cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

get attachment directory

iccsi
Engaged ,
Sep 07, 2013 Sep 07, 2013

Copy link to clipboard

Copied

I want to user to upload attachement to my upload directory like following

C:\inetpub\wwwroot\MySite\Test\uploadFile

<cfset strPath = ExpandPath( "./" ) />

<cfset strPath = GetDirectoryFromPath(GetCurrentTemplatePath())  />

<cfoutput> #strPath#</cfoutput>

I use above code which gives me the following path.

C:\inetpub\wwwroot\MySite\Test\

Are there any way to add \uploadFile to the return path?

Your help and information is great appreciated,

regards,

Iccsi,

Views

818

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
jfb00
Advisor ,
Sep 09, 2013 Sep 09, 2013

Copy link to clipboard

Copied

I usually manage this in my application.cfc in onApplicationStart function, example:

<cfscript>

var varAppDrive = listFirst(cgi.path_translated, ":");

application.upload_folder =  varAppDrive & ":\inetpub\wwwroot\MySite\Test\uploadFile";

</cfscript>

In the app you can use:

<cfset strPath = application.upload_folder />

<cfoutput> #strPath#</cfoutput>

I hope this help.

Best,

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Carl Von Stetten
Guide ,
Sep 09, 2013 Sep 09, 2013

Copy link to clipboard

Copied

iccsi,

I'd strongly recommend not allowing files to be uploaded anywhere inside of your web root (i.e.: inside "\inetpub\wwwroot").  This is a major security hole and attack vector.  It would allow malicious users to upload executable files or scripts and subsequently execute them from the browser.


Always upload to a folder outside your web root, validate what was uploaded, then move to a folder inside the webroot ***if appropriate***.
-Carl V.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
iccsi
Engaged ,
Sep 09, 2013 Sep 09, 2013

Copy link to clipboard

Copied

In Response To Carl Von Stetten

Thanks for the information,

I use accept to only allow pdf, doc, xls files to upload.

Can I upload to any physic diretory what I specify using ColdFusion for C:\MyTempDiretory?

If so, user still be able to upload malicious code to tempdirectory as well.

I think that the solution is to limit the file types to upload and prohibit folder files to excute.

Thanks again for helping,

Regards,

Iccsi,

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Carl Von Stetten
Guide ,
Sep 09, 2013 Sep 09, 2013

Copy link to clipboard

Copied

In Response To iccsi

Depending on the version of CF you are using, the "allow" filtering may not be adequate.  It is easy to spoof this by merely changing the extension of a file to appear to be a pdf, doc, xls file.  CF10 did add the ability to actually check the mime type of upoaded files to validate them, which does improve the security of uploads.

Regardless, uploading directly to a folder within the web root violates web development best practices, regardless of whether you are using ColdFusion or any other server-side programming technology.

-Carl V.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
iccsi
Engaged ,
Sep 09, 2013 Sep 09, 2013

Copy link to clipboard

Copied

LATEST
In Response To Carl Von Stetten

Thanks a million for the information and help,

regards,

iccsi,

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices