I am building an uploader, and I want to set a couple of parameters so the client cannot upload any type of file.
This is the cfm file which processes the upload includes/processFileSubmission.cfm:
<cfparam name="form.fileUpload" default="">
<cfparam name="form.hiddenFileInput" default="">
<cfset dirName = expandPath("../../data/images/volvelle/")>
<cfif len(trim(form.fileUpload))>
<cfset fileName="#form.actual_name#_#form.email#" />
<cfset fileName=Replace(fileName, " ", "-", "ALL") />
<cfset fileName=LCase(fileName) />
<cfset fileSize = createObject("java","java.io.File").init(form.fileUpload)>
<cfif fileSize.length() LT 52428800>
<cffile
action="upload"
result="upload"
accept="image/*"
fileField="fileUpload"
nameconflict="makeunique"
destination="#dirName#/#fileName#__#hiddenFileInput#"
>
</cfif>
<cfdump var="#upload#">
<cfif #upload.CONTENTTYPE# NEQ 'image'>
<cfoutput>Upload file was not an image</cfoutput> // this does not get reached.
<!--- <cflocation url="error.cfm"> --->
<cfelse>
<cfoutput>Upload file was an image</cfoutput> // this does get reached for an image file
</cfif>
</cfif>
In my html I am going to use an accept attribute to filter only for image files, but in order to test this I have currently disabled that (I still need to do a back end check).
So the html was this (index.cfm):
<input class="el-7 button" type="file" name="fileUpload" accept="image/*" />
But is now this:
<input class="el-7 button" type="file" name="fileUpload">
If I upload an image, I can see this output from <cfdump var="#upload#" />
This shows that upload.CONTENTTYPE = image, which is what I am trying to test in my condition at the bottom of the script. I am so-so with cfm but always get mixed up and variable interpolation but I have tried <cfif upload.CONTENTTYPE NEQ 'image'> which did not work either. Not sure if it needs quotes.
However if I then upload a pdf, the cffile fails, but seems to pass back to my confirm.cfm file which should return errors or a success message based on the form inputs.
This is the error:
Accept image/*
Detail <br>Only files of type image/* can be uploaded. <br>Verify that you are uploading a file of the appropriate type.
Message The MIME type of the uploaded file application/pdf was not accepted by the server.
This is the content of my confirm.cfm file
<cfparam name="FORM.fileUpload" default="">
<cfparam name="FORM.name" default="">
<cfparam name="FORM.actual_name" default="">
<cfparam name="FORM.email" default="">
<cfparam name="FORM.comments" default="">
<cfparam name="FORM.auth" default="">
<cfparam name="FORM.gcapthca" default="">
<cfif len(trim(form.fileUpload))>
<cfinclude template="includes/processFileSubmission.cfm">
</cfif>
<cfif len(trim(FORM.auth)) NEQ 0 || len(trim(FORM.name)) NEQ 0>
<cflocation url="thanks.cfm">
</cfif>
<div class="content">
<cfparam name="errors" default="">
<cfif isDefined ("FORM.submit")>
<cfif len(trim(FORM.email)) NEQ 0 AND NOT isValid("email", FORM.email)>
<cfset errors = errors & "<li>Please enter a valid email address</li>">
</cfif>
<!--- clean up variables --->
<cfset FORM.fileUpload="">
<cfset FORM.name="">
<cfset FORM.actual_name="">
<cfset FORM.email="">
<cfset FORM.comments="">
<cfset FORM.gcapthca="">
<cfoutput>
<form method="post" action="#CGI.SCRIPT_NAME#" class="m-t-5">
<input type="hidden" name="submitted" value="true">
<cfif LEN(errors) GT 0><!--- checking for errors --->
Errors
<ul class="errors">
#errors#
</ul>
<a href="javascript:history.back(1)">Go back</a>
<cfelse>
Thank you. Your file has been submitted.<br />
<a href="/">slackwise</a><br />
e: email address
We never disclose email addresses to third parties.
</cfif>
</form>
</cfoutput>
</cfif>
</div>
All of this code works, it worked for a simple feedback form, I just need some error handling for the image uploader which is new.
TL/DR
I want to have a specific file redirect if the user tries to upload a non-image file. However in addition it might also be useful to have some generic fallback redirect page in case of any other type of error. How do I implement this?