tracker issue : CF-4203258

select a category, or use search below
(searches all categories and all time range)
Title:

cffile action=upload should allow file extensions when strict is true

| View in Tracker

Status/Resolution/Reason: To Test//NeedMoreInfo

Reporter/Name(from Bugbase): Peter Freitag / ()

Created: 08/09/2018

Components: Tags

Versions: 13.0

Failure Type: Incorrect w/Workaround

Found In Build/Fixed In Build: 2018.0.0.310739 /

Priority/Frequency: Normal / Some users will encounter

Locale/System: ALL / Platforms All

Vote Count: 0

Problem Description: Using file extensions is actually a better than MIME type checking, however if you specify a list of file extensions in the accept attribute, then you must set strict="false" otherwise you get an exception:

When the value of the attribute STRICT is TRUE, it requires valid MIME types in the attribute(s): ACCEPT.


Steps to Reproduce: Create a page with: <cffile action="upload" accept=".pdf" formfield="file">

Actual Result: Throws exception "When the value of the attribute STRICT is TRUE, it requires valid MIME types in the attribute(s): ACCEPT." Note this is not new for CF2018, it goes back to CF10 initial release.

Expected Result: It should allow file extensions when strict=true. Ideally you could introduce a new attribute then we could do this: <cffile action="upload" strict="true" accept="application/pdf" extensions=".pdf" formfield="file"> then it could check BOTH the mime type and file extensions.

Any Workarounds: You have to explicitly set strict="false" when using a file extensions in accept attribute, eg  <cffile action="upload" accept=".pdf" formfield="file" strict="false">

Attachments:

Comments: