Reputation: 6416
Best way to sanitize / validate PDF document in ColdFusion
I'm using ColdFusion 10 and accepting an uploaded PDF file from the user. I want to sanitize/validate the PDF file to ensure it is actually a PDF file, and not some other type of file renamed as *.pdf.
Currently my strategy is to run <cfpdf action="merge" name="pdfdata"> on the file, and then call toBinary(pdfdata) when saving the result, but I'm getting a strange problem with a PDF that's valid afaict but raises a PDFDocException error when toBinary(pdfdata) is called.
Is there a "right way" to sanitize/validate the PDF document upon upload?
Upvotes: 0
Views: 882
Answers (1)
Reputation: 13548
ColdFusion has a built-in function to verify whether a PDF file is valid or not; IsPDFFile(). I have no idea how it works or what it checks though.
Here is the ColdFusion documentation for the IsPDFFile function
Description
Verifies whether a PDF file is valid.
Returns
True, if the value returns a valid PDF file. False, otherwise.
Function syntax
IsPDFFile("path")Parameters
path - Pathname to an on-disk or in-memory PDF file. The pathname can be absolute or relative to the CFM page and must be enclosed in quotation marks.
Usage
This function returns False if the value is not a valid pathname to a PDF file, the pathname is null, the PDF file is not valid, or the PDF file is corrupted.
And I would also suggest that you read over this reference from Pete Freitag: Tips for Secure File Uploads with ColdFusion
Upvotes: 1
Related Questions
- How to validate a PDF?
- Sanitizing PDF user input in Python
- How to create electronically signed PDF in ColdFusion
- Generating PDFs in ColdFusion
- Coldfusion: CFDocument PDF Alternatives
- ColdFusion PDF Generation - other options to cfdocument
- Coldfusion CFDocument PDF conversion issues
- Submitting a PDF file and saving in ColdFusion
- Creating a PDF in ColdFusion?
- Formatting PDF docs w/ Coldfusion & DDX