DEV Community

James Moberg
James Moberg

Posted on

2 1

Identifying Random Uploaded Form Files

I'm developing a flexible processing CFML script that accepts (authenticated) FORM posts and processes the data. The data is stored based on form field prefixes, but I don't have any hints regarding which fields may contain a file when processing a "multipart/form-data" form posts. I found Ryan Stille's blog post from 2012 entitled "Getting the client filename before using cffile", but it didn't work with Lucee.

I've been using Ryan's Adobe ColdFusion-only UDF for a couple years, but I need a cross-compatible solution since I'm attempting to migrate some projects to Lucee. I searched & couldn't find anything, so I thought I'd try my hand at it. (I'm not 100% sure if this is the best way to do it since it uses an undocumented method.)

The benefit to this approach is that it returns a single struct containing keys that match all form "file" field names with extra information identifying the original filename, type, size and temporary file path. Enjoy!

getFormFiles UDF (cross-compatible cfml)

https://gist.github.com/JamoCA/524b68b4fbbbf884da7f631e697defbd

<!--- 2022-05-05: getFormFiles UDF for Adobe ColdFusion and Lucee
Gist: https://gist.github.com/JamoCA/524b68b4fbbbf884da7f631e697defbd
Blog: https://dev.to/gamesover/identifying-random-uploaded-form-files-57n7
--->
<cfscript>
public struct function getFormFiles() output=false hint="I return a struct with all form field & file data from a form post" {
if (cgi.request_method neq "post") return {};
local.result = [:];
local.isLucee = server.ColdFusion.ProductName is "lucee";
local.tmpPartsArray = (local.isLucee) ? form.getRaw() : form.getPartsArray();
if (local.keyExists("tmpPartsArray")) {
local.javaFile = createObject("java", "java.io.File");
for ( local.tmpPart in local.tmpPartsArray ) {
local.tempPath = form[local.tmpPart.getName()];
local.isLuceeFile = local.isLucee && listLast(local.tempPath,".") is "upload" && fileExists(local.tempPath);
if ( local.isLuceeFile || (!local.isLucee && local.tmpPart.isFile())) {
local.data = [:];
if (local.isLucee){
local.data["name"] = GetPageContext().formScope().getUploadResource(local.tmpPart.getName()).getName();
} else {
local.data["name"] = local.tmpPart.getFileName();
}
local.filesize = local.javaFile.init(javacast("string", local.tempPath));
local.data["size"] = local.filesize.length();
local.data["type"] = fileGetMimeType(local.tempPath);
local.data["tempPath"] = local.tempPath;
local.result[local.tmpPart.getName()] = local.data;
}
}
}
return local.result;
}
</cfscript>
<cfif cgi.request_method is "post">
<cfdump var=#getFormFiles()# label="getFormFiles()">
</cfif>
<cfoutput>
<form action="#CGI.script_Name#<cfif len(CGI.Query_String)>?#CGI.Query_String#</cfif>" method="POST" enctype="multipart/form-data">
<input type="hidden" name="fieldToIgnore" value="1">
File <input type="file" name="RandomFile_#getTickCount()#" required>
<button type="submit">Upload</button>
</form>
</cfoutput>

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Retry later