Re: SMS messages [spamtrap bayes][spamtrap heur]
On 8/27/2010 2:25 AM, Justin Scott wrote: Have you used them to send to mobile numbers on US carriers? A few places I've spoken to have said that we would need to apply for our own short code to send to US recipients, others have said we can send through theirs but no you don't 100% need a short code to *send* SMS to the US. like most everything else, you get what you pay for when it comes to SMS vendors. you might look at HSLsms.com or Dialogue.net, know both of these work with cf's gateway are fairly reliable. if you're on cf9 only want to send or receive SMS (which often can be a cheaper service), look for vendors that offer that. prior to cf9, cf's SMS gateway was transceiver binding only. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336608 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFopenchat not working in IE
Hi Rick, I have added the the new line you suggested and now I have come across a very peculiar scenario. I open one chat window in FF and other in IE and it seems to work.As soon as I open a new chat window in Chrome for 3rd user, in IE it stops working. Chrome/FF users can communicate though.I have logged out from chrome ,even then it does not work in IE now.I have logged in/logged out few times. This is happening on server. On local I have same files and it seems to work fine there.So there is some minor issue on server but I am not able to debug that.Any thoughts? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336609 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: sending a form through CF and catching the results
Josh, you're missing the point entirely. Converting from CSV-Query makes sense and wasn't being questioned. Using the cfhttp tag to do the conversion is what's crazy. There is no sensible reason for requiring CSV conversion to go via HTTP - since the vast majority of the time this isn't necessary/desired - having a dedicated cfcsv tag and/or CsvParse function would have made sense. As I said, we'd need to ask the relevant developers why the decision to tangle the CSV functionality with cfhttp was made. (Rick, I used Adobe as shorthand; not to exclude Macromedia or Allaire.) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336610 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Number of site using ColdFusion
Ben's list is unfortunately for the Netherlands terribly out of date. Most companies listed there now use .NET or PHP, whilest there are a lot of CF-sites and companies not being listed. Of course it's important to maintain this data for your own company if you're listed and it would be an undoable task for Ben to contact each and everyone to check if the data still was right. Hence, such a list would be quickly out-of-date and not really worth the effort put into it... Sebastiaan = So long and thanx 4 all the fish == Onlinebase.nl Date: Thu, 26 Aug 2010 03:04:54 +1000 Subject: RE: Number of site using ColdFusion From: andr...@andyscott.id.au To: cf-talk@houseoffusion.com Ben's is not well maintained at all, as I said there are sites that I know that run in ColdFusion and has done since 2003 and they are not listed on either of the two lists. I would almost say that this type of maintenance would almost be the sort of thing that neither has the time to do. Regards, Andrew Scott http://www.andyscott.id.au/ -Original Message- From: Andy Matthews [mailto:li...@commadelimited.com] Sent: Thursday, 26 August 2010 3:05 AM To: cf-talk Subject: RE: Number of site using ColdFusion No clue about the GotCFM list. I'd guess that Ben's list is well maintained, but I don't know for certain. Perhaps he'd chime in on this one? andy ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336611 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Number of site using ColdFusion
Oh, and Rey's GOTCFM is not easy to change either. I wanted to change and add listings, but this isn't possible. Also Rey doesn't really respond to mail, I've tried to contact hi about this thru regular mail but also via the contactmailaddress on the site, to no avail alas. Maybe he'll see this post and react ;-) Of course he's busy in the Microsoft realm now, so CF might not be his primary business motive anymore! Sebastiaan = So long and thanx 4 all the fish == Onlinebase.nl Date: Fri, 27 Aug 2010 11:58:39 +0200 Subject: RE: Number of site using ColdFusion From: seb...@hotmail.com To: cf-talk@houseoffusion.com Ben's list is unfortunately for the Netherlands terribly out of date. Most companies listed there now use .NET or PHP, whilest there are a lot of CF-sites and companies not being listed. Of course it's important to maintain this data for your own company if you're listed and it would be an undoable task for Ben to contact each and everyone to check if the data still was right. Hence, such a list would be quickly out-of-date and not really worth the effort put into it... Sebastiaan = So long and thanx 4 all the fish == Onlinebase.nl Date: Thu, 26 Aug 2010 03:04:54 +1000 Subject: RE: Number of site using ColdFusion From: andr...