Skip to main content

ColdFusion 10: CFFILE Restricting file types to upload

In ColdFusion 10, one can restrict the type of file being uploaded to the server when using CFFILE to upload the files. The new attribute accept allows the user to specify various MIME types or extensions of the file that can be accepted by the server. If the user tries to upload a file with a .txt extension but it contains xml data (application/xml MIME type) then the server would accept or throw an exception based on the value specified for the strict attribute. 'strict' is a boolean attribute added to the CFFILE tag. By default it is true and therefore wouldn't allow the user to upload a file whose contents are of different MIME type. When the strict attribute is set to false it would allow the user to upload a file irrespective of its content. However, an error would be thrown if the extension of the file doesn't match the ones specified in the accept attribute.


Rules:
  1. When strict is true, only MIME types or a combination of MIME types and extensions are allowed in the accept attribute. Since strict is true by default, one should specify MIME types for the accept attribute.
  2. When strict is false, either MIME types or extensions or a combination of both can be specified as a value to the accept attribute.

Example:

<!--- Create a directory where files would be uploaded ---> <cfif not directoryExists(expandPath("./uploadDirectory"))> <cfset directoryCreate(expandPath("./uploadDirectory"))> </cfif> <cfif isDefined("form.myFile")> <cftry> <!--- A valid MIME type must be specified as a value for accept attribute when strict=true. By default strict is true. ---> <cffile action="upload" destination="#expandPath("./uploadDirectory")#" accept="text/plain" filefield="form.myFile" nameconflict="overwrite" strict="true"> File uploaded successfully. <cfcatch type="Any"> <!--- If the text file contains data of a different mime type; ex: application/xml, then an error is thrown. ---> Problem uploading file: <br/> Error message - <cfoutput>#cfcatch.message#</cfoutput> <br/> Error detail - <cfoutput>#cfcatch.detail#</cfoutput> <br/> </cfcatch> </cftry> <cfelse> <cfform method="post" enctype="multipart/form-data"> <cfinput name="myFile" type="file"> <cfinput name="submitBtn" type="submit"> </cfform> </cfif>

When specifying extensions, the . prefix is required i.e. .TXT,.XML etc,. To accept all file types one can specify the wild card '*'.

fileGetMimeType

A new function fileGetMimeType has been added to determine the MIME type of the file:

<cfscript> //if test.txt contains xml data then the MIME type would be application/xml writeOutput(fileGetMimeType(expandPath("test.txt")) & "<br />"); //when strict=false, this would output text/plain writeOutput(fileGetMimeType(expandPath("test.txt"),false) & "<br />"); //try with the file object myFile = fileOpen(expandPath("test.txt")); writeOutput(fileGetMimeType(myFile,false) & "<br />"); </cfscript>

The first argument to fileGetMimeType function can be a path to a file or a file object. The second argument - 'strict' is an optional argument. By default it's value is true. When strict is true this function would return the mimetype after examining the content of the file. When it is set to false, it would just examine the file extension and return the mimetype.
Labels:

Comments

Post a Comment

Popular posts from this blog

File upload and Progress events with HTML5 XmlHttpRequest Level 2

The XmlHttpRequest Level 2 specification adds several enhancements to the XmlHttpRequest object. Last week I had blogged about cross-origin-requests and how it is different from Flash\Silverlight's approach .  With Level 2 specification one can upload the file to the server by passing the file object to the send method. In this post I'll try to explore uploading file using XmlHttpRequest 2 in conjunction with the progress events. I'll also provide a description on the new HTML5 tag -  progress which can be updated while the file is being uploaded to the server. And of course, some ColdFusion code that will show how the file is accepted and stored on the server directory.
18 comments
Read more

Server sent events with HTML5 and ColdFusion

There are several ways to interact with the server apart from the traditional request\response and refresh all protocol. They are polling, long polling, Ajax and Websockets ( pusherapp ). Of all these Ajax and Websockets have been very popular. There is another way to interact with the server such that the server can send notifications to the client using Server Sent Events (SSE) . SSE is a part of HTML5 spec:  http://dev.w3.org/html5/eventsource/
19 comments
Read more

How to use the APP_INITIALIZER token to hook into the Angular bootstrap process

I've been building applications using Angular as a framework of choice for more than a year and this post is not about another React vs Angular or the quirks of each framework. Honestly, I like Angular and every day I discover something new which makes development easier and makes me look like a guy who built something very complex in a matter of hours which would've taken a long time to put the correct architecture in place if I had chosen a different framework. The first thing that I learned in Angular is the use of the APP_INITIALIZER token.
Post a Comment
Read more