Hello all
I am trying to do the following:
cfset var1 = this is a test
cflocation url=index.cfm?variable=#urlEncodedFormat(var1)#
When I output var1 on the page, it is encoded, but when I pass the var using
cflocation it isn't.
Any suggestions?
Thank you
Yep try this
cfset var1 = this is a test
cfset relocate = index.cfm?variable=#urlEncodedFormat(var1)# /
cflocation url=relocate
That should work, especially if this is suffering the same problem as
cfsavecontent and a few other tags and functions.
--
Regards,
Andrew Scott
WebSite:
Yep try this
cfset var1 = this is a test
cfset relocate = index.cfm?variable=#urlEncodedFormat(var1)# /
cflocation url=relocate
That should work, especially if this is suffering the same problem as
cfsavecontent and a few other tags and functions.
--
Regards,
Andrew Scott
WebSite:
Dumb question - what are you seeing in the browser? When you output
#url.variable# what do you see?
On Wed, Jan 23, 2013 at 10:22 AM, Torrent Girl moniqueb...@gmail.comwrote:
Yep try this
cfset var1 = this is a test
cfset relocate = index.cfm?variable=#urlEncodedFormat(var1)# /
but when I pass the var using cflocation it isn't.
Where, specifically? In the browser's URL/location bar? Or when you
cfoutput#url.variable#/cfoutput? (If the latter, that's the way it's
supposed to work.)
On Wed, Jan 23, 2013 at 10:22 AM, Torrent Girl moniqueb...@gmail.comwrote:
Yep try
Dumb question - what are you seeing in the browser? When you output
#url.variable# what do you see?
On Wed, Jan 23, 2013 at 10:22 AM, Torrent Girl moniqueb...@gmail.comwrote:
When I output the var on the page I see the encoded version:
index.cfm?variable=this%20is%20a%20test
when it
but when I pass the var using cflocation it isn't.
Where, specifically? In the browser's URL/location bar? Or when you
cfoutput#url.variable#/cfoutput? (If the latter, that's the way it's
supposed to work.)
On Wed, Jan 23, 2013 at 10:22 AM, Torrent Girl moniqueb...@gmail.comwrote:
When I
Still not clear RE: which page is which and where you're seeing what.
Let's say you have:
page1.cfm
cfset var1 = this is a test
cflocation url=page2.cfm?variable=#urlEncodedFormat(var1)#
...then, on page2.cfm, you should see in the browser's URL/location bar:
When I output the var on the page I see the encoded version:
index.cfm?variable=this%20is%20a%20test
Eh? You wouldn't see index.cfm, etc. Seriously, like, do this:
cfoutput#url.variable#/cfoutput
Do you see this is a test or this%20etc
On Wed, Jan 23, 2013 at 10:38 AM, Torrent Girl
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Thanks
Rob
On 22 Jan 2013 at 11:12, Greg Morphis wrote:
I saw some request errors but what were they trying to do?
This is what the onRequest error email showed
It was attempted via the URL
On Wed, Jan 23, 2013 at 11:57 AM, Rob Voyle robvo...@voyle.com wrote:
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Thanks
Rob
On 22 Jan 2013 at 11:12, Greg Morphis wrote:
On Wed, Jan 23, 2013 at 12:57 PM, Rob Voyle robvo...@voyle.com wrote:
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Keep in mind that vulnerabilites can come from any input that the attacker
can manipulate, eg
When I output the var on the page I see the encoded version:
index.cfm?variable=this%20is%20a%20test
Eh? You wouldn't see index.cfm, etc. Seriously, like, do this:
cfoutput#url.variable#/cfoutput
Do you see this is a test or this%20etc
On Wed, Jan 23, 2013 at 10:38 AM, Torrent Girl
Still not clear RE: which page is which and where you're seeing what.
Let's say you have:
page1.cfm
cfset var1 = this is a test
cflocation url=page2.cfm?variable=#urlEncodedFormat(var1)#
...then, on page2.cfm, you should see in the browser's URL/location bar:
index.cfm is part of the variable? So your telling cflocation to go to a
url and pass along a value that also includes a file name in it??
Is this online someplace? Because this is a SERIOUSLY simple thing and I
think all of us are missing something obvious.
On Wed, Jan 23, 2013 at 1:59 PM,
Still not clear RE: which page is which and where you're seeing what.
Let's say you have:
page1.cfm
cfset var1 = this is a test
cflocation url=page2.cfm?variable=#urlEncodedFormat(var1)#
...then, on page2.cfm, you should see in the browser's URL/location bar:
By any wild chance did you urlencode it already? If you output
form.searchparam
_before_ the cflocation, and throw in an abort, is it encoded?
Also - you don't need cfoutput tags around a cflocation.
On Wed, Jan 23, 2013 at 2:16 PM, Torrent Girl moniqueb...@gmail.com wrote:
Still not
On Wed, Jan 23, 2013 at 2:16 PM, Torrent Girl moniqueb...@gmail.com wrote:
this is a test
I just ran that and ended up looking at this URL:
http://citiprogram.desk.com/customer/portal/articles/search?q=this%20is%20a%20test
...where that page reads:
1 results found for this is a test
P.S. My test was simply this:
cflocation url=
http://citiprogram.desk.com/customer/portal/articles/search?q=#URLEncodedFormat('thisis
a test')# addtoken=no
On Wed, Jan 23, 2013 at 2:25 PM, John M Bliss bliss.j...@gmail.com wrote:
On Wed, Jan 23, 2013 at 2:16 PM, Torrent Girl
Hello,
I've been doing pretty well w/ my site so far but the powers-that-be requested
a last minute addendum to the code and I'm not sure how to write it. I was
hoping you folks could be of assistance to this developer-in-training.
As it stands, a certain page (random.cfm) will pull info
Expanding on what Russ said, we've got a mimic feature that takes a
logged in session user (session.user variable), moves it (session.
originaluser) and then logs in the admin as the requested user to
mimic. So there is a new session.user and the admin's own session.
originaluser. We
21 matches
Mail list logo