tracker issue : CF-4199503

select a category, or use search below
(searches all categories and all time range)

fileUpload needs the continueOnError property

| View in Tracker

Status/Resolution/Reason: To Fix//EnhancementRequired

Reporter/Name(from Bugbase): Priyank Shrivastava / Priyank Shrivastava ()

Created: 08/17/2017

Components: File Management, CFFile

Versions: 2016

Failure Type: Others

Found In Build/Fixed In Build: /

Priority/Frequency: Minor /

Locale/System: / Win 2012 Server x64

Vote Count: 1

Currently if you want to upload a file in script syntax and check errors you have to try-catch the fileUpload() method. 

This causes a few problems, including but not limited to the following two:

1. If the user uploads a file of a MIME type that you're not accepting, you have to either trust that ClientFileExt is legit (which cannot be trusted in malicious cases or, as we have found, even the case of jpegs and pngs) or report back the MIME type they have used. This is bad UX and it would be better to report back that their file extension shows as 'x' but is in fact a 'y' file

2. If you want to report an error on an empty file, the best we can find so far is to test if the error.message value contains "no data was received"

All in all, having the server-side file information as well as the error information without having to catch and make educated guesses would be ideal



cffile action="upload:" supports property continueonerror. Could you please check and confirm on this?
Comment by Poonam J.
407 | August 21, 2017 06:11:02 AM GMT
While the tag syntax certainly has 'continueOnError' but there is no equivalent for this in the script syntax.
Comment by Simranjit S.
408 | August 23, 2017 11:02:16 AM GMT
Exactly as Simranjit has said - fileUpload (the script syntax version of cffile action="upload") is the subject of this issue. The continueOnError property has been supported by the tag for some time, but not the script. Ending a cfscript to do a cffile action="upload" then to re-open a cfscript on the next line would be an odd way to code to say the least
Comment by SDC W.
409 | September 04, 2017 08:30:54 AM GMT