@J Lucido Thanks for the tip. I didn't bother with "accept" because I understand the mimetype can be spoofed by the client. I seem to have found a working solution though. When I upload the file, I still rename it to "something.tmp" to avoid any funky filenames submitted by the user. I then immediately attempt to read it into ImageNew(pathname) within a try-catch. Whether it passes or not, I immediately delete the temp file. ImageNew() doesn't care about my ".tmp" extension. If the file is really an image, it works, and I proceed to convert my cfimage object into blob for the database. If it fails, then I handle it accordingly.
On Thursday, January 17, 2013 9:44:46 AM UTC-5, J.Lucido wrote: > I may not fully understand what it is you are asking for but did you > consider using the "accept" attribute of cffile for a file upload to match > the mime-type of the allowed file types? Thus, if you only allow JPEG, GIF > and PNG images if someone uploads a XLS file it will be kicked back since > the file mime-type does not match your allowed list of acceptable types. > -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en
