[thelist] Re: COLDFUSION folder upload

jeff jeff at members.evolt.org
Sun Jun 3 15:33:17 CDT 2001 

jon,

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: jon steele
:
: > From: "Joshua OIson" <joshua at alphashop.net>
: >
: > Check for any number of CFX_ZIP type tags
: > on allaire.com
:
: Somebody also mentioned that CFX_ZIP was not
: safe to use because it tried to zip c:\*.* ...
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

someone said that "one time" it tried to do that.  the situation that caused
it was likely due to sloppy programming as well.  if you're careful to check
your variables going into the tag, then you're not likely to have problems.
what's more -- you need the tag to *un*zip files anyway so what's the
problem?

furthermore, we've been using cfx_zip here for a couple of years now and
haven't had any problems with it.

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: I can't have this app failing beacuse the
: client it's for needs it to work without
: any web personnel.
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

who doesn't have a client that needs to have everything work properly?

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: The user types the name of the folder, then on
: the query page, I get all the contents of the
: folder (using CFDIRECTORY, right?),
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

you don't have access to the user's machine in any form.  what's more,
cfdirectory is for reading the server's file system -- not the user's.

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: then output X number of <input type=file>
: fields with preset values (not using JavaScript,
: using CF) then just have the user submit
: the form. Would this work or would it still
: be a breach of the security measures that
: stop you from prefilling form fields?
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

<input type="file"> does not have a value attribute -- sorry.  you can't
preset values for it no matter how you try.

you're either going to have to use some sort of alternative file upload
approach like ftp or some off-the-wall plug-in that allows drag-and-drop
upload functionality.  however, if this absolutely has to be
cross-browser/non-script compatible, then you're going to have to teach the
user how to use a file zipping program and unzip the stuff on the server.

<tip type="file uploading">

if your users are a win/ie4+ only crowd then you might look into
activeupload.  it's not free, but if ultimate usability is necessary -- this
just might be worth it.

http://www.activeupload.com/main.asp

</tip>

good luck,

.jeff

name://jeff.howden
game://web.development
http://www.evolt.org/
mailto:jeff at members.evolt.org

More information about the thelist mailing list