@andyscott.id.au To: cf-talk@houseoffusion.com Ben's is not well maintained at all, as I said there are sites that I know that run in ColdFusion and has done since 2003 and they are not listed on either of the two lists. I would almost say that this type of maintenance would almost be the sort of thing that neither has the time to do. Regards, Andrew Scott http://www.andyscott.id.au/ -Original Message- From: Andy Matthews [mailto:li...@commadelimited.com] Sent: Thursday, 26 August 2010 3:05 AM To: cf-talk Subject: RE: Number of site using ColdFusion No clue about the GotCFM list. I'd guess that Ben's list is well maintained, but I don't know for certain. Perhaps he'd chime in on this one? andy ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336612 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Powerpoint to Flash conversion
I went through cfpresentation but not able to use it for converting PPT to flash.Do you know some reference sites/examples that does the same? Can you give an example of it to show its working? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336613 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: manipulating Excel files
Marc, This seems like the worst possible way of attempting this. The POI library included with CF8 allows you to manipulate native excel documents using java calls from within CF Check out Ben Nadel's POIUtility.cfc http://www.bennadel.com/projects/poi-utility.htm Rick On Thu, Aug 26, 2010 at 4:56 PM, marc -- m...@marcbakker.com wrote: Hi, recently I wanted to stream an Excel file from the server to a client browser. Before streaming it to the user, I wanted to replace some placeholders in the file (like name,place) with their actual values (#user.name#,#user.place#). So this was the setup: 1 read binary (.xls) template file 2 read binary data and replace every occurence of the placeholder with it's actual value 3 stream the binary data to the client using cfcontent variable=... This cannot be done without converting the binary Excel data to a text format. So I tried BinaryEncode(binaryData,Hex). This gave me the binary data in Hexadecimal format. Then I translated the placeholder (e.g. name) to it's hex representation. Then translated the actual value (e.g. marc) to it's hex representation. Then I did a ReplaceNoCase(a,b,c) where a=the binarydata in HEX format, b=the place holder in hex format, c=the actual value in hex format Then I translated a back to binary using ToBinary() This didn't work since, as I found out, the hexadecimal value for the place holder was never found in the converted binary data (in ReplaceNoCase(a,b,c) ). Why is this approach not working? Is it possible at all to find and replace text values in an excel file this way - so without using things like POI utility? Btw Translating the file to xml is not an option since it contains graphics which are not supported in this format. I do this in CF 8 on WinXP Thanks, Marc ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336614 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: manipulating Excel files
Oh come now. Surely we could think of a worse way. ;) On Fri, Aug 27, 2010 at 8:20 AM, Rick Root rick.r...@gmail.com wrote: Marc, This seems like the worst possible way of attempting this. The POI library included with CF8 allows you to manipulate native excel documents using java calls from within CF Check out Ben Nadel's POIUtility.cfc http://www.bennadel.com/projects/poi-utility.htm Rick On Thu, Aug 26, 2010 at 4:56 PM, marc -- m...@marcbakker.com wrote: Hi, recently I wanted to stream an Excel file from the server to a client browser. Before streaming it to the user, I wanted to replace some placeholders in the file (like name,place) with their actual values (# user.name#,#user.place#). So this was the setup: 1 read binary (.xls) template file 2 read binary data and replace every occurence of the placeholder with it's actual value 3 stream the binary data to the client using cfcontent variable=... This cannot be done without converting the binary Excel data to a text format. So I tried BinaryEncode(binaryData,Hex). This gave me the binary data in Hexadecimal format. Then I translated the placeholder (e.g. name) to it's hex representation. Then translated the actual value (e.g. marc) to it's hex representation. Then I did a ReplaceNoCase(a,b,c) where a=the binarydata in HEX format, b=the place holder in hex format, c=the actual value in hex format Then I translated a back to binary using ToBinary() This didn't work since, as I found out, the hexadecimal value for the place holder was never found in the converted binary data (in ReplaceNoCase(a,b,c) ). Why is this approach not working? Is it possible at all to find and replace text values in an excel file this way - so without using things like POI utility? Btw Translating the file to xml is not an option since it contains graphics which are not supported in this format. I do this in CF 8 on WinXP Thanks, Marc ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336615 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: manipulating Excel files
