ansaurus

Question

Pound sign (#) in filename causing error

Answer 1

A:

Pound signs are not legal within filenames on the web. They are used for in-page anchor targets:

<a name="target">

So if you have file#name.pdf, the browser is actually looking for the file "file" and the internal anchor "name.pdf".

Yes, you will have to rename your files on upload.

Ben Doom 2010-01-14 21:09:53

I understand that I will have to rename. My question would be what is the easiest solution to take care of the # character as well as any others that might cause issues.

Jason 2010-01-14 21:13:05

check out replace() or replaceList()

Henry 2010-01-14 21:29:24

@Ben - I could be wrong, but I do not think you "have to" rename. Properly encoding the # sign should work (ie file%23.pdf). But I do agree that renaming is the better option here (especially given CF's sensitivity to #).

Leigh 2010-01-15 04:00:44

I ran into this a few years ago. From what I remember, you have to escape the # both on the file and in the link. At least, on an older version of IIS.

Ben Doom 2010-01-15 15:02:43

Yes, I think tricky part is "properly" escaping it (in a CF context anyway). But just in case someone really could not rename, I wanted to mention escaping should be an option.

Leigh 2010-01-15 20:59:17

Other than pre-processing the file request a la mod-rewrite and its ilk, how would you escape the filename on the file itself without renaming it?

Ben Doom 2010-01-16 01:12:57

I do not think you can. What I meant was escaping the # in the url alone _should_ work with most newer web servers. At least afaik. I am not sure about older versions of IIS.

Leigh 2010-01-16 16:16:02

Answer 2

+3 A:

If you control the file upload code try validating the string with

 IsValid("url",usersFileName) or
 IsValid("regex",usersFileName,"[a-zA-Z0-9]")

Otherwise if you are comfortable with regex I would suggest something like the previous posters are commenting on

  REReplace(usersfilename,"[^a-zA-Z0-9]","","ALL")

These samples assume you will add the ".pdf" and only allows letters and numbers. If you need underscores or the period it would look like this...

  REReplace(usersfilename,"[^a-zA-Z0-9\._]","","ALL")

I am not a regex guru, if I have one of these wrong I am sure several will jump in and correct me :)

kevink 2010-01-14 22:26:03

Yes, we do something similar to the latter expression. But replace the removed characters with something like "_" to make it obvious the file name was altered. Strictly personal preference though :)

Leigh 2010-01-14 23:50:46

This is a pretty good approach. Wish I'd thought of it.

Ben Doom 2010-01-15 15:04:05

This is more or less what I do. Like Leigh, I replace all substituted characters with '_' as an alert to the user.

Al Everett 2010-01-15 15:23:55

This is exactly what I was looking for. Thanks!

Jason 2010-01-15 15:43:57

Answer 3

A:

Probably you would have to replace # with ## to avoid this, I think this is caused because # is figured as Coldfusion keyword.

This should help.

Happy coding.

Ravia 2010-01-15 09:25:48

There are no issues in Coldfusion. The issue is that it reads it as a named anchor on the page.

Jason 2010-01-15 14:02:29

Answer 4

A:

I can't comment yet, but Kevink's solution is good unless you need to perserve what you're replacing.

We ran into an instance where we needed to rename the filename but the filename needed to be somewhat preserved (user requirement). Simply removing special characters wasn't an option. As a result we had to handle each replace individually, something like.

<cfset newName = replace(thisFile, "##", "(pound)", "All")>
<cfset newName = replace(newName , "&", "(amp)", "All")>
<cffile action="rename"source = "#ExpandPath("\uploads\#thisFolder#\#thisFile#")#" destination = "#newName#">

Travis 2010-01-15 14:25:16

ansaurus

tags:

views:

answers:

Pound sign (#) in filename causing error

related questions