Mike, I have been hammering this out this morning. I am trying to test the scenario where someone takes a file (such as excel or exe or something) and saves it as an image file.
Every time I try this, the try/catch around my upload takes over due to violating the "accept" list. I can't even get to the IsImageFile() check. Even if I take a file, change the extension and how it is saved (Save as type...), it won't get past the try catch. How did you get yours to do that? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mike G Sent: Friday, July 31, 2009 5:19 AM To: [email protected] Subject: [houcfug] Re: cfcatch question Did a ton of testing and here is what I found out. first, I did all this on a CF8 server on Win2K3; both in standard and enterprise (J2EE install on Jrun) Regular Expressions. geez. the flavor of regex for cfinput is different than the flavor for the RE functions. Regex server side does not work on input type = file, even though it works on input type=text Regex client side works for both types of fields. The webserver takes the upload and saves it to a temp file on the server before it hands it off to CF, so bad files will make it to the server, but with a random name (neotempnnnnn where n is a number) with a .tmp file extension; and it is outside of the webroot. On standard it ended up in ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\ in enterprise J2EE install it ended up in jrun4\servers\[instance]\SERVER-INF\temp\cfusion-war-tmp\ but either way it disappeared pretty quickly. using isImageFile() on the temp file is always no, must use the file extension to evaluate it for a first check. So, you then use cffile to deal with the temp file, pretty much no choice. If you use the accept attribute, you can list the acceptable mime types, or if you are not picky about the kind of images you get, you can use image/*; both work. If you wrap the cffile call in a try catch, it does appear to use the mime-type to validate your file. But it just appears to use the mime-type. I renamed an excel spreadsheet to .jpg and uploaded it. It passed the try/catch test, but the isImageFile() test reported a no. So, it looks like the best you can do is check on the client with a regex, wrap the cffile in a try/catch and in the try/catch block evaluate the image with isImageFile(). And not worry about the .tmp file cuz CF takes care of that for you. I built the world's ugliest test page, which you can try out for yourself and even download the code (Just rename the .txt to .cfm and create a folder called temp at the same level as the file). http://www.frog-splat.com/uploadtester.cfm is where it is And, yes, I know the regex is horrid, but it works. Think I am gonna make a pot of coffee and kick the hen house to wake up the rooster! Turn about is fair play. My next question is, where is the isExcelFile() function - sigh --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