On Fri, Aug 27, 2010 at 9:02 AM, Michael Grant mgr...@modus.bz wrote: Oh come now. Surely we could think of a worse way. ;) Heh. hiring child labor in a third world country to do the work on demand? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336616 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: manipulating Excel files
I was thinking of bit-shifting through the entire binary object - but I like yours better. Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 Skype: markakruger www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Rick Root [mailto:rick.r...@gmail.com] Sent: Friday, August 27, 2010 8:52 AM To: cf-talk Subject: Re: manipulating Excel files On Fri, Aug 27, 2010 at 9:02 AM, Michael Grant mgr...@modus.bz wrote: Oh come now. Surely we could think of a worse way. ;) Heh. hiring child labor in a third world country to do the work on demand? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336617 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: manipulating Excel files
Oh come now. Surely we could think of a worse way. ;) ... I was thinking of bit-shifting through the entire binary object I knew the list would not disappoint ;-) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336618 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: manipulating Excel files
Heck, you want some serious sarcasm check out cf-comm. :D On Fri, Aug 27, 2010 at 10:51 AM, Leigh cfsearch...@yahoo.com wrote: Oh come now. Surely we could think of a worse way. ;) ... I was thinking of bit-shifting through the entire binary object I knew the list would not disappoint ;-) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336619 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: manipulating Excel files
Heck, you want some serious sarcasm check out cf-comm. :D Ah, so that is where the cf sarcasm smorgasborg can be found! ;-) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336620 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: sending a form through CF and catching the results
There is no sensible reason for requiring CSV conversion to go via HTTP - since the vast majority of the time this isn't necessary/desired - having a dedicated cfcsv tag and/or CsvParse function would have made sense. Yup, I totally agree with that. Guess I misread the emphasis in your previous comment. -- Josh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336621 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Marilynn Monroe (not really - cfinput but no one answered before)
This is straight off the Adobe CF9 page. We're running CF8 but the docs there are so sparse they tell you nothing so we can't tell if this is a version problem or what. The .cfm file (we added the cftry stuff): cftry cfform name=mycfform First Name: cfinput type=text name=firstname value=br Last Name: cfinput type=text name=lastname value=br Domain: cfinput type=text name=domain value=br E-mail: cfinput type=text name=email bind=cfc:bindFcns.getEmailId({firstn...@keyup},{lastn...@keyup}, {dom...@keyup}) /cfform cfcatch type = application !--- display your message --- h3You've Thrown an bError/b/h3 cfoutput !--- and the diagnostic feedback from the application server --- p#cfcatch.message#/p pThe contents of the tag stack are:/p cfloop index = i from = 1 to = #ArrayLen(cfcatch.tagContext)# cfset sCurrent = #cfcatch.tagContext[i]# br#i# #sCurrent[ID]# (#sCurrent[LINE]#,#sCurrent[COLUMN]#) #sCurrent[TEMPLATE]# /cfloop /cfoutput /cfcatch /cftry The cfc file: cfcomponent cffunction name=getEmailId access=remote cfargument name=firstname cfargument name=lastname cfargument name=domain cfreturn #left(arguments.firstname,1)#.#arguments.lastna...@#lcase(arguments.domain)# /cffunction /cfcomponent This throws an error in cfajax.js file (visible in IE Developer Tools) throw new SyntaxError(parseJSON); What is going wrong? Larry Stephens ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336622 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Marilynn Monroe (not really - cfinput but no one answered before)
