Using Path Info To Influence The Browser's Save-As Action
Posted July 18, 2007 at 8:53 AM by Ben Nadel
Using ColdFusion as a proxy to download files is a very cool function provided by the language. By piping file requests through a ColdFusion page it allows us to check user permissions on files that would normally not be handled by the ColdFusion server (ie. non-cfm/cfc files), stream files that are not in web-accessible directories, and log file access statistics to a database:
- <a href="get.cfm?id=#qFile.id#">Get File</a>
In the above code snippet, our get.cfm ColdFusion template is the file download proxy. It works great, except for one HUGE problem. If the user were to right-click on that link and chose Save-As, this is what they would get as their file type:
Macromedia ColdFusion File
... and the suggested file name would be:
This is a huge draw back and a deal break for many people when it comes to using download proxies.
Well, this morning, in the shower, my mind started to wonder over to Ray Camden's blog software and then it dawned on me! Ray uses search engine friendly URLs with extra path information. For example, in the URL:
... the /ColdFusion "directory" is coming after the index.cfm file name. This is being done for search engine optimization, but somewhere between soaping-up and shampooing, I realized that this could be leveraged to solve the proxy download save-as issue.
Instead of using a directory name like "ColdFusion", we could append extra path information pertaining to the target file's name. Take a look at this example:
- <a href="./get.cfm/1/girl-1.jpg">Get Image</a><br />
- <a href="./get.cfm/2/girl-2.jpg">Get Image</a><br />
- <a href="./get.cfm/3/girl-3.jpg">Get Image</a><br />
- <a href="./get.cfm/4/girl-4.jpg">Get Image</a><br />
- <a href="./get.cfm/5/girl-5.jpg">Get Image</a><br />
On this page, get.cfm is our ColdFusion file download proxy. After the file name, we then put the ID of the file followed by the name of the image that we want the browser to use. Because the browser is looking at the full path, including the additional path information, it will use the file name at the very end when dealing with the Save-As action. This takes away the save-as road block to the proxy (in case you have no idea what I'm talking about).
Now, our get.cfm ColdFusion page then just has to be able to use the path info. The additional path information can be accessed via the CGI object:
According to documentation, CGI.path_info id:
The extra path information, as given by the client. In other words, scripts can be accessed by their virtual pathname, followed by extra information at the end of this path. The extra information is sent as PATH_INFO. This information should be decoded by the server if it comes from a URL before it is passed to the CGI script.
Our extra path information will be a directory path with the file ID and the image name. Parsing that as a slash-delimited list, we can then grab the parts and use them to stream the file back to the browser:
- Get the path info from the CGI object. the
- path_info variable holds the extra path information,
- as given by the client. In other words, scripts can
- be accessed by their virtual pathname, followed by
- extra information at the end of this path. The extra
- information is sent as PATH_INFO. Our path info
- should be in the form of:
- <cfset strPathInfo = CGI.path_info />
- Get the two parts of the URL. Since ColdFusion ignores
- the empty list values, we don't have to worry about
- stripping out the leading or trailing slashes.
- <cfset intID = Val( ListFirst( strPathInfo, "\/" ) ) />
- <!--- Get the suggested image name. --->
- <cfset strName = ListLast( strPathInfo, "\/" ) />
- Now that we have the ID of the image, let's
- calculate the image path.
- <cfset strPath = (
- GetDirectoryFromPath( GetCurrentTemplatePath() ) &
- intID &
- ) />
- <!--- Check to see the file exists. --->
- <cfif FileExists( strPath )>
- Set the desired file name. The file name here
- only comes into play if the type is attachment
- and the do NOT use Save-As OR if they click
- through to the image and then right-click and
- Save-As on the image. Otherwise, the browser
- will just use the link path info.
- value="inline; filename=#strName#"
- <!--- Stream the file to the browser. --->
- The file could not be found. Send back text
- error message (the best we can do).
- variable="#ToBinary( ToBase64( 'File Not Found' ) )#"
This uses CFContent to stream the file back to the browser. In my CFHeader tag, I am setting the suggested file name to be the same as was passed in via the extra path info. The CFHeader value here doesn't really do too much since the content disposition is inline. It really comes into play if the user clicks into the image (displaying it in the browser) and then does a right-click / save-as on the image itself. In that case, the browser will use the suggested filename in the page headers.
Pretty cool stuff!
What Other People Are Searching For
[ local search ]
search engine optimization
[ local search ] using cfcontent to download files
[ local search ] using save-as with cfcontent
[ local search ] setting file name of cfcontent coldfusion
[ local search ] using cfheader cfcontent in coldfusion
We use a similar technique for serving files; except, we use ISAPI rewrite to hook into ANY url with .pdf, .doc etc;
domain.com/myfile.pdf would get rewritten to domain.com/downloads/index.cfm?file=myfile.pdf
We can then use CF to search the database for location of the file, and serve it via content disposition; That way they're all permalinks :)
That sounds pretty cool. I dabbled a little bit with ISAPI rewrite, but my boss is a bit hesitant to use it because it requires third-party support if anything every goes wrong or something... plus, I don't have access to the server if I ever need to install it (so I can't do much playing with it on my own).
But, still, a solid idea.
You need to make sure you always quote the file name in the Content-Disposition header.
<cfheader name="content-disposition" value="inline; filename='#fileName#'">
This is very important because if you don't do that and the file name has spaces in it or unicode chars bad things will happen in Firefox (and other Gecko based browsers).
Woops, that should be double quotes.
<cfheader name="content-disposition" value='inline; filename="#fileName#"'>
That is interesting. I have never run up against that... but then again I pretty much never put spaces in my file names when it comes to web development. Good to know!
Ben, interesting alternative to mod_rewire or an ISAPI filter. I'll have to keep it in mind when I do no have access to the server configuration.
As a side not, there is a free ISAPI rewrite filter I'm using if somebody wants to travel that route. Here is my little guide on it: