Uploaded filename, before CFFile

Forum|Forum|17 years ago
February 29, 2008
13 replies
7604 views

Hi,

I'm doing some form data validation and would like to add rules for files (size and type). Ideally I want to avoid CFFile as the validation shouldn't have anything to do with moving the file anywhere.

I know that when ColdFusion processes an upload, it stores it in a temporary directory and filename. This is stored in the form field (e.g. form.file = c:\sometempdirectory\blahxxx.tmp) and I can use that to do a GetFileInfo and find out the filesize. Awesome.... except it's called blahxxx.tmp :(

I want to know the real filename, not the temp filename but I can't find it anywhere. ColdFusion must know it, probably hidden along with its other darkest secrets, as it'll use it when we do a CFFile action="upload". So where is it being hidden? Any ideas?

I have seen suggestions of using an extra hidden field plus some javascript, but to be honest, I don't like trusting something like that as it's possible to abuse it. I've also gone hunting inside "getPageContext().getRequest()" but not being any good with Java I haven't a clue where to start.

Please help :)
Ta,
Dave

Advanced techniques

Show previous replies

A

Anonymous

Thanks, I've tried hunting through the CGI scope but using ColdFusion 8 the request body (usually used for the post variables) is always empty. This is due to a setting to stop extremely large uploads from being held in memory.

I had thought about hunting through the getPageContext().getRequest() or other areas in that function but since finding out that the contents isn't held I guess it wouldn't be stored in there either.

I just feel like there's an extra step that's involved for little reason with file uploads in ColdFusion that could be avoided if there was some access to the original filename.

For exampe:
* Validating the file extension, as you'd want to know it's a valid file before moving it.
* Uploading files to the database. You can do a <cffile action="readbinary" file="#form.file#" variable="blob" /> to get the uploaded file (without bothering with action="upload" at all) and store it in a database. One less step but currently you lose the original filename.

I guess that unless someone knows where the real filename is hidden I'll be all out of luck.

N

Newsgroup_User

Inspiring

elpestybandito wrote:
> I haven't a clue where to start.
>
> Please help :)

Start by understanding the HTTP request/response client/server process.

1) A user viewing a form in a browser selects a file to be uploaded and
submits the form. The browser reads the file from the user's system and
puts it into the request which then it sends to the web server.

2) The web server receives the request, takes the file from the request
and writes it to a temporary location on the server. It then passes the
request on to ColdFusion telling it where the temporary file is located.

3) ColdFusion then does what you request it to do with the file
according the the <cffile...> and other CFML instructions.

Understanding this process you can see what you ask is impossible and
does not make sense. You can not process the file name on the server
before the file is sent because the browser does not send this
information ahead of the file it sends the entire file, name and all,
when the form action request is made.

Your interceptions points are on the client, which requires some kind of
client side technology such as JavaScript.

In the web server. Some of which offer some type of scripting
capabilities that may do what you want.

In the Application Sever, i.e. ColdFusion. This is the easiest and best
practice and should always be done. Even if you do a client side option
, such as JavaScript, you will want to back it up with a Server Side
solution for just the reason you mentioned. Client side code and be
messed with and circumvented.

B

bobmoles

Participating Frequently

look at #cffile.clientFile# I would start by doing a <cfdump var="#FILE#"> and <cfdump var="#CFFILE#"> Then you can look at all the properties of the two structs and decide what you are actually looking for. CFDump and CFAbort are two of your best friends when you start moving into new waters....

A

Anonymous

Thanks for the reply Bob, but I think you may have missed what I'm trying to do.

I'll summarise it for everyone...

Form.cfm

* Form page has a file field
* User selects the file "rincewind.txt" and clicks submit.
* Form action points at save.cfm

Save.cfm
* Validation.cfc created and given rules.
* Validates file size by using GetFileInfo(form.file).
* Tries to validate file type but form.file ends in .tmp not .txt

My problem is I want the real filename. There is no CFFile action="upload" in save.cfm so the file / cffile variables do not exist. All I'm currently doing is validation and I don't want my validation component moving files about the place as I'd then have the extra work of cleaning up if they're invalid and letting everything else know it's new location.

My theory is ColdFusion must hold the original filename somewhere before the CFFile since it'll rename and move the file. CFFile action="upload" can be misleading too, as the file has already been uploaded and stored in a temporary directory by ColdFusion (check out the form variable next time you do an upload), but (oh woe is me) with a tmp extension so I can't validate it. :(

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded