File upload with colon in the file name to a Windows install creates crazy.


I noticed some strange 0 byte files with oddly truncated file names in a folder of user uploaded files (mostly PDFs, but shouldn't be relevant) that actually rendered and could be downloaded.

I eventually realized they were files that were uploaded from a device that allows colons in the filename to the Windows server which uses the colon to define alternate data streams in NTFS.

e.g. Upload MyFunny:File.PDF from Linux, would get MyFunny a zero byte file, with an alternate data stream which held the actual file.

I was able to replicate the issue from a Linux VM, but I'm guessing the end users are sending these from Apples or maybe Android.

Adding cffile action="rename" to replace colons helped reduce the problem. I now get the expected filename with the expected file size; however, a truncated file name and 0 byte file are still there. e.g. "MyFunny" and zero bytes.

IMHO, I think the least confusing fix is to automatically replace semi colons in cffile on Windows, but maybe there are users who actually want this behaviour. In that case, rename should gracefully handle files with alternate data streams.


Windows 2008R2 server. Lucee 4.5


Michael Offner





Fix versions