Solved

Document upload restrictions with CFFILE

Posted on 2004-09-16
9
251 Views
Last Modified: 2013-12-24
I am finishing up a document management system and want to add restrictions to what a user can upload to the server.  I have a couple questions that I need to figure out...

1.  What would be a list of file extensions that I would want to exclude?

2.  Is there a way to check for these "bad" extensions on the client side and display a popup before the form is submitted?      (Any javascript code out there?)

3.  Is there an attribute in CFFILE for doing this on the server side?  I can't seem to remember.  Or is there another way to do the server side check.

4.  On a slightly different note... should I be doing a check for the size of the file before it is uploaded and can I set a file size limit anywhere?

Thanks for any input!

Tim
0
Comment
Question by:Ike23
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 21

Expert Comment

by:pinaldave
ID: 12079850
Hi Ike23,
i am using free custom tag for doing this which is known as iaupload i found this from the site of the marcromedia...
the file which I upload is like this....

        <CF_IAUpload FILE=form.uploadImage UPLOADDIR="#admin.path#\include\images" RENAME="#dateformat(variables.timenow,"mmddyyyy")#_#timeformat(variables.timenow,"hhmmss")#" ALLOWEDMIME="image/pjpeg,image/jpeg,image/gif,application/x-shockwave-flash,application/zip,application/x-zip-compressed,image/png,image/x-png,application/postscript" FILESIZEMAX="9000000">

answers to your questions....

1.  What would be a list of file extensions that I would want to exclude?

you can specify mime types for uploads..

2.  Is there a way to check for these "bad" extensions on the client side and display a popup before the form is submitted?      (Any javascript code out there?)

CRC check... i do not know how to go about them...

3.  Is there an attribute in CFFILE for doing this on the server side?  I can't seem to remember.  Or is there another way to do the server side check.


CRC check... i do not know how to go about them... i am not aware of ...

4.  On a slightly different note... should I be doing a check for the size of the file before it is uploaded and can I set a file size limit anywhere?

you can use maxfilesize as specified in the code...

you can retrive them from this code....from your directory

<cfloop query="getattach">
                                                                    <cfloop index = "ListElement" list = "gif,jpg,jpeg,png,zip,swf,ai">
                                                                        <cfdirectory
                                                                         action = "list"
                                                                         directory = "#admin.path#\include\images\"
                                                                         name = "getFileName"
                                                                         filter = "#trim(getattach.filename)#.#ListElement#">
                                                                         

Regards,
---Pinal
0
 
LVL 4

Author Comment

by:Ike23
ID: 12080652
I have a form that is working already for my uploads and I need a list of extensions to exclude not extensions to include.  This looks like a cool tag but isn't what I'm looking for.  I maybe need the javascript code to check on the client side and then I guess I can just do a <cfif> on the server side and catch any bad extensions that way.  I'm not sure that you can check the file size on the client side before it is sent to the server but that would be really cool.

T
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 12081033
with client side you could write some js to check if the last 3 characters of the file are not 'exe' or 'com' or whatever you want to exclude..

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 17

Expert Comment

by:anandkp
ID: 12081564
Refer this code : http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20663901.html

1. The list of extensions wld depend on what u want users to upload
2. client side checks - http://javascript.internet.com/forms/upload-filter.html
3. with CFFILE - u can use <CFFILE ACTION="UPLOAD" FILEFIELD="New_FieldName" DESTINATION="#FilePath#" NAMECONFLICT="MakeUnique" ACCEPT="image/jpg">
Note the accept attribute ... that does the job for u
4. File size can be checked using ... <CFIF FILE.FileSize LT 30><!--- Size chk --->              

lemme know ...

K'Rgds
Anand
0
 
LVL 4

Author Comment

by:Ike23
ID: 12148105
Any example of how to use javascript to write the check?
0
 
LVL 17

Expert Comment

by:anandkp
ID: 12169648
from above :
2. client side checks - http://javascript.internet.com/forms/upload-filter.html
0
 
LVL 4

Author Comment

by:Ike23
ID: 12301062
I want to allow any files to be uploaded except for files that end in a certain extension.  This is the other way around where I would have to make a list of files I want to upload.  I already have the list of files I want to prevent.  Is there any way to do a client and server side check to make sure the file's extension is NOT in the list of "bad" file names?
0
 
LVL 21

Accepted Solution

by:
pinaldave earned 350 total points
ID: 12457722
well what you can do is this... on server side.... but you have to uplaod the file first first and then after you can just ignore it.
like this :
1) client file
2) temp storage
3) final destination

1) upload the files from the clients side ( any file)
2) in the temp storage check the entention like listlast( finename, '.') which will give you extention of the file.
Now use listcontains to know if this is in your "bad" file list extention or not... if it is there then do not move it to final destination and delete it.

Btw, you can do it without temp storage and do all of the above in final area but this is for extra security.
Regards,
---Pinal
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question