ExpandPath and Dynamic File Names

Posted At : August 13, 2007 4:50 PM | Posted By : Steve
Related Categories: ColdFusion

This is a short one. I just discovered today, that if you have a dynamic file name from a file that a user has uploaded, you should not include it in ExpandPath.

Take for example, the following variables (the first one being retrieved from a query):

<cfset filename = qRecord.FileName>
<cfset folder = "/files/">

Historically, I have retrieved the full path of the file using code similar to this:

<cfset filepath = ExpandPath("#folder##filename#")>

It turns out, however, that this code is better:

<cfset filepath = "#ExpandPath(folder)##filename#">

The reason for this is that the file name could be anything. In my case, I ran into a filename that included the characters "..", causing ExpandPath() to get the wrong folder for the first example (but not the second).

Just thought I would share this to save others the same trouble.

Print |

Digg It! |

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

There are no comments for this entry.

[Add Comment]

Archives By Subject

Brownfield Development (1) [RSS]
CF_BlogPicks (50) [RSS]
CF_DMQuery (3) [RSS]
CFUG (9) [RSS]
CodeCop (7) [RSS]
ColdFusion (154) [RSS]
ColdFusion Builder (2) [RSS]
com.sebtools (45) [RSS]
CSS (21) [RSS]
DataMgr (83) [RSS]
Frameworks (13) [RSS]
Git (3) [RSS]
HTML (11) [RSS]
JavaScript (10) [RSS]
Layout Components (5) [RSS]
Mailer.cfc (9) [RSS]
Neptune (8) [RSS]
Neptune Programs (4) [RSS]
OO Principles (9) [RSS]
Page Controller (6) [RSS]
Personal (27) [RSS]
Productivity (14) [RSS]
Railo (2) [RSS]
RSS Reader (1) [RSS]
sebtags (19) [RSS]
SpamFilter (7) [RSS]
SQL (16) [RSS]
StarterCart (2) [RSS]
SVG (1) [RSS]
Testing (7) [RSS]
Usability (15) [RSS]
Web Servers (4) [RSS]
Windows (1) [RSS]

Badges

Calendar

Latest from MXNA

Feed temporarily down.

NAVIGATION

Blog Home
Site Home

Recent Entries

Seeking a JavaScript Framework (Part 1: Criteria)

Recent Comments

Pluralizing in ColdFusion
Steve Bryant said: James, Sorry I missed your comment earlier. I haven't compared to other libraries. I didn't even kn... [More]

Pluralizing in ColdFusion
James Moberg said: Have you compared the results with other libraries? I use an inflector CFC and I see that some of t... [More]

Git Branching Strategy for Web Development
Thomas said: Hi Steve, thanks a lot for this post. While considering Git Web Flow for our branching strategy, t... [More]

Getting Around Windows 7 "Destination Path Too Long" Error When Deleting Files
MxP said: The above robocopy command worked like a charm! I had a deeply nested folder structure that I wante... [More]

New Open Source ColdFusion Shopping Cart
Paul said: I gave up on this after all kinds of pathing issues. Couldn't be bothered tracing where to change th... [More]

RSS

Search

Subscribe

Enter your email address to subscribe to this blog.

Tags

cf_blogpicks coldfusion com.sebtools css datamgr frameworks html javascript personal productivity sebtags sql usability

BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.