how to save xml in user's computer in coldfusion? - web-services

I am invoking a ColdFusion webservice through cfinvoke
<cfinvoke
method="getUsers"
returnvariable="rawXMLUserList"
webservice="http://www.xyz.com/getusers.cfc?wsdl"
>
<cfinvokeargument name="userid" value="123">
</cfinvoke>
And I am storing XML returnvariable into userList variable
<cfset userList = XmlParse(rawXMLUserLis)><br/>
how to save abc.xml on user's computer, using cffile it is saving on server's computer, i have to save it on user's computer who invokes this "getUsers" method.
Thanks
Kishor

When you run XMLParse(), you're turning it into a CF XML Document Object. You need to use ColdFusion's toString(xmlObject) function when outputting it.
<cfheader name="content-disposition" value="attachment;filename=abc.xml">
<cfcontent type="application/xml;charset=utf-8" reset="true">
<cfoutput>#toString(userList)#</cfoutput>
Another way is to write the file to a web directory (cffile action=write) and then cflocation the user to the file.

You need to tell the user's browser to download the file, not display it. Generally with something like this (not tested):
<cfheader name="content-disposition" value="attachment;filename=abc.xml">
<cfcontent type="application/xml;charset=utf-8" reset="true">
<cfoutput>#userList#</cfoutput>
cfheader generates a custom HTTP header.
cfcontent sets the MIME content encoding header for the page.

Related

Enctype issue when I try to upload a file with a Coldfusion webservice

Can't get to work a Coldfusion webservice that uploads a file in an external server.
My application runs in "Server A" and the file repository (external server) is in "Server B"
The template (inicio.cfm) which contains the form with the <cfinput type="file"> to select the client's file to be uploaded, is stored in "Server A". This template performs more tasks than just show the upload form. It performs calculations, queries, etc. outside the form's code block. Also, the action page of this form is the template itself (because of my application's needed tasks).
The first code line of my form definition is (inside inicio.cfm):
<cfform method="post" name="AltaConvocatoria" enctype="multipart/form-data">
Which demonstrate that I'm using the right enctype definition.
In the other hand, stored in "Server B" is my Coldfusion component or webservice (alta_ga.cfc) which only task is to upload the file selected by user in "inicio.cfm" form and rename it.
Here's alta_ga.cfc code:
<cfcomponent>
<cffunction access="remote" returntype="void" name="cargaAnuncio">
<cfargument name="destinoAnuncio" required="yes" type="string">
<cfargument name="PrefijoNvoNombre" required="yes" type="string">
<cffile action="upload"
fileField="str_ArchivoAnuncio"
destination="#destinoAnuncio#"
nameconflict="Overwrite">
<cfset NvoNomAnuncio = #PrefijoNvoNombre# & #Right(cffile.ClientFile, 5)#>
<cfset viejoNombre1 = #destinoAnuncio# & #cffile.ClientFile#>
<cffile
action = "rename"
destination = "#NvoNomAnuncio#"
source = "#viejoNombre1#">
</cffunction>
</cfcomponent>
For that pupose, I invoke the webservice from the form's action code block in inicio.cfm with this:
<cfinvoke webservice="http://192.168.208.128/podi/mgmt/alta_ga.cfc?wsdl" method="cargaAnuncio" >
<cfinvokeargument name="destinoAnuncio" value="#form.destinoAnuncio#" />
<cfinvokeargument name="PrefijoNvoNombre" value="#form.PrefijoNvoNombre#" />
</cfinvoke>
When I try to load a file using my form's template inicio.cfm I get this message:
Cannot perform web service invocation cargaAnuncio.
The fault returned when invoking the web service operation is:
'' podi.mgmt.PodiMgmtAlta_gaCfcCFCInvocationExceptionException: coldfusion.tagext.io.FileUtils$CFFileNonMultipartException : Invalid content type: application/soap+xml; charset=UTF-8; action="urn:cargaAnuncio".The files upload action requires forms to use enctype="multipart/form-data".]
All the arguments and variables that I'm using are correct, because I tested the webservice as a local component (stored in Server A and uploading the file in the same server) and worked fine. Here's the code of the succesful test (invoked as a component instead of a webservice):
<cfinvoke component="alta_ga" method="cargaAnuncio" destinoAnuncio="#form.destinoAnuncio#" PrefijoNvoNombre="#form.PrefijoNvoNombre#">
¿What could be wrong?
There's a lack of documentation about this functionality. Adobe's user guide doesn't explain this functionality in depht. Ben Forta's books... same. Or I couldn't find the information.
Thanks in advance.
When a form is posted to a CFML server, the posted file is saved in a temporary directory before any of your code runs. All <cffile action="upload"> does is to copy a file from that temporary directory to the location you want it to be. Your remote server ServerB has no idea about any file posted on ServerA, so <cffile action="upload"> will not help you.
The action is misleading. It's not upload-ing anything. It's just copying from a predetermined temp directory. The web server handles the uploading before the CF server is even involved.
You will likely need to <cffile action="upload"> on ServerA to a specific place, and then it needs to post that file to your web service on ServerB. Then ServerB should be able to use <cffile action="upload"> to transfer it from the upload temp directory to wherever you need it to be. That said I have never tried this when posting to a web service.
Alternatively you could just post the file directly to ServerB in the first place, to save needing ServerA to be an intermediary. This might not be possible, of course.

