Wow, after staring at the code scratching my head for a few minutes I
finally think I get the concept of what you are doing.
Basically this is taking the filename and loading the image via a file://url
from the local filesystem into a frame and getting all of the relevant data
and passing it back to the original page with javascript. This is a really
cool idea.
Without testing the code out, is this not a huge security problem? I'm
thinking that as long as the browser is can handle the mime type that it
would be possible to grab almost any file from the users hd using the same
concept with a few modifications.
jon
----- Original Message -----
From: "Massimo Foti" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, October 25, 2001 4:31 PM
Subject: Re: Checking file size before upload.
<snip>
>
> It's feasible, even if it's quite an hack. It works only on IE and NN 6,
no
> NN 4. It doesn't works on the Mac either (but fails silentely in both
> cases). I made a Dreamweaver behavior for this, below is a sample code,
hope
> OE will not do bad things with it:
>
> <html>
> <head>
> <title>Check File Upload</title>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> <script language="JavaScript">
> <!--
> function MM_findObj(n, d) { //v4.01
> var p,i,x; if(!d) d=document;
> if((p=n.indexOf("?"))>0&&parent.frames.length) {
> d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
> if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
> x=d.forms[i][n];
> for(i=0;!x&&d.layers&&i<d.layers.length;i++)
> x=MM_findObj(n,d.layers[i].document);
> if(!x && d.getElementById) x=d.getElementById(n); return x;
> }
>
> function tmt_checkImgObj(){//v2.0
> var errorMsg="";
> if(this.maxS!=""&&this.fileSize/1000>this.maxS){
> errorMsg+="Maximum size for images is: "+this.maxS+" kilobytes \n";}
> if(this.minS!=""&&this.fileSize/1000<this.minS){
> errorMsg+="Minimum size for images is: "+this.minS+" kilobytes \n";}
> if(this.maxW!=""&&this.width>this.maxW){
> errorMsg+="Maximum width allowed for images is: "+this.maxW+" pixels
\n";}
> if(this.minW!=""&&this.width<this.minW){
> errorMsg+="Minimum width allowed for images is: "+this.minW+" pixels
\n";}
> if(this.maxH!=""&&this.height>this.maxH){
> errorMsg+="Maximum height allowed for images is: "+this.maxH+" pixels
> \n";}
> if(this.minH!=""&&this.height<this.minH){
> errorMsg+="Minimum height allowed for images is: "+this.minH+" pixels
> \n";}
> if(errorMsg==""){
> if(this.fW){var fW=MM_findObj(this.fW);if(fW){fW.value=this.width;}}
> if(this.fH){var fH=MM_findObj(this.fH);if(fH){fH.value=this.height;}}}
> else{alert(errorMsg);}document.MM_returnValue=(errorMsg=="");
> }
>
> function
>
tmt_createImgObj(imgURL,loadHandler,minW,maxW,minH,maxH,minS,maxS,fW,fH){//v
> 2.0
> document.MM_returnValue=false; var img=new
> Image();img.minW=minW;img.maxW=maxW;img.minH=minH;img.maxH=maxH;
>
>
img.fW=fW;img.fH=fH;img.minS=minS;img.maxS=maxS;img.onload=loadHandler;img.s
> rc=imgURL;
> }
>
> function
> tmt_CheckImg(formElement,minW,maxW,minH,maxH,minS,maxS,mime,fW,fH){//v2.0
> document.MM_returnValue=true;if(document.getElementById){var
> obj=MM_findObj(formElement);
> var f=obj.form.name;if(obj&&f){var imgRex=new
> RegExp("\\.("+mime+")$","i");if(imgRex.test(obj.value)){
> var
>
imgURL="file:///"+obj.value;tmt_createImgObj(imgURL,tmt_checkImgObj,minW,max
> W,minH,maxH,minS,maxS,fW,fH);
>
>
eval("setTimeout(\"if(document.MM_returnValue){document."+f+".submit()}\",30
> 0)");}
> else{document.MM_returnValue=false;alert("Only "+mime+" files are
> allowed");obj.focus();obj.select();}}}
> }
> //-->
> </script>
> </head>
>
> <body bgcolor="#FFFFFF">
> <form name="form1" enctype="multipart/form-data" method="post" action=""
>
onSubmit="tmt_CheckImg('fileField','100','200','150','250','5','30','jpg|gif
> ','','');return document.MM_returnValue">
> <p>
> <input type="file" name="fileField">
> </p>
> <p>
> <input type="submit" name="Submit" value="Submit">
> </p>
> </form>
> </body>
> </html>
>
>
</snip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
