-
1. Re: cffile
History should add: Support for HTML 5 multifile input field in fileUploadAll and Form scope
example should be updated to demo this.
-
2. Re: cffile
It appears that since this page was written that the default value of the strict attribute was changed to 'true'. I would like to configure a file upload to accept .cfm files and enforce the strict attribute but I cannot figure out what MIME type to use. With strict = false I can upload .cfm files with this code: but if I set strict="true" I can't get the upload to work with accept="text/.cfm" or accept="application/.cfm" or anything else that I try as MIME type designation. I really don't want someone to be able to disguise an exe or other non-cfm file as a cfm.
-
3. Re: cffile
@jsidway (Jim?), I really don’t think that the default of STRICT was changed to true. Indeed, to be clear, STRICT was only added in 10, and for compatibility sake I’m nearly positive it defaults to false. I just noticed that the cffile upload page in the CFML reference makes no mention of that, so I will go add a comment there. (I’m not at the moment able to setup a test myself in answering your question here. Am just sharing some thoughts if they may help.)
As for your need, of course some would caution against uploading CFMs for security sake, but hey the whole purpose of the strict is to increase security so that if you do allow some type, at least you make sure that the file IS only of that type (according to its contents, which the STRICT will check), and not some other type.
So as for the mime type for CFM files, well, I’d propose that since they’re just text files and mostly like HTML files, then you just need the mimetype for HTML files. Have you tried text/html?
/charlie
PS I notice that you’re asking here on the main page for CFFILE, rather than that CFFILE upload page. I’d think that would have been the better place for this, though at this point I realize it’s too late.
-
4. Re: cffile
As a followup, I just noticed that this page does in fact indicate that "The default value of strict is false", for what it's worth. But hope the last reply more directly answers your question, Jim.
-
5. Re: cffile
Charlie,
I tried text as the MIME type but not HTML. I realize that strict was added in CF10 because I'm having to modify the code we used in CF 9 where I used accept="text/, image/, application/*". Perhaps I'm wrong about strict defaulting to true but when I leave it out altogether or include strict="true" in my cffile tag and then try and use accept=".cfm" (which works when I include strict="false" in the cffile tag) I get this error:
When the value of the attribute STRICT is TRUE, it requires valid MIME types in the attribute(s): ACCEPT.
The error occurred in C:/inetpub/wwwroot/sonisweb26bugfix/upload_rpt.cfm: line 42
40 :
As you can see I do not explicitly set strict="true" in my code but the error clearly indicates that CF thinks STRICT is TRUE. Note: this is another upload function for uploading CFR files, not CFMs. I will need to determine what MIME type CFRs are, too.