Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem's tersely abbreviated post at first seemed to read as if the solution was to ENABLE Global Script Protection (which didn't make sense), but James you made me realize that he meant to point me in that general direction and that the real solution was to NOT ENABLE Global Script Protection. My hosting provider implemented the change and everything is fine again. Take-home lesson: if you ever find your EMBED and OBJECT tags getting mysteriously converted to InvalidTag in a CFFILE WRITE operation, disable Global Script Protection in the CF Administrator. Now if we could just get this houseoffusion.com forum to actually record posts the first time instead of nothing nothing nothing and then suddenly three copies of the same thing appear... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299053 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem, can you be a little more specific? The webserver is not mine, I don't have control of the CF Administrator, and any changes are going to affect other people so I have to make a strong case to my hosting provider that any change I suggest is going to actually solve the problem. In this case the docs indicate (thanks for the link) that enabling Global Script Protection will protect against cross-site scripting attacks, but I don't think that there's a cross-site attack going on, but an intra-site attack of some kind or security setting somewhere changing my EMBED and OBJECT tags to InvalidTag at the moment of a CFFILE WRITE operation. Could that even possibly be done through a cross-site scripting attack? It's not anybody else modifying the .cfm files I write, it's only me which I'm sure of because the logs show nobody else has been in messing with them, and it happens instantly upon a CFFILE WRITE. It does not however happen to any .cfm's I upload via FTP, and if it was a cross-site scripting attack going on they should be affected in that case too. So what could be changing my EMBED and OBJECT tags to InvalidTag? Karl Simanonok wrote: The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? Enable Global Script Protection: http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298973 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem, can you be a little more specific? The webserver is not mine, I don't have control of the CF Administrator, and any changes are going to affect other people so I have to make a strong case to my hosting provider that any change I suggest is going to actually solve the problem. In this case the docs indicate (thanks for the link) that enabling Global Script Protection will protect against cross-site scripting attacks, but I don't think that there's a cross-site attack going on, but an intra-site attack of some kind or security setting somewhere changing my EMBED and OBJECT tags to InvalidTag at the moment of a CFFILE WRITE operation. Could that even possibly be done through a cross-site scripting attack? It's not anybody else modifying the .cfm files I write, it's only me which I'm sure of because the logs show nobody else has been in messing with them, and it happens instantly upon a CFFILE WRITE. It does not however happen to any .cfm's I upload via FTP, and if it was a cross-site scripting attack going on they should be affected in that case too. So what could be changing my EMBED and OBJECT tags to InvalidTag? Karl Simanonok wrote: The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? Enable Global Script Protection: http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298974 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem, can you be a little more specific? The webserver is not mine, I don't have control of the CF Administrator, and any changes are going to affect other people so I have to make a strong case to my hosting provider that any change I suggest is going to actually solve the problem. In this case the docs indicate (thanks for the link) that enabling Global Script Protection will protect against cross-site scripting attacks, but I don't think that there's a cross-site attack going on, but an intra-site attack of some kind or security setting somewhere changing my EMBED and OBJECT tags to InvalidTag at the moment of a CFFILE WRITE operation. Could that even possibly be done through a cross-site scripting attack? It's not anybody else modifying the .cfm files I write, it's only me which I'm sure of because the logs show nobody else has been in messing with them, and it happens instantly upon a CFFILE WRITE. It does not however happen to any .cfm's I upload via FTP, and if it was a cross-site scripting attack going on they should be affected in that case too. So what could be changing my EMBED and OBJECT tags to InvalidTag? Karl Simanonok wrote: The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? Enable Global Script Protection: http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298975 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem already answered this for you - the Enable Global Script Protection setting is enabled and this is replacing your embed and object tags because it thinks they are unsafe. On Feb 14, 2008 5:02 PM, K Simanonok [EMAIL PROTECTED] wrote: So what could be changing my EMBED and OBJECT tags to InvalidTag? Karl Simanonok wrote: The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? Enable Global Script Protection: http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298976 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Karl Simanonok wrote: The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? Enable Global Script Protection: http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298667 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
I use two simple templates in a rudimentary online file editing system that lets me edit any page of a site when I am logged in. The functionality works by using CFFILE to read a file and display its contents in a TEXTAREA field from where I can then use CFFILE to WRITE it back to disk as an ASCII .cfm file after modifiying the code and/or content. It has worked well for years and enables me to make minor mods from any web browser, so I don't need to be sitting at my own machine with FTP program loaded and configured. There is a backup automatically made of every file edited and a log created which indicates who edited each one, so I know nobody has gotten into my online editing system by hacking my account and logging in. Somehow, recently something has changed dramatically for one page I recently tried to edit which has a lot of YouTube videos embedded in it. The CFFILE operation doesn't save the code properly but converts every EMBED and OBJECT tag (no CF tags that I know of) into InvalidTag! I know it is not my own code doing this because I have inspected it carefully and it is not very complicated to begin with so I could not miss such a thing that might be doing it. I can upload good code containing EMBED and OBJECT tags via FTP and the code will not be altered in that case so I know the code changes do not happen when CF processes the code or by the webserver or other post-processing somehow, it has to be happening during the CFFILE WRITE operation only when I am editing through my online interface. So I can use FTP to make things work okay without changing any of my code but I want my online editing to work too because it is so convenient to have sometimes. The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298617 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
