Skip to main content

ColdFusion 10: CFFILE - Specifying file content in the tag body

Prior to ColdFusion 10, to write or append to a file one had to specify the file content in the output attribute of CFFILE tag. In ColdFusion 10, you can specify the file content in the body of the cffile tag. In cases where the file content is specified in body as well as in the output attribute, the output attribute would be ignored.

Example:

<!--- output attribute will be ignored here ---> <cffile action="write" file="#expandPath("./files/employees.txt")#" output="cffile content"> <?xml version='1.0' encoding='UTF-8'?> <employees> <id = "1"> <firstname>Sagar</firstname> <lastname>Ganatra</lastname> </id> </employees> </cffile>


As observed, the output attribute would be ignored when the file content is specified in the tag body. The above example is also applicable when the action attribute is set to append. This enhancement makes it easy to write any data to a file without having to use the CFSAVECONTENT tag and a temporary variable.

Another important thing to note here is that the output attribute is now optional when action is write\append. However, it is a mandatory attribute when the closing CFFILE tag is not specified:


<!--- Output attribute is mandatory when the closing tag is not specified ---> <cffile action="write" file="#expandPath("./files/employees.txt")#" output="No body" >

Labels:

Comments

  1. rolandMarch 2, 2012 at 3:19 AM

    This is certainly a nice enhancement, however, does it actually validate that the *content* of the file matches the mim type, or is it simply checking the value of the mime-type header that is sent by the client?  Simply checking the value of the mime-type header without validating the content of the file doesn't really add much security, since it's easy to fake that header.

    ReplyDelete
  2. Sagar GanatraMarch 2, 2012 at 9:13 AM

    @ec42b1f555169f2e36a71b3bf2249187 did you see this post: 
    http://www.sagarganatra.com/2012/03/coldfusion-10-cffile-restricting-file.html. Now you can validate the content when you upload a file to the server.

    ReplyDelete

Post a Comment

Popular posts from this blog

File upload and Progress events with HTML5 XmlHttpRequest Level 2

The XmlHttpRequest Level 2 specification adds several enhancements to the XmlHttpRequest object. Last week I had blogged about cross-origin-requests and how it is different from Flash\Silverlight's approach .  With Level 2 specification one can upload the file to the server by passing the file object to the send method. In this post I'll try to explore uploading file using XmlHttpRequest 2 in conjunction with the progress events. I'll also provide a description on the new HTML5 tag -  progress which can be updated while the file is being uploaded to the server. And of course, some ColdFusion code that will show how the file is accepted and stored on the server directory.
18 comments
Read more

Server sent events with HTML5 and ColdFusion

There are several ways to interact with the server apart from the traditional request\response and refresh all protocol. They are polling, long polling, Ajax and Websockets ( pusherapp ). Of all these Ajax and Websockets have been very popular. There is another way to interact with the server such that the server can send notifications to the client using Server Sent Events (SSE) . SSE is a part of HTML5 spec:  http://dev.w3.org/html5/eventsource/
19 comments
Read more

Adding beforeRender and afterRender functions to a Backbone View

I was working on a Backbone application that updated the DOM when a response was received from the server. In a Backbone View, the initialize method would perform some operations and then call the render method to update the view. This worked fine, however there was scenario where in I wanted to perform some tasks before and after rendering the view. This can be considered as firing an event before and after the function had completed its execution. I found a very simple way to do this with Underscore's wrap method.
Post a Comment
Read more