Skip to main content

ColdFusion 10: CFFILE Restricting file types to upload

In ColdFusion 10, one can restrict the type of file being uploaded to the server when using CFFILE to upload the files. The new attribute accept allows the user to specify various MIME types or extensions of the file that can be accepted by the server. If the user tries to upload a file with a .txt extension but it contains xml data (application/xml MIME type) then the server would accept or throw an exception based on the value specified for the strict attribute. 'strict' is a boolean attribute added to the CFFILE tag. By default it is true and therefore wouldn't allow the user to upload a file whose contents are of different MIME type. When the strict attribute is set to false it would allow the user to upload a file irrespective of its content. However, an error would be thrown if the extension of the file doesn't match the ones specified in the accept attribute.


Rules:
  1. When strict is true, only MIME types or a combination of MIME types and extensions are allowed in the accept attribute. Since strict is true by default, one should specify MIME types for the accept attribute.
  2. When strict is false, either MIME types or extensions or a combination of both can be specified as a value to the accept attribute.

Example:

<!--- Create a directory where files would be uploaded ---> <cfif not directoryExists(expandPath("./uploadDirectory"))> <cfset directoryCreate(expandPath("./uploadDirectory"))> </cfif> <cfif isDefined("form.myFile")> <cftry> <!--- A valid MIME type must be specified as a value for accept attribute when strict=true. By default strict is true. ---> <cffile action="upload" destination="#expandPath("./uploadDirectory")#" accept="text/plain" filefield="form.myFile" nameconflict="overwrite" strict="true"> File uploaded successfully. <cfcatch type="Any"> <!--- If the text file contains data of a different mime type; ex: application/xml, then an error is thrown. ---> Problem uploading file: <br/> Error message - <cfoutput>#cfcatch.message#</cfoutput> <br/> Error detail - <cfoutput>#cfcatch.detail#</cfoutput> <br/> </cfcatch> </cftry> <cfelse> <cfform method="post" enctype="multipart/form-data"> <cfinput name="myFile" type="file"> <cfinput name="submitBtn" type="submit"> </cfform> </cfif>

When specifying extensions, the . prefix is required i.e. .TXT,.XML etc,. To accept all file types one can specify the wild card '*'.

fileGetMimeType

A new function fileGetMimeType has been added to determine the MIME type of the file:

<cfscript> //if test.txt contains xml data then the MIME type would be application/xml writeOutput(fileGetMimeType(expandPath("test.txt")) & "<br />"); //when strict=false, this would output text/plain writeOutput(fileGetMimeType(expandPath("test.txt"),false) & "<br />"); //try with the file object myFile = fileOpen(expandPath("test.txt")); writeOutput(fileGetMimeType(myFile,false) & "<br />"); </cfscript>

The first argument to fileGetMimeType function can be a path to a file or a file object. The second argument - 'strict' is an optional argument. By default it's value is true. When strict is true this function would return the mimetype after examining the content of the file. When it is set to false, it would just examine the file extension and return the mimetype.

Comments

  1. George BridgemanJune 26, 2013 at 9:19 PM

    Hi Sagar,

    The fact that this attribute isn't in the documentation, yet defaults to true, is completely unacceptable. We can't use strict="false" either, because then CF9 throws an exception due to the unknown attribute. We currently use accept="image/*", which won't work with the default behaviour of CF10, and our app needs to be backward compatible with CF9. I've had to remove the accept attribute altogether, which is far from ideal.

    You're not helping the people who matter most (Developers) by not maintaining documentation. Get your act together!



    George.

    ReplyDelete
  2. George, I'm not with Adobe now. However, I'm not going to make this as an excuse. I can connect you with Sr. Eng manager and he should be able to help you. Please message me your email id.

    ReplyDelete

Post a Comment

Popular posts from this blog

De-obfuscating javascript code in Chrome Developer Tools

I had blogged about JavaScript debugging with Chrome Developer Tools some time back, wherein I have explained how these developer tools can help in debugging javascript code. Today Google Chrome 12 was released and my Chrome browser was updated to this version. As with every release, there have been some improvements made on performance, usability etc,. One feature that stood out for me is the ability to De-obfuscate the javascript code.

What is Minification?

Minification is the process of removing unnecessary characters such as white spaces, comments, new lines from the source code. These otherwise would be added to make the code more readable. Minifying the source code helps in reducing the file size and thereby reducing the time taken to download the file. This is the reason why most of the popular javascript libraries such as jQuery are minified. A minified jQuery file is of 31 KB in size where as an uncompressed one is about 229 KB. Unfortunately, debugging minified javascript file…

Adding beforeRender and afterRender functions to a Backbone View

I was working on a Backbone application that updated the DOM when a response was received from the server. In a Backbone View, the initialize method would perform some operations and then call the render method to update the view. This worked fine, however there was scenario where in I wanted to perform some tasks before and after rendering the view. This can be considered as firing an event before and after the function had completed its execution. I found a very simple way to do this with Underscore's wrap method.

A cheat sheet of keyboard shortcuts in ColdFusion Builder

In my last post I have explained about keyboard shortcuts in ColdFusion Builder 2.0. This blog post contains a list of all shortcut keys and I have listed these keyboard shortcuts based on the categories that it falls into. Well, this post was not planned since users can easily get to know the keyboard shortcuts by navigating to the preferences (ColdFusion -> Profiles -> Keys). However, I met Joshua at Scotch on the rocks in Edinburgh and he suggested that it would be nice to have the list of keyboard shortcuts handy. So this post is for those who would like to have the list with them and refer it whenever required.


Keyboard shortcuts for inserting text:

These are the keyboard shortcuts which are used to insert some text into the editor:

CommandKeyboard shortcuts on WindowsKeyboard shortcuts on MacInsert anchor tagCTRL + T, LCMD + T, LInsert bold tagCTRL + T, BCMD + T, BInsert br tagCTRL + T, RCMD + T, RInsert cfabortCTRL + T, ACMD + T, AInsert cfdumpCTRL + T, DCMD + T, DInsert cfs…