure that > would not be an issue since I'll just be reading binary data from the file > anyway, except I would like to do SOME kind of check to make sure the file > is really an image. Granted, I may just be being paranoid by renaming the > file before even storing it in a restricted, temporary directory. But I'm > new to "best security practices" and I would really prefer to > overcompensate versus not enough. > > -- > online documentation: http://openbd.org/manual/ > http://groups.google.com/group/openbd?hl=en > -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en
