Copy link to clipboard
Copied
ok - really need help on this one - I am stumped....
working on an application that does some simple image manipulation, creates thumbs from an uploaded image.... works mostly perfectly BUT if a user uploads an incorrectly named file <cffile action="upload"> fails.....
for example I have an image named 'myimage.png' the file is actually a jpeg. if I upload that this snippet does nothing, not even throw an error.
<cffile
action="upload"
destination="#basepath##path#"
fileField="file"
mode="777"
nameConflict="makeunique"
/>
I have tailed all the logs [exception/server & server] all I get is a file not found error [it never got uploaded!
I have confirmed that the image file types are actually as I expect them to be - no matter how they are named...
I even updated & patched the server with the latest patch and hotfixes.
and it gets weirder....... if I rename a jpeg to a png file, it will upload, but will fail on a cfimage resize command....
Does anyone have a clue as to what is happening here.
-sean
Copy link to clipboard
Copied
That does not sound right. Though I can believe some of the image functions might have a problem with the file extension/image format difference once the files arrive.
Can you post a small reproducible example?
Copy link to clipboard
Copied
it sure does not sound right.... it's downright bizzarre!
but yes - here are the 3 functions involved [I borke them out to try and isolate the problem]
usually this is called from a java applet that allows multiple uploads, but I started testing with a normal form & file field when problems started arising ... no difference so I am assuming the java applet is fine
there's actually a little bit of leftover fluff in these that hasn't been cleaned out yet so... try to ignore it
-thanks
-sean
<!--- resize - resize an image to given directory --->
<cffunction name="toJpeg" access="public" description="resize an image to given directory" output="yes" returntype="any" >
<cfargument name="name" required="yes" type="string" />
<cfargument name="path" required="no" type="string" default="" />
<cfscript>
copyPrefix = RandomString('5');
imageName = left(arguments.name, (Len(arguments.name)-4))&'.jpg';
</cfscript>
<cfimage source="#basepath##path##name#" action="write" destination="#basepath##path##imageName#" quality="1" overwrite="yes" /><!---cfscript>
thread = CreateObject("java", "java.lang.Thread");
thread.sleep(5000);
</cfscript---></cffunction>
<!--- resize - resize an image to given directory --->
<cffunction name="resize" access="public" description="resize an image to given directory" output="yes" returntype="any" >
<cfargument name="name" required="yes" type="string" />
<cfargument name="newname" required="yes" type="string" />
<cfargument name="height" required="no" type="string" default="150" />
<cfargument name="width" required="no" type="string" default="200" />
<cfargument name="path" required="no" type="string" default="" /><cfimage action="resize" source="#basepath##path##name#" destination="#basepath##path##newname#" width="#width#" height="#height#" overwrite="yes" />
</cffunction>
<!--- upload - uploads a file to given directory --->
<cffunction name="upload" access="public" description="uploads a file to given directory" output="yes" returntype="any" >
<cfargument name="path" required="no" type="string" default="" />
<cfargument name="mime" required="no" type="string" default="image/jpg,image/gif,image/png" />
<cfif Find("../","#path#") eq 0>
<cftry><cfdirectory action="create" directory="#basepath##path#" /><cfcatch type="any"> </cfcatch></cftry>
</cfif>
<cftry>
<cffile action="upload" destination="#basepath##path#" fileField="file" mode="777" nameConflict="makeunique" />
<cfset error = "false" />
<cfcatch type="any">
<cfset error = "true" />
</cfcatch>
</cftry>
<cfscript>
oldname = cffile.serverFile;
suffix = Right(cffile.serverFile,'4');
prefix = RandomString('15');
bytesize = cffile.fileSize;
newname = prefix&bytesize&suffix;
rename = prefix&bytesize&'-tn'&suffix;
newname=Replace(newname, " ", "", "all");
</cfscript>
<!---cffile action="rename" source="#basepath##path##cffile.serverFile#" destination="#basepath##path##newname#" /--->
<cfscript>
toJpeg(oldname);
resize(oldname,prefix&bytesize&'.jpg','480','640');
resize(oldname,prefix&bytesize&'-tn.jpg','150','200');</cfscript>
<!-- delete the original -->
<cffile action="delete" file="#basepath##path##oldname#" /><cfif error is not "false">
<cfreturn error />
</cfif>
</cffunction>
Copy link to clipboard
Copied
I would focus on one piece at time. Is the upload function something that can be run independently? It looks like it has some path variables defined elsewhere. Also, what is a sample of a file path that is failing?
