Skip navigation
Currently Being Moderated

get attachment directory

Sep 7, 2013 1:24 PM

I want to user to upload attachement to my upload directory like following

 

C:\inetpub\wwwroot\MySite\Test\uploadFile

 

<cfset strPath = ExpandPath( "./" ) />

<cfset strPath = GetDirectoryFromPath(GetCurrentTemplatePath())  />

<cfoutput> #strPath#</cfoutput>

 

I use above code which gives me the following path.

 

C:\inetpub\wwwroot\MySite\Test\

 

Are there any way to add \uploadFile to the return path?

 

Your help and information is great appreciated,

 

regards,

 

Iccsi,

 
Replies
  • Currently Being Moderated
    Sep 9, 2013 6:02 AM   in reply to iccsi

    I usually manage this in my application.cfc in onApplicationStart function, example:

    <cfscript>

    var varAppDrive = listFirst(cgi.path_translated, ":");

    application.upload_folder =  varAppDrive & ":\inetpub\wwwroot\MySite\Test\uploadFile";

    </cfscript>

    In the app you can use:

    <cfset strPath = application.upload_folder />

    <cfoutput> #strPath#</cfoutput>

    I hope this help.

    Best,

     
    |
    Mark as:
  • Currently Being Moderated
    Sep 9, 2013 3:23 PM   in reply to iccsi

    iccsi,

     

    I'd strongly recommend not allowing files to be uploaded anywhere inside of your web root (i.e.: inside "\inetpub\wwwroot").  This is a major security hole and attack vector.  It would allow malicious users to upload executable files or scripts and subsequently execute them from the browser.


    Always upload to a folder outside your web root, validate what was uploaded, then move to a folder inside the webroot ***if appropriate***.
    -Carl V.
     
    |
    Mark as:
  • Currently Being Moderated
    Sep 9, 2013 3:54 PM   in reply to iccsi

    Depending on the version of CF you are using, the "allow" filtering may not be adequate.  It is easy to spoof this by merely changing the extension of a file to appear to be a pdf, doc, xls file.  CF10 did add the ability to actually check the mime type of upoaded files to validate them, which does improve the security of uploads.

     

    Regardless, uploading directly to a folder within the web root violates web development best practices, regardless of whether you are using ColdFusion or any other server-side programming technology.

     

    -Carl V.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points