You need to set the returnformat to json On Fri, Aug 27, 2010 at 1:55 PM, Stephens, Larry V steph...@indiana.edu wrote: This is straight off the Adobe CF9 page. We're running CF8 but the docs there are so sparse they tell you nothing so we can't tell if this is a version problem or what. The .cfm file (we added the cftry stuff): cftry cfform name=mycfform First Name: cfinput type=text name=firstname value=br Last Name: cfinput type=text name=lastname value=br Domain: cfinput type=text name=domain value=br E-mail: cfinput type=text name=email bind=cfc:bindFcns.getEmailId({firstn...@keyup},{lastn...@keyup}, {dom...@keyup}) /cfform cfcatch type = application !--- display your message --- h3You've Thrown an bError/b/h3 cfoutput !--- and the diagnostic feedback from the application server --- p#cfcatch.message#/p pThe contents of the tag stack are:/p cfloop index = i from = 1 to = #ArrayLen(cfcatch.tagContext)# cfset sCurrent = #cfcatch.tagContext[i]# br#i# #sCurrent[ID]# (#sCurrent[LINE]#,#sCurrent[COLUMN]#) #sCurrent[TEMPLATE]# /cfloop /cfoutput /cfcatch /cftry The cfc file: cfcomponent cffunction name=getEmailId access=remote cfargument name=firstname cfargument name=lastname cfargument name=domain cfreturn #left(arguments.firstname,1)#.#arguments.lastna...@#lcase(arguments.domain)# /cffunction /cfcomponent This throws an error in cfajax.js file (visible in IE Developer Tools) throw new SyntaxError(parseJSON); What is going wrong? Larry Stephens ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336623 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
HTMLEditFormat and Cross Site Scripting
New to the cross site scripting arena - trying to prevent users from entering javascript into form fields and the javascript from executing. Pretty much anything goes in the form fields - so I am trying to add htmleditformat to my code - but the javascript is still executing when I click submit. What am I doing wrong?? No matter what, anytime I put in some script code into the ID input box - the JS gets executed. code: form action=3Dindex.cfm method=3DPOST name=3DmyForm cfoutput trtd align=3Dright class=3Dtext9 Enter ID:/tdtdinput type=3Dtext name=3DlogName value=3D#HtmlEditFormat(VARIABLES.logName)# size=3D12/td/tr /cfoutput trtd align=3Dcenter colspan=3D2 input type=3Dsubmit name=3Dsubmit id=3Dsubbtn title=3DSubmit value=3DSubmit / /td/tr /FORM ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336624 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Marilynn Monroe (not really - cfinput but no one answered before)
cffunction name=getEmailId access=remote returnformat=JSON cfreturn left(arguments.firstname,1) . arguments.lastname @ lcase(arguments.domain) Not sure if this fixes it but you might be having a problem with wddx, which is the default return format. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336625 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HTMLEditFormat and Cross Site Scripting
Cindi, You need to use HTMLedit format in the handler... where's the code that takes the Post request and does something with it? -Mark Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 Skype: markakruger www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: cindi gannon [mailto:cindi.gan...@bnymellon.com] Sent: Friday, August 27, 2010 1:00 PM To: cf-talk Subject: HTMLEditFormat and Cross Site Scripting New to the cross site scripting arena - trying to prevent users from entering javascript into form fields and the javascript from executing. Pretty much anything goes in the form fields - so I am trying to add htmleditformat to my code - but the javascript is still executing when I click submit. What am I doing wrong?? No matter what, anytime I put in some script code into the ID input box - the JS gets executed. code: form action=3Dindex.cfm method=3DPOST name=3DmyForm cfoutput trtd align=3Dright class=3Dtext9 Enter ID:/tdtdinput type=3Dtext name=3DlogName value=3D#HtmlEditFormat(VARIABLES.logName)# size=3D12/td/tr /cfoutput trtd align=3Dcenter colspan=3D2 input type=3Dsubmit name=3Dsubmit id=3Dsubbtn title=3DSubmit value=3DSubmit / /td/tr /FORM ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336626 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HTMLEditFormat and Cross Site Scripting
Hi there - I have it in the handle as shown below - but the javascript still executes, so , if i put scriptalert.../script in the logname field on the form - the alert comes up and then the form processes correctly. I'm just trying to prevent the alert or whatever js code is in there maliciously from executing. cfif isdefined(form.logname) cfquery name=getuser datasource=#application.dsn# select * from t_s1 u, t_s2 x where id = '#htmleditformat(form.logname)#' and u.id = x.id /cfquery Cindi Gannon, Sr Programmer Analyst ? The Bank of New York Mellon Corporation BNY Mellon Technology Support ? General Services Support Systems Syracuse Office: (315) 362-1196 ? FAX (315) 362-3603 cindi.gan...@bnymellon.com From: Mark A. Kruger mkru...