Restricting upload file type in Coldfusion19 Apr 2007 | Comments
On one of the projects that I am working on, I am required to create an upload form that will only accept CSV file. Since CFFILE has an accept tag, I thought this obviously the answer to the requirement, so I thought below would work: <cffile action=”upload” filefield=”filename” nameconflict=”makeunique” destination=”#customerDirectory#” accept=”text/csv”>
Since accept tag is supposed to be a MIME type, I googled away MIME types associatedw with CSV and I found text/csv and application/csv, I tried those two but they didn’t work, CF rejected my file.
I finally found that “application/octet-stream” would work, and yes it does work, however it also accepts a whole lot of other files.. I created 2 files using notepad called 1.sql and 1.txt the one with sql extension is accepted whilst txt one does not, funnily enough.
I asked Ben and this is his reply: As you are finding out, the “Accept” attribute of the CFFILE tag is less than perfect. The problem is that it checks the MIME type of the file. How is that MIME type set in the file you are working with? No idea, but clearly, it is not the best system. And, application/octet-stream is a kind of “Catch-all” for mime-types. The octet-stream is basically a flag for “i don’t know what this is”.
Then, there is an issue as to what a CSV file is. Is it a file with a “.csv” extension? Is a text file with a .txt extension that has CSV data? </i> So, I guess I will have to go with checking the file extension (and possibly reading the file) post upload.