http://www.antiwrap.com/?140
I use this in Application.cfm to scrub the url. Takes about 10ms.
Got it from a thread here. Apologies to the author but I forget who
it was :-(
<!---
scrub url and query string for shenanigans
--->
<cfset variables.ThisURLVar=cgi.script_name & urldecode(cgi.query_string)>
<CF_CodeCleaner input="#variables.thisurlvar#">
<cfset variables.Cleanurl=clean_code>
<!---
Do the original and the cleaned copy still match?
--->
<cfif CompareNoCase(variables.thisurlvar,variables.Cleanurl)>
<!---
No. put out a mysterious 500 error, and rat out the offense
--->
... blah blah blah ...
<cfabort>
</cfif>
--
--Matt Robertson--
MSB Designs, Inc.
mysecretbase.com
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