coldfusion - prevent direct access to files created by user that are meant to be downloaded

When a user logs into our system, it's possible for the user to create a CSV report. This report can then be downloaded by the user. Directory structure is like this:
siteroot.com/user/
siteroot.com/user/login/
siteroot.com/user/login/downloads/[file].csv
The /login/ directory can only be accessed via a logged in user. However someone - if they knew the URL - could go directly to the URL of the CSV file and grab the file:
siteroot.com/user/login/downloads/myfile.csv
Is there any better (simpler) solution than moving them out of the root and then using a cfdirectory / cfheader / cfcontent to pull the CSV file out of a non-IIS directory and give it to the user?
Don't put those files in a web accessible folder.
If you're creating a data export that does not need to be kept around, create the file in a temp folder (also not a publicly accessible folder) and use <cfcontent> to push the file to the browser, which will present the user with a download dialog. You'll delete the file from the server as part of this process, so you'll run this process every time someone requests the export.
This keeps your server clean and keeps the file behind a login. Here's a gist I created to stub out this process. It uses <cfspreadsheet> to accomplish the export. Here's the core of the code:
<cfspreadsheet action="write" filename="#config.full_temp_name#" query="config.q" />
<cfspreadsheet action="read" src="#config.full_temp_name#" name="local.xls" />
<cffile action="delete" file="#config.full_temp_name#" />
<cfif len(arguments.fileName) GT 0>
<cfheader name="content-disposition" value="attachment; filename=#arguments.fileName#.#config.extension#" />
<cfelse>
<cfheader name="content-disposition" value="attachment; filename=#config.temp_name#.#config.extension#" />
</cfif>
<cfcontent type="application/msexcel" variable="#spreadsheetReadBinary(local.xls)#" reset="true" />

Content-disposition being ignored in IE 9 and Firefox 13

I am trying to dynamically create an inline PDF that, when the user chooses to save it, prompts with my custom filename. According to the documentation, the saveasname attribute should do what I want.
(format="PDF" only) The filename that appears in the SaveAs dialog when a user saves a PDF file written to the browser.
However, what is happening in both IE 9 and in Firefox 13.0.1 is that the filename that appears in the SaveAs dialog is the same as my CF template, but with a PDF extension. (In other words, my code is in makepdf.cfm and the SaveAs prompts me to save makepdf.pdf.) In Chrome, however, it works perfectly. (All on Windows 7.)
Here is my code to create the PDF:
<cfdocument format="pdf" bookmark="true" saveasname="MyReport.pdf">
If I explicitly declare the content disposition and content type, like so
<cfheader name="Content-Disposition" value="inline; filename=MyReport.pdf">
<cfcontent type="application/x-pdf">
<cfdocument format="pdf" bookmark="true" saveasname="MyReport.pdf">
Chrome tells me that "Content-Disposition" has been declared twice
Firefox tells me the PDF file is corrupt
IE just ignores it (and still doesn't show the right filename)
If I just rely on the header
<cfheader name="Content-Disposition" value="inline; filename=MyReport.pdf">
<cfcontent type="application/x-pdf">
<cfdocument format="pdf" bookmark="true">
I get the same behavior as the first snippet of code.
I know how to get the browser to prompt for download rather than displaying inline, and everything works as expected then, but that's not the desired behavior.
I need to use times and dates in filenames and the end users are not savvy enough to keep from overwriting their files (should they choose to save them).
Is there something I'm missing that will get IE and Firefox to do what they're supposed to? What other browsers are going to do this? Mobile Safari?
The problem seems to be that "filename=xxx" was really intended for the "attachment" disposition, and not all the browser PDF plugins recognise it as a mechanism for specifying the inline "save as", as you've discovered.
A different approach to getting them all to use your preferred filename would be to manipulate the URL using web server rewrite rules. As a simple example you'd have your script for generating the pdfs and serving them inline: pdf.cfm
<cfheader name="Content-Disposition" value="inline">
<cfdocument format="PDF" mimetype="application/pdf">Test</cfdocument>
Then create a re-write rule which matches URLs in the form /pdf/myfilename and passes them to pdf.cfm. On IIS7 this might be:
<rule name="Inline PDF SaveAs" stopProcessing="true">
<match url="^/pdf/[\w-]+$" ignoreCase="true" />
<action type="Rewrite" url="/pdf.cfm" appendQueryString="false" />
</rule>
This will match filenames containing alphanumeric, underscore and hyphen characters only. You wouldn't want to allow spaces, or invalid filename characters.
When you access /pdf/myreport the PDF will be displayed inline by the plugin, and when you save it, the default filename will be myreport.pdf.
If you're using a framework which supports Search Engine Safe URLs or "routes", you could do the same without needing web server rewrites.
UPDATE: In fact you don't need to use URL rewriting: simply append a forward slash and then the desired filename to the CF script URL, e.g.
/pdf.cfm/myreport
The plugin will use whatever comes after the final slash as the "Save As..." name.
Make sure you use ATTACHMENT and not INLINE.
IE does NOT like INLINE and will open a word document as READ ONLY as well as not assuming the filename you give it.
Example:
<cfheader name="content-disposition" value="attachment; filename=#filename#.doc" charset="utf-8">
NOT
<cfheader name="content-disposition" value="inline; filename=#filename#.doc" charset="utf-8">
I would use the name attribute of the cfdocument tag which will store the contents in a variable. Then use the cfheader and cfcontent tags as you have above with the exception of replacing "inline;" with "attachment;"
I use code like this:
<cfdocument name="pdf"> ... </cfdocument>
<cfheader name="Content-Disposition" value="attachment;filename=MyReport.pdf;" />
<cfcontent type="application/pdf" variable="#pdf#" />

