ACS LLC wrote:
> I actually came across another issue We upload two
images from the previous
> page, so by checking the cgi content size it does not
work because if we want
> to restrict to 100k per file it actually adds up both
images, so it was have a
> 95k and an 80k both are technically acceptable, but the
total is under 100k for
> each. I could make it stop at 200k , but that then
allows users to manipulate
> the upload, they could upload a 190k and go back and
upload another 190k in the
> 2nd picture. I was also just told by somebody that is
still uploads the file
> in order to get the file size? Mark
>
in your case i would probably:
[all the below on the action page, obviously]
1) check the CGI.CONTENT_LENGTH to see if it is significantly
larger
than ([allowed file size]x[number of files being
uploaded])+[size of
form page]
2) if it is NOT significantly larger then use CFFILE.FILESIZE
after each
upload (in a cfloop, presumably) to check exact size of each
file and
delete the ones found to be too large.
hth
---
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com