Home of the ColdFusion Community
|
Mailing Lists
|
Home /
Groups /
ColdFusion Talk (CF-Talk)
cffile and security
Author: Mark Fuqua
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:55362#300085
Good Morning,
I have been working with cffile for the first time and in the process, read
several places that you should upload files to a temp location outside your
webroot for security reasons. My original problem was with trying to
eliminate spaces from file names...so now this is the process I'm
using...upload to a temp file, remove spaces and replace with _ then move
the file (code below)
My question is, why do I have to go to a temp file first and is this secure
in it's final version/location?
Also, how do I deal with naming conflicts...does move allow for the same
options as upload...rename, overwrite ect.? It doesn't seem to allow for a
result struc.
<!---Query for job folder name--->
<cfquery name="jobfolder" datasource="#Application.dbDSN#">
select jobfoldername
from jobs
where jobId = #session.jobId#
</cfquery>
<cfoutput>
<cffile action = "upload"
fileField = "FileToUpload"
destination = "c:/temp"
accept = "image/pjpeg, image/jpg, application/pdf"
nameConflict = "MakeUnique"
result="result">
<cfdump var="#result#">
<cfset NoSpaceServerFileName = reReplace(Result.ServerFileName, "\s+","_",
"all")>
<cffile action="rename" source="c:\temp\#Result.serverFileName#.pdf"
destination="C:\temp\#NoSpaceServerFileName#.pdf">
<cffile action="move" source="C:\temp\#NoSpaceServerFileName#.pdf"
destination="C:\cfusionmx7\wwwroot\pyramidhomeworks\JobAdmin\JobFiles\#jobFo
lder.jobFolderName#\#NoSpaceServerFileName#.pdf" result="moveresult">
<br /><cfdump var="#jobFolder#">
</cfoutput>
|
May 24, 2012
|
Latest Fusion Authority Articles
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
