While working to restrict an upload I came across an interesting issue with CFFILE. Lets say that this is your code:

view plain print about
1<cffile action="upload" filefield="Form.Photo" destination="#Path#" nameconflict="makeunique" result="Thumb" accept="image/*">

The "accept" attribute would restrict to only file with an image mime type. The "thumbs" var names in the results attribute will contain the results of the CFFILE action. If the "result" attribute is omitted the results will end up in a "cffile" var.

Lets say a user uploads a text file instead of an image. We need to check to see if cffile processed the file. This is where the odd behavior comes in.

First, an error will be thrown that has to be trapped. There is no "onError" mechanism built into cffile. Easiest thing to do is to wrap it in a cftry. You can then look at the cfcatch.message for the error.

Next, if there was an error and we tried to check the "thumbs" var we would get another error. This is because the var does not exist. However, if you check for a "cffile" var it is an empty struct.

From what I can tell, if the file does not pass the accept check it is not written to the server. This means there is no cleanup to deal with.

So, the moral of this story is that I wish that cffile had an internal way to handle this. I don't think that wrapping it in a cftry is the best solution.

Till next time,

--Dave