Skip to content

Instantly share code, notes, and snippets.

@tristanlee85
Last active August 29, 2015 14:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tristanlee85/7e14f12499170d34246c to your computer and use it in GitHub Desktop.
Save tristanlee85/7e14f12499170d34246c to your computer and use it in GitHub Desktop.
cfml-.equals
var local.tempFile = createObject("java", "java.io.File").init(getTempDirectory() & arguments.filenameExample);
// throws "Invalid CFML construct" at .equals()
if (!local.tempFile.getCanonicalFile().getName().equals(local.tempFile)) {...}
// no error when assigned to a variable
var local.tempFileName = local.tempFile.getCanonicalFile().getName();
if (!local.tempFileName.equals(arguments.filenameExample)) {...}
@tristanlee85
Copy link
Author

@ryanguill,

Good catch on the code. I had the argument for .equals() wrong when I typed this out. I should have just copied and pasted my actual app code. The point of the code is to be able the validate if the filename can be written to the disk as is. Here's the full example:

    try {
        local.tempFile = createObject("java", "java.io.File").init(getTempDirectory() & arguments.filenameExample);
        local.tempFileName = local.tempFile.getCanonicalFile().getName();

        // The name of the file in canonical form should equal the filenameExample
        if (!local.tempFileName.equals(arguments.filenameExample)) {
            throw (message = "File Name provided is invalid");  
        }

        // Write the file to disk to validate it's an acceptable name
        local.tempFile.createNewFile();
    } catch (any e) {
        addError("filenameExample", e.message);

        // Delete the file if written
        if (structKeyExists(local, "tempFile") && local.tempFile.isFile() && local.tempFile.exists()) {
            local.tempFile.delete();    
        }
    }

hfgdfdh$R(*^&^...^.pdf is a writable file for Unix platforms.

hfgdfdh$R(*/^&^...^.pdf is invalid because the canonical form of the File's name is ^&^...^.pdf (due to the forward slash).

And I am not shocked at all that is works on Railo, but not CF10. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment