I want to show confidential files to the browser but the files are outside of the www folder so I need to make some processing in coldfusion as the files are somehow protected from public.
So I am converting the physical files, from the server directory, to binary data then base-64 to show them to the browser. Perhaps Something I am missing even though I am very close to it.
If there is something better than the "blobs" approach let me know.
variables.filePath = expandPath('../uploads/myfile.pdf');
local.myFile = fileReadBinary(variables.filePath);
local.myFile = toBase64(local.myFile,'utf-8');
writeOutput('<object data="data:application/pdf;base64,#local.myFile#"></object>');
https://cfdocs.org/filereadbinary
https://cfdocs.org/tobase64
Related
I'm having a Django stack process issue and am wondering if there's a way to request user input.
To start with, the user is loading Sample data (Oxygen, CHL, Nutrients, etc.) which typically comes from an excel file. The user clicks on a button indicating what type of sample is being loaded on the webpage and gets a dialog to choose the file to load. The webpage passes the file to python via VueJS/Django where python passes the file down to the appropriate parser to read that specific sample type. The file is processed and sample data is written to a database.
Issues (I.E sample ID is outside an expected range of IDs because it was keyed in wrong when the sample was taken) get passed back to the webpage as well as written to the database to tell the user when something happened:
(E.g "No Bottle exists for sample with ID 495619, expected range is 495169 - 495176" or "356 is an unreasonable salinity, check data for sample 495169"). Maybe there's fifty samples without bottle IDs because the required bottle file wasn't loaded before the sample data. Generally you have one big 10L bottle with water in it, the ocean depth (pressure) and bottle ID where the bottle was closed is in a bottle file, and samples are placed into different vials with that bottle's unique id and the vials are run thought different machines and tests to produce the sample files.
My issue occurs when the user picks a file that contains data that has already been loaded. If the filename matches the existing file data was loaded from I clear data associated with that file and reload the database with the new data, sometimes data is spread over several files that were already loaded and uploader will merge all the files, including some that weren't uploaded, together.
A protocol for uploading data is for the uploader to append/prepend their initials onto a copy of a file if corrections were made and not to modify the original file; a chain of custody. Sometimes a file can be modified by multiple people and each person will create a copy and append/prepend their initials so people will know who all touched the data. (I don't make the rules I just work with what I have)
So we get all the way back to the parser and it's discovered the data already exists (for a given sample ID), but the filename is different. At this point I want to ask the user, do you want to reload all the data loaded from the other file, update existing data with the new file or ignore existing data and only append new data.
Is there a way for Django to make a request to the webpage to ask the user how it should handle this data without having to terminate the current request? - which the webpage is waiting for a response from the server to say the data was loaded and what errors with the data might have been found -
My current thoughts are to:
Ask the user before every file upload how a collision should be handled, if it happens
Or
Abort the data load, pass an error with a code back to the webpage, the error code indicates to the webpage that the user has to decide what to do. Upon the user answering, the load process is restarted with the same file, but with a flag to tell the parser what to do when the issue is eventually encountered again.
Nothing is written to the database until a whole file is read so no problem aborting the process and restarting if the parser doesn't know what to do, but I feel like there might be a better way.
I'm serving unversioned files via fossil's uv function. Now, this works fine for files without file extension and for archives. But I need to serve a .txt file. The problem now is that it gets delivered as a HTML page including the fossil web layout around it.
Is there a way to tell fossil to not do that, and instead deliver it as a raw .txt file?
You can specify a mimetype parameter on the URL. For example, mimetype=application/octet-stream will cause it to be offered as download.
For example, instead of https://www.fossil-scm.org/index.html/uv/download.html, you’d put https://www.fossil-scm.org/index.html/uv/download.html?mimetype=application/octet-stream.
Fossil reacts to the following mimetypes by putting headers around them:
text/x-fossil-wiki
text/x-markdown
text/html
text/plain
Unfortunately, all other mimetypes appear to lead to the browser downloading the unversioned file instead of displaying it.
If that's a problem, you could try a mimetype of text with no suffix.
Otherwise, you can post on Fossil's support forum. Either as a question or as a feature request. :-)
My problem seems similar to Not able to visualize a loaded data , but I have no console errors and I have already added the '-allow-file-access-from-files' flag to my Chrome Browser. Here's my Java coding,
window.onload = function() {
var r = new X.renderer3D();
r.init();
pros = new X.mesh();
pros.file = 'file:///C:/Users/Nathan/Downloads/JB Farmer STL ACII.stl';
pros.caption = 'Prosthetic';
r.add(pros);
r.render();
};
Should I "play around" with with camera position, I know I have to do that in Three.js.