Copy link to clipboard
Copied
if I simplify it down to this in the upload function:
<cfscript>
//oldname = cffile.serverFile;
//suffix = Right(cffile.serverFile,'4');
prefix = RandomString('15');
bytesize = cffile.fileSize;
newname = prefix&bytesize;
//rename = prefix&bytesize&'-tn'&suffix;
//newname=Replace(newname, " ", "", "all");
</cfscript>
<!---cffile action="rename" source="#basepath##path##cffile.serverFile#" destination="#basepath##path##newname#" /--->
<cfimage source="#basepath##cffile.serverFile#" action="write" destination="#basepath##newname#.jpg" quality="1" overwrite="yes" />
<cfimage action="resize" source="#basepath##newname#.jpg" destination="#basepath##newname#.jpg" width="640" height="480" overwrite="yes" />
<cfimage action="resize" source="#basepath##newname#.jpg" destination="#basepath##newname#-tn.jpg" width="200" height="150" overwrite="yes" />
<cffile action="delete" file="#basepath##cffile.serverFile#" />
any image that is actually a png file will fail on the cfimage write with this error:
Ensure that the destination directory exists and that Coldfusion has permission to write to the given path or file. cause : java.io.FileNotFoundException: /data/vhome/newride.nexus.local/subdomains/admin/Assets/Uploads/05V02V44TKq24sJ74197.jpg (No such file or directory)
I'm uploading a .png file called 'actuallyapng.jpg'
any other image [correctly named] works as advertised and if I rename it to actuallyapng.png then it works fine!
also - I've attached the test file.
-sean
Copy link to clipboard
Copied
Ensure that the destination directory exists and that
Coldfusion has permission to write to the given path or
file. cause : java.io.FileNotFoundException:
/data/vhome/newride.nexus.local/subdomains/admin/Assets/Uploads/05V02V44TKq24sJ
74197.jpg (No such file or directory)
Do you have the latest patches installed? That sounds like a file locking issue that was fixed in in one of the updaters. Note, there were two updates released under the same name. Check the file timestamp to make sure it is the latest one dated 08/15/2008
http://kb2.adobe.com/cps/403/kb403411.html
Copy link to clipboard
Copied
seriously? I found that "problem" and did the main update plus the cumulative hotfix 4 patch ... no dice.
I will take a look at this specific fix.
thanks.
-sean
Copy link to clipboard
Copied
I do not know if that particular patch was included in the main updates. It may not be. So you would have to check the release notes.
seriously?
Yes, if you look at the kb article "FileNotFound..." is one of the ways the file locking error manifested itself. Confusingly, "FileNotFound..." does not always mean the file does not exist. Sometimes it means it cannot be accessed due to locking, permissions or some other reason.
Copy link to clipboard
Copied
hmmm ok - that seems to resolve some of the problems, but still the odd error if a png file is named as a jpeg!
I get a different error now.
"Error","jrpp-4","12/19/09","12:30:54","newride-ss34g346","ColdFusion was unable to create an image from the specified source file.
Ensure that the file is a vaild image file. The specific sequence of files included or processed is: /data/vhome/newride.nexus.local/subdomains/admin/index.cfm, line: 96 "
coldfusion.image.ImageReader$UnableToCreateImageException: ColdFusion was unable to create an image from the specified source file.
and the file:
suse:/vhome/subdomains/admin/Assets/Uploads # file Q8SBn79hjT9R8f3650890.jpg
Q8SBn79hjT9R8f3650890.jpg: PNG image data, 600 x 450, 8-bit/color RGBA, non-interlaced
now here's the fun part.... if I rename that file to "Q8SBn79hjT9R8f3650890" with no extension & upload , it works fine.....
It's starting to look to me like that cfimage tag really does not like incorrectly named file extensions .
so a little more testing and I guess this could be a working hack-solution but hum, odd,
thoughts?
-sean
Copy link to clipboard
Copied
It's starting to look to me like that cfimage tag really
does not like incorrectly named file extensions .
Nope. IIRC, it uses the the file extension first to determine the image format. So obviously if you have a bad file (png named as *.jpg) it will error out. It would be nice if it did not. But then again, a .png file probably should not be named as a .jpg anyway.
IIRC, the other work-around is to read in the image as binary. Then pass it into one of the image function that accepts bytes as a source.
Copy link to clipboard
Copied
So if I am reading that correctly a file with no extension fails the first test and cfimage has no choice but to ready the first few bytes of the file in question, hence the file without extension gets converted correctly while the file with the incorrect extension fails.
I agree "it would be nice if it did not"
thanks
-sean
Copy link to clipboard
Copied
Yes, that is my take on it. Granted, it is based solely on my own observations of image function behavior. I have not seen that documented anywhere.
Copy link to clipboard
Copied
BTW: If you are not doing this already, definitely look into protecting against MIME type exploits
http://www.coldfusionjedi.com/index.cfm/2009/6/30/Are-you-aware-of-the-MIMEFile-Upload-Security-Issue
Copy link to clipboard
Copied
usually I do, right now the java applet is handling that,
but it would not take a genius to find the upload handler and craft a post to it I suppose.
good advice.
-sean