@cfwebtools.com To: cf-talk cf-talk@houseoffusion.com Date: 08/27/2010 02:11 PM Subject: RE: HTMLEditFormat and Cross Site Scripting Cindi, You need to use HTMLedit format in the handler... where's the code that takes the Post request and does something with it? -Mark Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 Skype: markakruger www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: cindi gannon [mailto:cindi.gan...@bnymellon.com] Sent: Friday, August 27, 2010 1:00 PM To: cf-talk Subject: HTMLEditFormat and Cross Site Scripting New to the cross site scripting arena - trying to prevent users from entering javascript into form fields and the javascript from executing. Pretty much anything goes in the form fields - so I am trying to add htmleditformat to my code - but the javascript is still executing when I click submit. What am I doing wrong?? No matter what, anytime I put in some script code into the ID input box - the JS gets executed. code: form action=3Dindex.cfm method=3DPOST name=3DmyForm cfoutput trtd align=3Dright class=3Dtext9 Enter ID:/tdtdinput type=3Dtext name=3DlogName value=3D#HtmlEditFormat(VARIABLES.logName)# size=3D12/td/tr /cfoutput trtd align=3Dcenter colspan=3D2 input type=3Dsubmit name=3Dsubmit id=3Dsubbtn title=3DSubmit value=3DSubmit / /td/tr /FORM ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336627 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HTMLEditFormat and Cross Site Scripting
cfqueryparam is your friend. On Fri, Aug 27, 2010 at 2:19 PM, cindi.gan...@bnymellon.com wrote: Hi there - I have it in the handle as shown below - but the javascript still executes, so , if i put scriptalert.../script in the logname field on the form - the alert comes up and then the form processes correctly. I'm just trying to prevent the alert or whatever js code is in there maliciously from executing. cfif isdefined(form.logname) cfquery name=getuser datasource=#application.dsn# select * from t_s1 u, t_s2 x where id = '#htmleditformat(form.logname)#' and u.id = x.id /cfquery Cindi Gannon, Sr Programmer Analyst ? The Bank of New York Mellon Corporation BNY Mellon Technology Support ? General Services Support Systems Syracuse Office: (315) 362-1196 ? FAX (315) 362-3603 cindi.gan...@bnymellon.com From: Mark A. Kruger mkru...@cfwebtools.com To: cf-talk cf-talk@houseoffusion.com Date: 08/27/2010 02:11 PM Subject: RE: HTMLEditFormat and Cross Site Scripting Cindi, You need to use HTMLedit format in the handler... where's the code that takes the Post request and does something with it? -Mark Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 Skype: markakruger www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: cindi gannon [mailto:cindi.gan...@bnymellon.com] Sent: Friday, August 27, 2010 1:00 PM To: cf-talk Subject: HTMLEditFormat and Cross Site Scripting New to the cross site scripting arena - trying to prevent users from entering javascript into form fields and the javascript from executing. Pretty much anything goes in the form fields - so I am trying to add htmleditformat to my code - but the javascript is still executing when I click submit. What am I doing wrong?? No matter what, anytime I put in some script code into the ID input box - the JS gets executed. code: form action=3Dindex.cfm method=3DPOST name=3DmyForm cfoutput trtd align=3Dright class=3Dtext9 Enter ID:/tdtdinput type=3Dtext name=3DlogName value=3D#HtmlEditFormat(VARIABLES.logName)# size=3D12/td/tr /cfoutput trtd align=3Dcenter colspan=3D2 input type=3Dsubmit name=3Dsubmit id=3Dsubbtn title=3DSubmit value=3DSubmit / /td/tr /FORM ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336628 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HTMLEditFormat and Cross Site Scripting
cfqueryparam is your friend. That has no effect on XSS. It simply prevents SQL injection. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336629 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HTMLEditFormat and Cross Site Scripting
Right. Cindi posted an example of a cfquery and I responded with cfqueryparam is your friend. Her query is vulnerable to sql injection. On Fri, Aug 27, 2010 at 2:27 PM, Dave Watts dwa...@figleaf.com wrote: cfqueryparam is your friend. That has no effect on XSS. It simply prevents SQL injection. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336630 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: manipulating Excel files
Serious? Its far more frivolous than that. Heck, you want some serious sarcasm check out cf-comm. :D ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336631 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: manipulating Excel files
True dat. On Fri, Aug 27, 2010 at 4:52 PM, Larry Lyons larrycly...@gmail.com wrote: Serious? Its far more frivolous than that. Heck, you want some serious sarcasm check out cf-comm. :D ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336632 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
cfhttp all of a sudden getting connection failure.
