CFMail attachment filename broken in ColdFusion 2016 on Windows server - coldfusion

I'm moving a site from CF10 on Linux to CF2016 on Windows, and have run into an issue with file attachments with cfmail.
I'm attaching the file in cfmail with;
<cfmailparam file="#FileName#">
and have also tried variations with and without disposition and type like:
<cfmailparam file="#FileName#" disposition="attachment;
filename=""#FileName#"""
type="#ContentType#/#ContentSubType#">
But no matter what, on CF2016 on Windows, my attachments names in Outlook come through as ATT00160.dat (without type set) or ATT00169.xlsx (with type set)
It seems filenames over a certain length cause the issue. A filename of 64 characters will break it, but a smaller filename, of say 49 characters, won't.
Viewing the message source in Outlook, from the cfmail sent from Windows, I see the value below. Notice under content-type the name has been split?
Content-Type: application/octet-stream;
name*0=BLAH_BLAH1_Ownership_Database_Issue_2018-01_In_Development2.;
name*1=xlsx
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename*0=BLAH_BLAH1_Ownership_Database_Is;
filename*1=sue_2018-01_In_Development2.xlsx
The same attachment sent with cfmail, from Linux, gives me:
Content-Type: application/octet-stream;
name=BLAH_BLAH1_Ownership_Database_Issue_2018-01_In_Development2.xlsx
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename*0=BLAH_BLAH1_Ownership_Database_Is;
filename*1=sue_2018-01_In_Development2.xlsx
Note the content-type name has not been split.
Anyone have any ideas on how to fix this issue?

So, I finally sorted it. You need to manually put the file name in the type:
<cfmailparam file="#FileName#"
type="#ContentType#/#ContentSubType#;name=""#FileName#""">
I've never needed to do that previously. I don't know if this is a Windows server, CF2016 or SmarterMail (our mail server) thing, but if you run into the same issue, the above worked for me.

You might also see my report to Adobe Bug tracker. I have had trouble with long file name attachments ever since Coldfusion switched to the newer Javamail.
https://tracker.adobe.com/#/view/CF-4199784

Related

Google server is responding with an outdated html file

I'm learning socket programming using C++ , so as a project I thought of a software that downloads all image search results for a certain search(eg."cats"),
I'm using WinHttp and the exemple in here
and giving it :
the server name L"www.google.com"
object L"/search?q=cats&source=lnms&tbm=isch&sa=X&ved=0ahUKEwiP9M3gtZTPAhXLKMAKHYSyDqIQ_AUICCgB&biw=1152&bih=634#q=cats&tbm=isch&tbs=isz:l "
The problem is that the HTML file in the response message contains what it seems to be an "Outdated" file That doesn't contain links to the real images, here it is (I can't give you the whole html file it's too long but here is an image
Research:
I first thought it was a user-agent problem so I added user-agent header, but it didn't work.
The Problem:
I want to get the same HTML result that I get when I search my browser for the same object
I found the problem it was the user-agent , just copied the user-agent from my browser

