cffile: validate file name and remove dup PERIODS from file name 2

[lizok]

i am getting this error when trying to upload a file that contains duplicate PERIODS in the name:
The path, 'G:\ASLweb\Uploads\COA_4\fdhdfg..doc', is illegal. Path specifications cannot include '..'

If there any way i can prevent user from trying to upload a file with ".." in the extension? i've tried REPLACE but it didn't work

thank you
liz

 

[TruthInSatire]

when and what are you trying to do the replace on? a little more code would help us help you.

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams (1952-2001)

 

[webmigit]

This should do it.. Regex is our friend.

<cfset newfilename=rereplace(filename,"([.])([.])","\1","ALL")>[code]

Though I doubt that's even necessary... I bet its how you're assembling the file name in your cffile code. Can we see?

[b]ALFII.com[/b]
[URL unfurl="true"]http://www.alfii.com[/URL]
---------------------
If this post answered or helped to answer your question, please reply with such so that forum members with a similar question will know to use this advice.

 

[lizok]

trying to upload a file. The code WORKS as long as file is valid. Once i test with a file like: test..doc, it crashes on this line:<cffile Filefield="form.FileName".

I need some way to tell user that file name is invalid (the one that contains ..)

here is my tag:
<input Name="FileName" Size=44 TYPE="FILE">

upload code below:
<cfset UploadDirectory = GetDirectoryFromPath(#thispath#)>

<cffile Filefield="form.FileName"
Destination= #trim(UploadDirectory)#
action="UPLOAD"
Nameconflict="OVERWRITE">
<cfoutput>

 

[lizok]

webmigit, code didn't work.I tried passing this new var into
<cffile Filefield> and same error

 

[webmigit]

A cftry/cfcatch would let you nail it but that's not really very helpful.

I didn't get what you're saying before, but now I did. It won't even try to upload. Which is really weird.

ALFII.com

http://www.alfii.com

---------------------
If this post answered or helped to answer your question, please reply with such so that forum members with a similar question will know to use this advice.

 

[TruthInSatire]

it seems to me this should work, which i think is what webmigit is offering

[b]
<cfset form.fileName = replace(form.fileName, "..", ".", "all")>
[/b]
<cfset UploadDirectory = GetDirectoryFromPath(#thispath#)>

<cffile Filefield="form.FileName"
Destination= #trim(UploadDirectory)#
action="UPLOAD" 
Nameconflict="OVERWRITE">

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams (1952-2001)

 

[TruthInSatire]

that actually wouldn't work because you get a temp file name. forgot about that.

anyway i tested it and it workes this is my code.

<cfif isdefined('form.submit')>
	<cfoutput>form.fileName: #form.fileName#<br></cfoutput>
	<cffile action = "upload" 
		filefield = "form.fileName" 
		destination="fullpath(removed for posting)"
		nameconflict="makeunique"
		>
		<cfoutput>serverFile: #file.serverFile#<br>
			clientFile: #file.ClientFile#<br>
			attempted: #file.AttemptedServerFile#
		</cfoutput>
</cfif>

the output
form.fileName: path (removed for posting) \neotmp43619.tmp
serverFile: 4..gif
clientFile: 4..gif
attempted: 4..gif

and the file does upload.

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams (1952-2001)

 

[lizok]

ok tried exactly as you posted and same error.
here is my code from that upload page.:

<cfif parameterexists(form.FileName) is "Yes">
<cfset FileName=#trim(form.FileName)#>
<cfif FileName neq "">
<!--- New folder name: ACRONYM + AgencyID--->
<cfset NewSubFolder="#getAcr.EPetitionACR#">
<cfset UploadDir=ExpandPath("Uploads\")>
<cfset thispath = ExpandPath("Uploads\"& #NewSubFolder# & "_" & #session.AgencyID# & "\")>
<!--- Check if subdir exists--->
<CFIF not DirectoryExists("#thispath#")>
<!--- If no folder exists, one is created --->
<cfdirectory action = "create"
directory = #thispath#
filter = "list filter"
mode = "777">
</cfif>

<cfset UploadDirectory = GetDirectoryFromPath(#thispath#)>

<cffile Filefield="form.FileName"
Destination= #trim(UploadDirectory)#
action="UPLOAD"
Nameconflict="OVERWRITE">