I know this is going to be vague, and I apologise in advance for that. I am hitting a webservice for TicketNetwork. It's code that has been in production for over 6 months and has worked flawlessly until about three weeks ago. Here's an example: cfhttp method=POST url=#Request.thisTNURL#/TNWebserviceStringInputs.asmx/GetCategoriesMasterList cfhttpparam type=FORMFIELD name=websiteConfigID value=#Request.websiteConfigID# /cfhttp Normally it would return an XML doc. Now all of a sudden I'm getting connection failure as the file content of cfhttp. I've verified it's not a problem with the host as I can use cfhttp to hit other sites. Just not this webservice anymore. TicketNetwork says they didn't make any changes but I don't know that I believe them. I guess my question is, does anyone know of any gotcha's or issues that might all of a sudden cause this simple procedure to start throwing out an error? Any help or insight would be great, thanks. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfhttp all of a sudden getting connection failure.
P.S. I've also verified that the URL that cfhttp points to is still indeed the correct url. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336634 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HTMLEditFormat and Cross Site Scripting
Cindi, Do you have debugging on? Perhaps it's showing up in the debug and firing off. That's not a problem that would affect your users. -Mark Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 Skype: markakruger www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: cindi.gan...@bnymellon.com [mailto:cindi.gan...@bnymellon.com] Sent: Friday, August 27, 2010 1:20 PM To: cf-talk Subject: RE: HTMLEditFormat and Cross Site Scripting Hi there - I have it in the handle as shown below - but the javascript still executes, so , if i put scriptalert.../script in the logname field on the form - the alert comes up and then the form processes correctly. I'm just trying to prevent the alert or whatever js code is in there maliciously from executing. cfif isdefined(form.logname) cfquery name=getuser datasource=#application.dsn# select * from t_s1 u, t_s2 x where id = '#htmleditformat(form.logname)#' and u.id = x.id /cfquery Cindi Gannon, Sr Programmer Analyst ? The Bank of New York Mellon Corporation BNY Mellon Technology Support ? General Services Support Systems Syracuse Office: (315) 362-1196 ? FAX (315) 362-3603 cindi.gan...@bnymellon.com From: Mark A. Kruger mkru...@cfwebtools.com To: cf-talk cf-talk@houseoffusion.com Date: 08/27/2010 02:11 PM Subject: RE: HTMLEditFormat and Cross Site Scripting Cindi, You need to use HTMLedit format in the handler... where's the code that takes the Post request and does something with it? -Mark Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 Skype: markakruger www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: cindi gannon [mailto:cindi.gan...@bnymellon.com] Sent: Friday, August 27, 2010 1:00 PM To: cf-talk Subject: HTMLEditFormat and Cross Site Scripting New to the cross site scripting arena - trying to prevent users from entering javascript into form fields and the javascript from executing. Pretty much anything goes in the form fields - so I am trying to add htmleditformat to my code - but the javascript is still executing when I click submit. What am I doing wrong?? No matter what, anytime I put in some script code into the ID input box - the JS gets executed. code: form action=3Dindex.cfm method=3DPOST name=3DmyForm cfoutput trtd align=3Dright class=3Dtext9 Enter ID:/tdtdinput type=3Dtext name=3DlogName value=3D#HtmlEditFormat(VARIABLES.logName)# size=3D12/td/tr /cfoutput trtd align=3Dcenter colspan=3D2 input type=3Dsubmit name=3Dsubmit id=3Dsubbtn title=3DSubmit value=3DSubmit / /td/tr /FORM ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336635 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfhttp all of a sudden getting connection failure.