ColdFusion 10 CFFILE Accept mimetype not recognised

I'm having problems uploading WMV and MPEG files, 'video/x-ms-wmv' (etc) are on the accept list - I get an error of
The MIME type or the Extension of the uploaded file
application/octet-stream was not accepted by the server
Using Chrome, I check the header and it reads
Content-Disposition: form-data; name="fv_file"; filename="blahblah.wmv"
Content-Type: video/x-ms-wmv
the Client machine also has the WMV registry entry which appears correct.
Server side
Apache is configured to use the OS mime type file: /etc/mime.types.
This file contains entries for wmv and mpeg:
video/x-ms-wmv wmv
video/mpeg mpeg
How does CF10 determine the mimetype? I'm struggling to find out this information.
Does anyone have a solution?
Thanks
edit- Added Code
<cffile action="UPLOAD" filefield="fv_file" destination="#pathtotheserverroot##mediadir#/video/" nameconflict="MAKEUNIQUE" accept="#qry_xxxx.OT_MIMETYPES#" mode="644">
The value of OT_MIMETYPES is
video/mp4,video/mpeg,video/quicktime,video/x-msvideo,video/x-sgi-movie,video/avi,video/vnd.vivo,application/vnd.rn-realmedia,video/vnd.rn-realvideo,audio/vnd.rn-realaudio,audio/x-pn-realaudio,video/x-ms-wmv,audio/mpeg,video/mpg,video/mpe,video/x-ms-asf,video/x-m4v
I did a CFDUMP for completeness
Accept video/mp4,video/mpeg,video/quicktime,video/x-msvideo,video/x-sgi-movie,video/avi,video/vnd.vivo,application/vnd.rn-realmedia,video/vnd.rn-realvideo,audio/vnd.rn-realaudio,audio/x-pn-realaudio,video/x-ms-wmv,audio/mpeg,video/mpg,video/mpe,video/x-ms-asf,video/x-m4v
Detail Only files of type video/mp4,video/mpeg,video/quicktime,video/x-msvideo,video/x-sgi-movie,video/avi,video/vnd.vivo,application/vnd.rn-realmedia,video/vnd.rn-realvideo,audio/vnd.rn-realaudio,audio/x-pn-realaudio,video/x-ms-wmv,audio/mpeg,video/mpg,video/mpe,video/x-ms-asf,video/x-m4v can be uploaded. Verify that you are uploading a file of the appropriate type.
Message The MIME type or the Extension of the uploaded file application/octet-stream was not accepted by the server.
MimeType application/octet-stream
I will have to speculate until I can see your <cffile> code but my guess is that you have not allowed the appropriate mime type under the accept attribute of the <cffile> tag.
Now that you have included your code my assumption has been confirmed: you have not allowed the appropriate mime type under the accept attribute of the <cffile> tag.
See below for further details.
Several changes were made to how the <cffile> tag works in ColdFusion 10. You may or may not be aware that in ColdFusion 10 they added the strict attribute to the tag (documentation reference).
When strict is true, only MIME types or a combination of MIME types and extensions are allowed in the accept attribute. Since strict is true by default, you should specify MIME types for the accept attribute.
When strict is false, either MIME types or extensions or a combination of both can be specified as a value to the accept attribute. For more information, see this blog entry.
Not only was that attribute added, but the default value for the strict attribute is true. So because you have not specified it within your code it is on.
Note: If you receive an error like "The MIME type of the uploaded file (image/jpeg) was not accepted by the server", enter accept="image/jpeg" to accept JPEG files.
Taken from the Adobe documentation here. From the error message that you have posted an attempt was made to upload a file with mime type of "application/octet-stream". You appear to be expecting "video/x-ms-wmv". So you can try to figure out why your browser is attempting to upload the file as "application/octet-stream" or add that mime type to your accept attribute. WARNING: that will also allow other types of files to be uploaded that you probably don't want.
The cffile accept attribute uses the mime type that your browser sends to the server. Read that again... your browser tells cffile what the mime type is. It's very easy to spoof the mime type
Taken from Pete Freitag's page on Tips for Secure File Uploads with ColdFusion. (An older article but still has relevant tips.)
A couple of other references I found that may be helpful:
Adobe forums - cffile MIME types
Learn CF In A Week - File Uploads
How is mime type of an uploaded file determined by browser?
Answer to Why am I getting mime-type of .csv file as “application/octet-stream”?
You may have some odd mime type. If you use a try/catch block around your tag, you can display the full error message.
Example:
<cftry>
<cffile accept="video/x-ms-wmv" action="upload" destination="#ExpandPath('/client-images/')#" filefield="form.UploadFile" nameconflict="makeunique">
<cfcatch type="any">
<cfdump var="#cfcatch#" label="cfcatch">
</cfcatch>
</cftry>
The dump will display the mime type that ColdFusion thinks that was uploaded.
This is for development/analysis only, you wouldn't want to present the dump to regular site visitors.

Text files uploaded to S3 are encoded strangely?

