Document upload restrictions with CFFILE

I am finishing up a document management system and want to add restrictions to what a user can upload to the server.  I have a couple questions that I need to figure out...

1.  What would be a list of file extensions that I would want to exclude?

2.  Is there a way to check for these "bad" extensions on the client side and display a popup before the form is submitted?      (Any javascript code out there?)

3.  Is there an attribute in CFFILE for doing this on the server side?  I can't seem to remember.  Or is there another way to do the server side check.

4.  On a slightly different note... should I be doing a check for the size of the file before it is uploaded and can I set a file size limit anywhere?

Thanks for any input!

Tim
LVL 4
Ike23Asked:
Who is Participating?
 
pinaldaveConnect With a Mentor Commented:
well what you can do is this... on server side.... but you have to uplaod the file first first and then after you can just ignore it.
like this :
1) client file
2) temp storage
3) final destination

1) upload the files from the clients side ( any file)
2) in the temp storage check the entention like listlast( finename, '.') which will give you extention of the file.
Now use listcontains to know if this is in your "bad" file list extention or not... if it is there then do not move it to final destination and delete it.

Btw, you can do it without temp storage and do all of the above in final area but this is for extra security.
Regards,
---Pinal
0
 
pinaldaveCommented:
Hi Ike23,
i am using free custom tag for doing this which is known as iaupload i found this from the site of the marcromedia...
the file which I upload is like this....

        <CF_IAUpload FILE=form.uploadImage UPLOADDIR="#admin.path#\include\images" RENAME="#dateformat(variables.timenow,"mmddyyyy")#_#timeformat(variables.timenow,"hhmmss")#" ALLOWEDMIME="image/pjpeg,image/jpeg,image/gif,application/x-shockwave-flash,application/zip,application/x-zip-compressed,image/png,image/x-png,application/postscript" FILESIZEMAX="9000000">

answers to your questions....

1.  What would be a list of file extensions that I would want to exclude?

you can specify mime types for uploads..

2.  Is there a way to check for these "bad" extensions on the client side and display a popup before the form is submitted?      (Any javascript code out there?)

CRC check... i do not know how to go about them...

3.  Is there an attribute in CFFILE for doing this on the server side?  I can't seem to remember.  Or is there another way to do the server side check.


CRC check... i do not know how to go about them... i am not aware of ...

4.  On a slightly different note... should I be doing a check for the size of the file before it is uploaded and can I set a file size limit anywhere?

you can use maxfilesize as specified in the code...

you can retrive them from this code....from your directory

<cfloop query="getattach">
                                                                    <cfloop index = "ListElement" list = "gif,jpg,jpeg,png,zip,swf,ai">
                                                                        <cfdirectory
                                                                         action = "list"
                                                                         directory = "#admin.path#\include\images\"
                                                                         name = "getFileName"
                                                                         filter = "#trim(getattach.filename)#.#ListElement#">
                                                                         

Regards,
---Pinal
0
 
Ike23Author Commented:
I have a form that is working already for my uploads and I need a list of extensions to exclude not extensions to include.  This looks like a cool tag but isn't what I'm looking for.  I maybe need the javascript code to check on the client side and then I guess I can just do a <cfif> on the server side and catch any bad extensions that way.  I'm not sure that you can check the file size on the client side before it is sent to the server but that would be really cool.

T
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
Tacobell777Commented:
with client side you could write some js to check if the last 3 characters of the file are not 'exe' or 'com' or whatever you want to exclude..

0
 
anandkpCommented:
Refer this code : http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20663901.html

1. The list of extensions wld depend on what u want users to upload
2. client side checks - http://javascript.internet.com/forms/upload-filter.html
3. with CFFILE - u can use <CFFILE ACTION="UPLOAD" FILEFIELD="New_FieldName" DESTINATION="#FilePath#" NAMECONFLICT="MakeUnique" ACCEPT="image/jpg">
Note the accept attribute ... that does the job for u
4. File size can be checked using ... <CFIF FILE.FileSize LT 30><!--- Size chk --->              

lemme know ...

K'Rgds
Anand
0
 
Ike23Author Commented:
Any example of how to use javascript to write the check?
0
 
anandkpCommented:
from above :
2. client side checks - http://javascript.internet.com/forms/upload-filter.html
0
 
Ike23Author Commented:
I want to allow any files to be uploaded except for files that end in a certain extension.  This is the other way around where I would have to make a list of files I want to upload.  I already have the list of files I want to prevent.  Is there any way to do a client and server side check to make sure the file's extension is NOT in the list of "bad" file names?
0
All Courses

From novice to tech pro — start learning today.