Justin, a problem that I see with trying to have the core file handle this is: lets say you've got "circuit.action" as your fully qualified fuseaction. What if someone messed with it to say "circuitaction"? Without the dot, the core file has no idea what circuit you are trying to call. "circuitaction" is not aliased in your fbx_circuits file. There's no way for it to tell what circuit and what action you're trying to call. The same thing would happen if someone changed the fuseaction to say "cthulhu". If there's no alias for that circuit, an error will be thrown.
One solution is to use CFTRY / CFCATCH or CFERROR to catch the error thrown by the core file and display a pretty error page, or redirect them to the default home fuseaction. There are lots and lots of ways to make CF throw an error if you really want it too...just mess with any URL variable, value, Form field, etc. One more reason why it is so important to have a good error handling framework in place for your application. It's enough to make a guy paranoid... Just my 2 cents. Brian Justin Scott wrote: > I'm just getting into Fusebox 3.x development and have come across > something > I would like some input on. In FB 3, the "circuit.fuse" method of > handling > the fuseaction attribute is great, but if the value passed is missing a > period, an error is generated instead of execution being passed to the > cfdefaultcase in the switch. This bothers me, as it creates a very easy > opportunity for someone to generate a CF error on purpose. > > I have determined that a simple change to the core fusebox code (in > section > 8) to handle this specifically would work, but everything I've read says > to > NOT change the core code or weird/bad/evil things may happen. > > I'm wondering if anyone else sees this as a big issue and how you handle > it, > core code mods or not. Thanks! > > -Justin Scott, Lead Developer > Sceiron Internet Services, Inc. > http://www.sceiron.com > > > > PS: I'm new on the list, so I'm sorry if this has been covered already. > > > --- ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
