Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Document upload restrictions with CFFILE

Posted on 2004-09-16
9
Medium Priority
?
260 Views
Last Modified: 2013-12-24
I am finishing up a document management system and want to add restrictions to what a user can upload to the server.  I have a couple questions that I need to figure out...

1.  What would be a list of file extensions that I would want to exclude?

2.  Is there a way to check for these "bad" extensions on the client side and display a popup before the form is submitted?      (Any javascript code out there?)

3.  Is there an attribute in CFFILE for doing this on the server side?  I can't seem to remember.  Or is there another way to do the server side check.

4.  On a slightly different note... should I be doing a check for the size of the file before it is uploaded and can I set a file size limit anywhere?

Thanks for any input!

Tim
0
Comment
Question by:Ike23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 21

Expert Comment

by:pinaldave
ID: 12079850
Hi Ike23,
i am using free custom tag for doing this which is known as iaupload i found this from the site of the marcromedia...
the file which I upload is like this....

        <CF_IAUpload FILE=form.uploadImage UPLOADDIR="#admin.path#\include\images" RENAME="#dateformat(variables.timenow,"mmddyyyy")#_#timeformat(variables.timenow,"hhmmss")#" ALLOWEDMIME="image/pjpeg,image/jpeg,image/gif,application/x-shockwave-flash,application/zip,application/x-zip-compressed,image/png,image/x-png,application/postscript" FILESIZEMAX="9000000">

answers to your questions....

1.  What would be a list of file extensions that I would want to exclude?

you can specify mime types for uploads..

2.  Is there a way to check for these "bad" extensions on the client side and display a popup before the form is submitted?      (Any javascript code out there?)

CRC check... i do not know how to go about them...

3.  Is there an attribute in CFFILE for doing this on the server side?  I can't seem to remember.  Or is there another way to do the server side check.


CRC check... i do not know how to go about them... i am not aware of ...

4.  On a slightly different note... should I be doing a check for the size of the file before it is uploaded and can I set a file size limit anywhere?

you can use maxfilesize as specified in the code...

you can retrive them from this code....from your directory

<cfloop query="getattach">
                                                                    <cfloop index = "ListElement" list = "gif,jpg,jpeg,png,zip,swf,ai">
                                                                        <cfdirectory
                                                                         action = "list"
                                                                         directory = "#admin.path#\include\images\"
                                                                         name = "getFileName"
                                                                         filter = "#trim(getattach.filename)#.#ListElement#">
                                                                         

Regards,
---Pinal
0
 
LVL 4

Author Comment

by:Ike23
ID: 12080652
I have a form that is working already for my uploads and I need a list of extensions to exclude not extensions to include.  This looks like a cool tag but isn't what I'm looking for.  I maybe need the javascript code to check on the client side and then I guess I can just do a <cfif> on the server side and catch any bad extensions that way.  I'm not sure that you can check the file size on the client side before it is sent to the server but that would be really cool.

T
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 12081033
with client side you could write some js to check if the last 3 characters of the file are not 'exe' or 'com' or whatever you want to exclude..

0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 
LVL 17

Expert Comment

by:anandkp
ID: 12081564
Refer this code : http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20663901.html

1. The list of extensions wld depend on what u want users to upload
2. client side checks - http://javascript.internet.com/forms/upload-filter.html
3. with CFFILE - u can use <CFFILE ACTION="UPLOAD" FILEFIELD="New_FieldName" DESTINATION="#FilePath#" NAMECONFLICT="MakeUnique" ACCEPT="image/jpg">
Note the accept attribute ... that does the job for u
4. File size can be checked using ... <CFIF FILE.FileSize LT 30><!--- Size chk --->              

lemme know ...

K'Rgds
Anand
0
 
LVL 4

Author Comment

by:Ike23
ID: 12148105
Any example of how to use javascript to write the check?
0
 
LVL 17

Expert Comment

by:anandkp
ID: 12169648
from above :
2. client side checks - http://javascript.internet.com/forms/upload-filter.html
0
 
LVL 4

Author Comment

by:Ike23
ID: 12301062
I want to allow any files to be uploaded except for files that end in a certain extension.  This is the other way around where I would have to make a list of files I want to upload.  I already have the list of files I want to prevent.  Is there any way to do a client and server side check to make sure the file's extension is NOT in the list of "bad" file names?
0
 
LVL 21

Accepted Solution

by:
pinaldave earned 1400 total points
ID: 12457722
well what you can do is this... on server side.... but you have to uplaod the file first first and then after you can just ignore it.
like this :
1) client file
2) temp storage
3) final destination

1) upload the files from the clients side ( any file)
2) in the temp storage check the entention like listlast( finename, '.') which will give you extention of the file.
Now use listcontains to know if this is in your "bad" file list extention or not... if it is there then do not move it to final destination and delete it.

Btw, you can do it without temp storage and do all of the above in final area but this is for extra security.
Regards,
---Pinal
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question