Saving content to a .DOC file using ColdFusion

I'm not having any issues writing the content to the .doc file. The problem I'm having is getting the file to NOT download to the user's browser automatically after creation. I just want to have the .doc file created in the background, then the user can download the file from a web page at anytime. Here's the code I'm working with:
<cfheader name="Content-disposition" value="filename=Quote_#arguments.QuoteNumber#_#arguments.Revision#.doc">
<cfcontent type="application/msword">
<cfoutput>#WordDoc#</cfoutput>
<cffile action="copy" source="#application.AbsPath#\media\quotes\BlankQuote.doc" destination="#application.AbsPath#\media\quotes\Quote_#arguments.QuoteNumber#_#arguments.Revision#.doc" />
<cffile action="write" file="#application.AbsPath#\media\quotes\Quote_#arguments.QuoteNumber#_#arguments.Revision#.doc" output="#WordDoc#" />
You're problem is the <cfheader> tag... that's what is triggering the doc to open.
I would do something like this instead.
<cfsavecontent variable="whatever">
<cfoutput>#WordDoc#</cfoutput>
</cfsavecontent>
<cffile action="write" file="#application.AbsPath#\media\quotes\Quote_#arguments.QuoteNumber#_#arguments.Revision#.doc" output="#whatever#" />

Coldfusion GetHttpRequestData()?

Does anyone have an example of how Coldfusion's GetHttpRequestData() works? I'm looking to use this func to save data from the AJAX Upload script: http://valums.com/ajax-upload/
The script works in FireFox but not Safari, Chrome, etc...
Ideas?
What error do you get?
Maybe these links will help:
http://www.coldfusionjedi.com/index.cfm/2007/7/1/Undocumented-change-to-GetHTTPRequestData-in-ColdFusion-8
http://www.bennadel.com/blog/1602-GetHTTPRequestData-Breaks-The-SOAP-Request-Response-Cycle-In-ColdFusion.htm
You might also want to read this recent thread about that script. As valums suggested, you should be able to extract the binary data from getHttpRequestData().content (when needed).
In my very limited tests, it seemed to work okay with IE8/FF/Chrome/Opera. However, I had no luck with Safari (windows). It seemed like the request data was getting mangled (or possibly misinterpreted by CF?). So the final content-type header reported by CF was incorrect, causing an http 500 error. Granted, I did not test this extensively.
Here is my quick and dirty test script (lame by design...)
<cfset uploadError = "" />
<cfif structKeyExists(FORM, "qqFile")>
<!--- upload as normal --->
<cffile action="upload" filefield="qqFile" destination="c:/temp" />
<cfelseif structKeyExists(URL, "qqFile")>
<!--- save raw content. DON'T do this on a prod server! --->
<!--- add security checks, etc... --->
<cfset FileWrite( "c:/temp/"& url.qqFile, getHttpRequestData().content) />
<cfelse>
<!--- something is missing ...--->
<cfset uploadError = "no file detected" />
</cfif>
<!--- return status old fashioned way (for compatibility) --->
<cfif not len(uploadError)>
{"success": true}
<cfelse>
<cfoutput>{error": "#uploadError#"}</cfoutput>
</cfif>
You want to look into using cffile with action="upload" to upload the file: http://cfdocs.org/cffile
GetHttpRequestData() is intended for decoding protocols like SOAP, XML-RPC, and some of the more complex REST-ful protocols. HTTP file uploads are normally done as POSTs using the multipart/form-data MIME type. Looking at http://www.cfquickdocs.com/it doesn't appear that GetHttpRequestData() has any special support for multipart data, which means you'd have to split and decode the parts yourself. Not my idea of fun, and completely unnecessary if you're just doing file uploading.
<cffile action="upload"> or <cffile action="uploadAll"> (new for CF9) should be quite sufficient for processing file uploads, even for those done via an AJAX upload script.