Maybe the model needs normals? I'm not sure if it does or not. I haven't worked with 3D modeling, besides Three.js.
Update: Ummmm, I'm not sure what is going on with this, but I realized that XTK generated 2 canvases . I looked at the first two Lessons and they have one.
^ Now eliminated the extra canvas, must have copied a piece and that was in there.
For the moment, the loader of xtk doesn't seem to be done for local. I mean : it uses an XMLHttpRequest (XHR) to get the file with a GET request. First of all the request must be sent to something that can handle it (a server or localhost emilated by Wamp or equivalent). Then let's imagine if one broswer, no matter what one, allows XHR on a file at client side by his url, and imagine I'm a pirate and you come on my website. I know Windows well, I know in C:/Windows/System32 there always is a file where I can find your personals data. What do I do ? An XHR ! You've been hacked. It's a story but you see the idea.
That's why the only ways allowed by browsers to access local files are HTML5 File API & HTML5 Drag&Drop API (unfortunately...). Actualy a way to go through that limitation is having binary code at the client side (flash, java applet). The client is the only one who can ask to open a file or drop a file, so the browser is sure there won't be any security failure because of him.
So you should test it with something like Wamp and access your file with an url like "http://localhost/.../myfile.stl" or the relative url "/.../myfile.stl", or do the following if you realy want local files.
A few weeks ago I wrote my own parser for a private format for xtk and from local file, it worked well, I just used HTML5 APIs to read the file and get a String or BinaryArray from it and then wrote a parser that transformed it in a X.mesh. So I think the best would be to extend the X.loader for HTML5 file APIs, or like me to manualy load the file.
The following jsFiddle from Haehn helps : here !
What happens if you modify the filename with no space?
JB Farmer_STL_ACII.stl instead of JB Farmer STL ACII.stl
I need to provide non-techie user ability to reliable download a few large files (3Gb) from URL without revealing the source URL of the file. Ideally I need single exe (without dependencies) that will download file from URL, specified inside exe: when user click on exe it just need show prompt where to save the file, and(optionally) will provide the user with some progress bar, for instance. The target URL can be specified directly in
the resource section, so I can edit URL path with HEX editor when I need set another path.
Wget are not suitable in my case, as its command line utility and requires user to specify an URL.
You could use the URLDownloadToFile function. Implement the IBindStatusCallback interface to receive progress information.
You really can't hide the source URL. Why are you trying to do that? If an end user runs tcpdump while they are running your program, they'll see where packets are coming from and going to.
I'd just provide them with a small batch file which calls ftp.exe. Tell your end user to drop the .BAT file where the downloaded file should go, and click it.
That solves quite a few problems, e.g. you know that your end user will be able to find the directory.
I have a JQUERY file upload plug-in which allows users to upload files to the Coldfusion server. The plugin submits the files to the server in a way that requires me to use GetHttpRequestData() for the files contents. Here's what I have so far in terms of handling the file data:
<cfparam name="URL.qqfile" type="string">
<cfset x = GetHttpRequestData()>
<cffile action="write" output="#x.content#" file="c:\temp\#URL.qqfile#">
This works, which is nice, but I can't seem to take this to the next step.
What I want to happen next is:
A. Determine the file's extension.
B. If it is an accepted ext defined by my app, (JPG,PNG,PDF, DOC, DOCX, etc...) upload it to the correct directory on the server. Then delete the temp file above
C. Use CFIMAGE to make a thumbnail if the file uploaded was an Image
How can I take the above through steps A-C with the GetHttpRequestData problem?
Thanks
A few tips:
Have a look at the result structure of GetHttpRequestData() via <cfdump>.
Pull out the necessary headers by accessing this struct. The Content-Type header usually contains the stuff you want to know. You can use the List functions (i.e. ListLen(), ListFirst(), ListLast(), ListRest() with appropriate delimiter chars) to easily parse the string.
Always use StructKeyExists() to safeguard against missing struct parts. Never take for granted anything that "typically" seems to be in this struct.
Don't blindly trust file extensions or the Content-Type header. Also look into the first few bytes of the uploaded file and compare them against a white list to confirm the file type.
Have a look at <cffile action="upload">.
Optionally, perfom a drive space test to assess if the uploaded data does not clog the server, or enforce limits in another way that suits you.
Read through the documentation of <cfimage>. It can't be that hard to use it to make thumbnails.