<cfoutput>
<!--- The foll. routine retrieves info about
UPLOADED file to be saved to the Database--->
<cfset form.FileName = File.ServerDirectory & "\" & trim(File.ServerFile)>
<cfset form.FileDetails = File.ClientDirectory & "\" & trim(File.ClientFile)>
<cfset form.RemoteHost = #CGI.REMOTE_HOST#>
<cfset form.RemoteAddr = #CGI.REMOTE_ADDR#>
<cfset form.ModDT = dateformat(now(),"mm/dd/yyyy")>
<!--- to get uploaded files with any extention --->
<cfset FullPathName = trim(form.FileName)>
<cfset temp=ClientFileName> <!---renamed--->
<cfset NewPRNo_AgencyID =#getAcr.EPetitionACR# & "_" & #trim(temp)# & "_" & #session.AgencyID#>
<cfset NewPRNo = trim(NewPRNo_AgencyID) & ".*">
<CFDIRECTORY ACTION="List"
DIRECTORY = #File.ServerDirectory#
NAME="UploadFiles"
FILTER=#NewPRNo#>
</cfoutput>
<!---if file found the delete it--->
<cfoutput query = "Uploadfiles">
<cfset FileToDelete=#File.ServerDirectory# & "\" & #Name#>
<CFFILE ACTION="Delete"
FILE=#FileToDelete#>
</cfoutput>

<!---now rename--->
<cfoutput>
<cfset t=getfilefrompath(FullPathName)>
<cfset NewPathName = Replace(t,File.ServerFileName, NewPRNo_AgencyID)>
<cfset FILENAME=#trim(form.FILENAME)#>
<CFFILE ACTION="Rename" SOURCE= #FileName# DESTINATION= #NewPathName#>
<cfset t=getfilefrompath(NewPathName)> <!--renamed-- </cfoutput>

<cfset FileToSave=#File.ServerDirectory# & "\" & #NewPathName#>
<!--- cehck for valid ext--->
<cfoutput>
<cfif #ServerFileext# neq "doc" and #ServerFileext# neq "pdf" and #ServerFileext# neq "xls" and ServerFileext# neq "txt" and #ServerFileext# neq "wp" and #ServerFileext# neq "rtf" and #ServerFileext# neq "gif" and #ServerFileext# neq "jpg" and #ServerFileext# neq "jpeg" and ServerFileext# neq "ppt">
<!--- bad file was uploaded, so now we need to delete and clean table--->
<CFFILE ACTION="Delete" FILE=#FileToSave#>
<cfquery name="DeleteONInvalidUPload" datasource="#session.dsn#">
<!--- delete from db ---> </cfquery>
<cfset message="You have tried to upload an invalid file. The allowed files should contain the following extensions: doc, mdb, xls, txt, wp, rtf, dbf, ppt. Please upload correct file.">

<cfelse><!--- EXTENSIOn is GOOD--->
<CFIF FileExists(FileToSave)>
<CFQUERY NAME="insertupdatetblASLStep3_FileExt" datasource="#session.dsn#">
<!--- insert/update file name and info---> </CFQUERY>
<cfset message="This file has been sucessfully uploaded.">
<cfelse>
<cfset message="This file has been already uploaded.">
</cfif>
</cfif> <!--- <CFIF FileExists(FileToSave)>--->
</cfif><!--- EXTENSIOn is GOOD--->
</cfoutput>
<cfelse><!--- <cfif FILENAME neq ""> --->
OTHER CODE

</cfif>
</cfif><!--- <CFIF FileExists(FileToSave)> --->
</cfif><!---<cfif FILENAME neq "">--->
</cfif><!---<cfif parameterexists(form.FILENAME) is "Yes">--->

 

[TruthInSatire]

ok. the best i can come up with is to use cftry and cfcatch.

if you get an error specify the file as a temp file then rename it.

<cfset UploadDirectory = GetDirectoryFromPath(#thispath#)>
<cftry>
<cffile Filefield="form.FileName"
Destination= #trim(UploadDirectory)#
action="UPLOAD" 
Nameconflict="OVERWRITE">
<cfcatch>
<cffile Filefield="form.FileName"
Destination= [b]"#trim(UploadDirectory)#/tempfile.doc"[/b]
action="UPLOAD" 
Nameconflict="OVERWRITE">
<cffile action = "rename" ... ...>
</cfcatch>
</cftry>

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams (1952-2001)

 

[lizok]

ok cftry/cfcatch worked.
now it uploads the file and renames. even though i have additional period in the name, i think it's ok