This is the strangest error, and I don't even know where to start understanding what's wrong.
S3 has been working well, up until suddenly one day (yesterday) it strangely encodes any text file uploaded to strange characters. Whenever a text file has Å, Ä, Ö or any other UTF-8 comparable but none English characters, the text file is messed up. I've tried uploading using various clients, as well as the web interface of AWS. The upload goes well, then I download the file and it's messed up. I've tried downloading it to my Mac, I've tried downloading it onto a Raspberry with Linux on it. Same error.
Is there any encoding done by Amazons S3 servers?!
I had the same problem and I solved it by adding charset=utf-8 in properties -> metadata of the file
You can explicitly set the "Content-Type: text/plain; charset=utf-8", on the file in the S3 console.
This will tell S3 to serve as text.
For those who are using boto3 (python 3) to upload and are having strange characters instead of accentuation (such as in portuguese and french languages, for example), Toni Chaz's and Sony Kadavan's answers gave me the hint to fix. Adding ";charset=utf-8" to ContentType argument when calling put_object was enough to the accentuation be shown correctly.
content_type="text/plain;charset=utf-8"
bucket_obj.put_object(Key=key, Body=data, ContentType=content_type)
Adding <meta charset="utf-8" /> in the <head> of the .html files fixed the problem for me.
Not sure why, but the answer from Sony Kadavan didn't work in my case.
Rather than:
Content-Type: text/plain; charset=utf-8
I used:
Content-Type: text/html; charset=utf-8
Which seemed to work.
In my problem I got the problem with reading file form the filesystem as UFT8 too,, so I got the wrong file encoding in s3 until I have added
InputStreamReader isr = new InputStreamReader(fileInputStream, "UTF8");
instead of
InputStreamReader isr = new InputStreamReader(fileInputStream);
please note of this possible problem too
If your data includes non-ASCII multibyte characters (such as Chinese or Cyrillic characters), you must load the data to VARCHAR columns. The VARCHAR data type supports four-byte UTF-8 characters, but the CHAR data type only accepts single-byte ASCII characters.
Source: http://docs.aws.amazon.com/redshift/latest/dg/t_loading_unicode_data.html

Is to possible to find filename from http headers

Usually when downloading files, suppose using QNetworkAccessManager, the filename is not present at the end of link. How to get proper file names in that case. Even if link doesn't contain a hint of name, firefox always downloads the file with its proper name and extension. We can get a hint of extention using mime-types but what about file names.
Yes. It's the Content-Disposition: attachment; filename=<file name.ext> header. There's a strong suggestion to set the content type to application/octet-stream so browsers and their plugins are not tempted to open it instead.

prevent absolute file path in Content-Disposition "filename"

I have a simple HTML Form
<form id="uploadForm" method="post" action="/cgi-bin/test.cgi" enctype="multipart/form-data">
<input type="submit" name="add_something" value="add">
<input size="50" type="file" name="myFile" accept="application/zip">
</form>
In addition I do some web page localization on server side by checking user browser locale or searching for a self set language session cookie.
If I upload a file with
Iron 18.0.1050.0
Opera 11.64.1403
Firefox 3.6.27
Firefox 12.0
Google Chrome 19.0.1084.52
SeaMonkey 2.9.1
all works fine. But If I upload a file with
IE 9.0.8112.16421
Maxton 3.3.8.3000
the localization fails. I detected the issue inside the HTTP request:
Opera 11
Content-Disposition: form-data; name="myFile"; filename="ziptest.zip"
Content-Type: application/zip
and IE 9
Content-Disposition: form-data; name="myFile"; filename="C:\Documents and Settings\m1krsch\Documents\Now Some Spaces\ziptest.zip"
Content-Type: application/x-zip-compressed
If I remove the spaces from the path all works fine in IE and Maxton.
Neighter can I exchange the used cgicc library because it is fixed part of the project nor can I force a user to use a path without spaces. How can I circumvent this issue? Is there a way to force IE/Maxton to use the filename instead of the abolute filepath? Or can I set a specific parameter in cgi/env to prevent transmission of abolute filepath?
[EDIT]
I found out that this is a security issue in IE and Maxton. The security zone model of IE allows by default to "Include local directory path when uploading files". I can disallow this behaviour only by changing the client configuration but I am still searching for an application-based solution.
[/EDIT]
Try replacing the spaces with '%20':
"C:\Documents%20and%20Settings\m1krsch\Documents\Now%20Some%20Spaces\ziptest.zip"
I found a stupid error in my localization code. I am using RapidXML for this and encapsulate the whole localization code and RapidXML headers in one class. Unfortunately I did not read the documentation very careful. The data inside vector<char> object - which is holding the XML document data - is not copied into the XML document object xml_document<> by using the parse() method as expected. This looks like procedural C code to me and is in my opinion bad OOD. The documentation says:
3.1 Lifetime Of Source Text
In-situ parsing requires that source text lives at least as long as the document object.
The problem vanished when I corrected my code to get a global vector<char> object inside my localization class.
Nevertheless I am perplexed why mostly all other browsers have no problem with my old code.