Skip to main content

ColdFusion 10: CFFILE Restricting file types to upload

In ColdFusion 10, one can restrict the type of file being uploaded to the server when using CFFILE to upload the files. The new attribute accept allows the user to specify various MIME types or extensions of the file that can be accepted by the server. If the user tries to upload a file with a .txt extension but it contains xml data (application/xml MIME type) then the server would accept or throw an exception based on the value specified for the strict attribute. 'strict' is a boolean attribute added to the CFFILE tag. By default it is true and therefore wouldn't allow the user to upload a file whose contents are of different MIME type. When the strict attribute is set to false it would allow the user to upload a file irrespective of its content. However, an error would be thrown if the extension of the file doesn't match the ones specified in the accept attribute.


Rules:
  1. When strict is true, only MIME types or a combination of MIME types and extensions are allowed in the accept attribute. Since strict is true by default, one should specify MIME types for the accept attribute.
  2. When strict is false, either MIME types or extensions or a combination of both can be specified as a value to the accept attribute.

Example:

<!--- Create a directory where files would be uploaded ---> <cfif not directoryExists(expandPath("./uploadDirectory"))> <cfset directoryCreate(expandPath("./uploadDirectory"))> </cfif> <cfif isDefined("form.myFile")> <cftry> <!--- A valid MIME type must be specified as a value for accept attribute when strict=true. By default strict is true. ---> <cffile action="upload" destination="#expandPath("./uploadDirectory")#" accept="text/plain" filefield="form.myFile" nameconflict="overwrite" strict="true"> File uploaded successfully. <cfcatch type="Any"> <!--- If the text file contains data of a different mime type; ex: application/xml, then an error is thrown. ---> Problem uploading file: <br/> Error message - <cfoutput>#cfcatch.message#</cfoutput> <br/> Error detail - <cfoutput>#cfcatch.detail#</cfoutput> <br/> </cfcatch> </cftry> <cfelse> <cfform method="post" enctype="multipart/form-data"> <cfinput name="myFile" type="file"> <cfinput name="submitBtn" type="submit"> </cfform> </cfif>

When specifying extensions, the . prefix is required i.e. .TXT,.XML etc,. To accept all file types one can specify the wild card '*'.

fileGetMimeType

A new function fileGetMimeType has been added to determine the MIME type of the file:

<cfscript> //if test.txt contains xml data then the MIME type would be application/xml writeOutput(fileGetMimeType(expandPath("test.txt")) & "<br />"); //when strict=false, this would output text/plain writeOutput(fileGetMimeType(expandPath("test.txt"),false) & "<br />"); //try with the file object myFile = fileOpen(expandPath("test.txt")); writeOutput(fileGetMimeType(myFile,false) & "<br />"); </cfscript>

The first argument to fileGetMimeType function can be a path to a file or a file object. The second argument - 'strict' is an optional argument. By default it's value is true. When strict is true this function would return the mimetype after examining the content of the file. When it is set to false, it would just examine the file extension and return the mimetype.
Labels:

Comments

Post a Comment

Popular posts from this blog

How to use the APP_INITIALIZER token to hook into the Angular bootstrap process

I've been building applications using Angular as a framework of choice for more than a year and this post is not about another React vs Angular or the quirks of each framework. Honestly, I like Angular and every day I discover something new which makes development easier and makes me look like a guy who built something very complex in a matter of hours which would've taken a long time to put the correct architecture in place if I had chosen a different framework. The first thing that I learned in Angular is the use of the APP_INITIALIZER token.
Post a Comment
Read more

De-obfuscating javascript code in Chrome Developer Tools

I had blogged about JavaScript debugging with Chrome Developer Tools  some time back, wherein I have explained how these developer tools can help in debugging javascript code. Today Google Chrome 12 was released and my Chrome browser was updated to this version. As with every release, there have been some improvements made on performance, usability etc,. One feature that stood out for me is the ability to De-obfuscate the javascript code. What is Minification? Minification is the process of removing unnecessary characters such as white spaces, comments, new lines from the source code. These otherwise would be added to make the code more readable. Minifying the source code helps in reducing the file size and thereby reducing the time taken to download the file. This is the reason why most of the popular javascript libraries such as jQuery are minified. A minified jQuery file is of 31 KB in size where as an uncompressed one is about 229 KB. Unfortunately, debugging minified javascript f...
7 comments
Read more

Using MobX to manage application state in a React application

I have been writing applications using React and Redux for quite some time now and thought of trying other state management solutions out there. It's not that I have faced any issues with Redux; however, I wanted to explore other approaches to state management. I recently came across MobX  and thought of giving it a try. The library uses the premise of  `Observables` to tie the application state with the view layer (React). It's also an implementation of the Flux pattern wherein it uses multiple stores to save the application state; each store referring to a particular entity. Redux, on the other hand, uses a single store with top-level state variables referring to various entities.
Post a Comment
Read more