I ran into an issue where using CFContent to serve a file with spaces in its name was truncating the file name. For example the file “Foo Bar.xls” was saving as “Foo”, lacking ” Bar.xls”.
<cfheader name="Content-Disposition" value="attachment; filename=#getFileFromPath(filePath)#"> <cfcontent file="#filePath#" type="application/octet-stream">
You can find many examples of this type of code out there for securing files using ColdFusion and its cfcontent, so apparently it’s a common oversight.
The fix to truncated file names is very simple but no so obvious.
What doesn’t work:
- Don’t wrap the file name value in anything
- Wrapping the file name value in single quotes
- Wrapping the file name value in double quotes
What does work:
- Wrap the file name value in escaped quotes (doubled up such as “”#filename#””)
- Wrap the file name value in character valued double quotes (chr(34))
The new example would look something like this:
<cfheader name="Content-Disposition" value="attachment; filename=""#getFileFromPath(filePath)#"""> <cfcontent file="#filePath#" type="application/octet-stream">
Thanks to Ben Nadel for providing this solution.
See my previous blog on serving files with CFContent at https://christierney.com/2009/08/12/securely-serving-files-via-cfcontent/ .