Solved

Document upload restrictions with CFFILE

Posted on 2004-09-16
9
256 Views
Last Modified: 2013-12-24
I am finishing up a document management system and want to add restrictions to what a user can upload to the server.  I have a couple questions that I need to figure out...

1.  What would be a list of file extensions that I would want to exclude?

2.  Is there a way to check for these "bad" extensions on the client side and display a popup before the form is submitted?      (Any javascript code out there?)

3.  Is there an attribute in CFFILE for doing this on the server side?  I can't seem to remember.  Or is there another way to do the server side check.

4.  On a slightly different note... should I be doing a check for the size of the file before it is uploaded and can I set a file size limit anywhere?

Thanks for any input!

Tim
0
Comment
Question by:Ike23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 21

Expert Comment

by:pinaldave
ID: 12079850
Hi Ike23,
i am using free custom tag for doing this which is known as iaupload i found this from the site of the marcromedia...
the file which I upload is like this....

        <CF_IAUpload FILE=form.uploadImage UPLOADDIR="#admin.path#\include\images" RENAME="#dateformat(variables.timenow,"mmddyyyy")#_#timeformat(variables.timenow,"hhmmss")#" ALLOWEDMIME="image/pjpeg,image/jpeg,image/gif,application/x-shockwave-flash,application/zip,application/x-zip-compressed,image/png,image/x-png,application/postscript" FILESIZEMAX="9000000">

answers to your questions....

1.  What would be a list of file extensions that I would want to exclude?

you can specify mime types for uploads..

2.  Is there a way to check for these "bad" extensions on the client side and display a popup before the form is submitted?      (Any javascript code out there?)

CRC check... i do not know how to go about them...

3.  Is there an attribute in CFFILE for doing this on the server side?  I can't seem to remember.  Or is there another way to do the server side check.


CRC check... i do not know how to go about them... i am not aware of ...

4.  On a slightly different note... should I be doing a check for the size of the file before it is uploaded and can I set a file size limit anywhere?

you can use maxfilesize as specified in the code...

you can retrive them from this code....from your directory

<cfloop query="getattach">
                                                                    <cfloop index = "ListElement" list = "gif,jpg,jpeg,png,zip,swf,ai">
                                                                        <cfdirectory
                                                                         action = "list"
                                                                         directory = "#admin.path#\include\images\"
                                                                         name = "getFileName"
                                                                         filter = "#trim(getattach.filename)#.#ListElement#">
                                                                         

Regards,
---Pinal
0
 
LVL 4

Author Comment

by:Ike23
ID: 12080652
I have a form that is working already for my uploads and I need a list of extensions to exclude not extensions to include.  This looks like a cool tag but isn't what I'm looking for.  I maybe need the javascript code to check on the client side and then I guess I can just do a <cfif> on the server side and catch any bad extensions that way.  I'm not sure that you can check the file size on the client side before it is sent to the server but that would be really cool.

T
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 12081033
with client side you could write some js to check if the last 3 characters of the file are not 'exe' or 'com' or whatever you want to exclude..

0
Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

 
LVL 17

Expert Comment

by:anandkp
ID: 12081564
Refer this code : http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20663901.html

1. The list of extensions wld depend on what u want users to upload
2. client side checks - http://javascript.internet.com/forms/upload-filter.html
3. with CFFILE - u can use <CFFILE ACTION="UPLOAD" FILEFIELD="New_FieldName" DESTINATION="#FilePath#" NAMECONFLICT="MakeUnique" ACCEPT="image/jpg">
Note the accept attribute ... that does the job for u
4. File size can be checked using ... <CFIF FILE.FileSize LT 30><!--- Size chk --->              

lemme know ...

K'Rgds
Anand
0
 
LVL 4

Author Comment

by:Ike23
ID: 12148105
Any example of how to use javascript to write the check?
0
 
LVL 17

Expert Comment

by:anandkp
ID: 12169648
from above :
2. client side checks - http://javascript.internet.com/forms/upload-filter.html
0
 
LVL 4

Author Comment

by:Ike23
ID: 12301062
I want to allow any files to be uploaded except for files that end in a certain extension.  This is the other way around where I would have to make a list of files I want to upload.  I already have the list of files I want to prevent.  Is there any way to do a client and server side check to make sure the file's extension is NOT in the list of "bad" file names?
0
 
LVL 21

Accepted Solution

by:
pinaldave earned 350 total points
ID: 12457722
well what you can do is this... on server side.... but you have to uplaod the file first first and then after you can just ignore it.
like this :
1) client file
2) temp storage
3) final destination

1) upload the files from the clients side ( any file)
2) in the temp storage check the entention like listlast( finename, '.') which will give you extention of the file.
Now use listcontains to know if this is in your "bad" file list extention or not... if it is there then do not move it to final destination and delete it.

Btw, you can do it without temp storage and do all of the above in final area but this is for extra security.
Regards,
---Pinal
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Forbidden errors 5 156
System Analysis 5 67
Windows Server 2102 R2 - IIS 8.5 redirection assistance ? 7 43
IIS Authentication Error 401 16 17
This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question