Did you recently update your JVM? This post might help... though you don't look like you are using client certs. http://www.coldfusionmuse.com/index.cfm/2010/8/27/SSL.Client.Certificates.Fa iling Also - check the certificate chain - perhaps the vendor updated an intermediate cert that you now need in your keystore. http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 Skype: markakruger www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Michael Grant [mailto:mgr...@modus.bz] Sent: Friday, August 27, 2010 4:51 PM To: cf-talk Subject: cfhttp all of a sudden getting connection failure. I know this is going to be vague, and I apologise in advance for that. I am hitting a webservice for TicketNetwork. It's code that has been in production for over 6 months and has worked flawlessly until about three weeks ago. Here's an example: cfhttp method=POST url=#Request.thisTNURL#/TNWebserviceStringInputs.asmx/GetCategoriesMasterLi st cfhttpparam type=FORMFIELD name=websiteConfigID value=#Request.websiteConfigID# /cfhttp Normally it would return an XML doc. Now all of a sudden I'm getting connection failure as the file content of cfhttp. I've verified it's not a problem with the host as I can use cfhttp to hit other sites. Just not this webservice anymore. TicketNetwork says they didn't make any changes but I don't know that I believe them. I guess my question is, does anyone know of any gotcha's or issues that might all of a sudden cause this simple procedure to start throwing out an error? Any help or insight would be great, thanks. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336636 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
social network application based on CF ?
Hi list, is there any social network application / social network framework based on CF you guys are aware of ? Thanks in advance for your feedback ! Uwe ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336637 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfhttp all of a sudden getting connection failure.
Any help or insight would be great, thanks. Possibly a swing and a miss here.. but have you double checked the cfhttp headers? Just to verify it is not the old compression issue. http://www.talkingtree.com/blog/index.cfm?mode=entryentry=25aa8297-45a6-2844-729dbd51575c1bd2 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336638 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfhttp all of a sudden getting connection failure.
Could it be a caching issue. CF is set to resolve the DNS forever and the location you are hitting might have moved DNS locations. - URL the same just pointed to a new box. You can change this setting by modifying an xml file in the lib folder. google it and there are a bunch of blogs on this. This happen to us all the time until I changed this setting. Matt Friedman ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336639 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: social network application based on CF ?
myspace used to be in CF I think. On Fri, Aug 27, 2010 at 6:23 PM, cf-t...@sdsolutions.de cf-t...@sdsolutions.de wrote: Hi list, is there any social network application / social network framework based on CF you guys are aware of ? Thanks in advance for your feedback ! Uwe ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336640 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: social network application based on CF ?
Are you looking for an app you can download and use or just want to know if any social networking sites are using ColdFusion? Wil Genovese Sr. Web Application Developer/ Systems Administrator Wil Genovese Consulting 651-894-4238 wilg...@trunkful.com www.trunkful.com On Aug 27, 2010, at 5:23 PM, cf-t...@sdsolutions.de wrote: Hi list, is there any social network application / social network framework based on CF you guys are aware of ? Thanks in advance for your feedback ! Uwe ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336641 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: social network application based on CF ?
On Fri, Aug 27, 2010 at 3:23 PM, cf-t...@sdsolutions.de cf-t...@sdsolutions.de wrote: Hi list, is there any social network application / social network framework based on CF you guys are aware of ? What do you mean by social network application / social network framework? Twitter? Facebook? Ning? LinkedIn? MySpace? They're all very different - and they're all custom applications anyway (with a LOT of low-level tweaks and customizations behind the scenes to make them scale). -- Sean A Corfield -- (904) 302-SEAN Railo Technologies, Inc. -- http://getrailo.com/ An Architect's View -- http://corfield.org/ If you're not annoying somebody, you're not really alive. -- Margaret Atwood ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336642 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm