Andrew Grosset wrote:
>Works great in IE, but Mozilla Firebird ignores cfheader and displays
>the page as normal...
I put in <cfabort> right afterwards :D
Here's the whole test I'm using. I put this into application.cfm and, as you say, it only eats a max of 15ms.
<cfset variables.ThisURLVar=cgi.script_name&cgi.query_string>
<CF_CodeCleaner INPUT="#variables.thisurlvar#"><cfset variables.Cleanurl=clean_code>
<cfif CompareNoCase(variables.thisurlvar,variables.Cleanurl)>
<cfheader statuscode="500" statustext="Server Error">
<cfabort>
</cfif>
--
-------------------------------------------
Matt Robertson, [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
-------------------------------------------
--
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- Re: Securing CF Apps against SQL Injection &... Thomas Chiverton
- Re: Securing CF Apps against SQL Injection ... Andrew Grosset
- Re: Securing CF Apps against SQL Inject... Andrew Grosset
- Re: Securing CF Apps against SQL Inject... Matt Robertson
- Re: Securing CF Apps against SQL I... Andrew Grosset
- Re: Securing CF Apps against S... Thomas Chiverton
- Re: Securing CF Apps against SQL Injection & Cr... Jim Louis
- Re: Securing CF Apps against SQL Injection & Cross S... Matt Robertson
- Re: Securing CF Apps against SQL Injection & Cross S... Matt Robertson
- Re: Securing CF Apps against SQL Injection & Cross S... Matt Robertson
- Re: Securing CF Apps against SQL Injection & Cr... Andrew Grosset
- RE: Securing CF Apps against SQL Injection &... Matt Robertson
- Re: Securing CF Apps against SQL Injection &... Michael Dawson
- Re: Securing CF Apps against SQL Injection ... Andrew Grosset
- Re: Securing CF Apps against SQL Inject... Eric Dawson
- RE: Securing CF Apps against SQL Injection & Cross S... Ian Vaughan
- Re: Securing CF Apps against SQL Injection & Cr... Jochem van Dieten
- RE: Securing CF Apps against SQL Injection & Cross S... Ian Vaughan
- Re: Securing CF Apps against SQL Injection & Cross S... Brandon Harper
- RE: Securing CF Apps against SQL Injection & Cross S... Dave Watts