coldfusion-2016

ColdFusion doing OWASP esapi via Java

假装没事ソ 提交于 2021-01-28 02:26:57
问题 I am have some old ColdFusion code. It was originally written for CF9, but is now running on CF 2016. application.cfc local.esapi = createObject("java", "org.owasp.esapi.ESAPI"); application.esapiEncoder = local.esapi.encoder() Much later Regular page form.Reason = application.esapiEncoder.encodeForHtml(form.Reason); I am thinking of replacing this with form.Reason = encodeForHTML(form.Reason); Do these function the same? 回答1: Yes, the encodeForX() functions use OWASP's ESAPI behind the

ColdFusion doing OWASP esapi via Java

南笙酒味 提交于 2021-01-27 22:40:56
问题 I am have some old ColdFusion code. It was originally written for CF9, but is now running on CF 2016. application.cfc local.esapi = createObject("java", "org.owasp.esapi.ESAPI"); application.esapiEncoder = local.esapi.encoder() Much later Regular page form.Reason = application.esapiEncoder.encodeForHtml(form.Reason); I am thinking of replacing this with form.Reason = encodeForHTML(form.Reason); Do these function the same? 回答1: Yes, the encodeForX() functions use OWASP's ESAPI behind the

Is there a way to prevent cfchart from forcing js into response content?

白昼怎懂夜的黑 提交于 2020-03-03 06:28:20
问题 Update: reported bug, votes appreciated https://tracker.adobe.com/#/view/CF-4200017 We are migrating from ColdFusion 10 to 2016. It appears the only hurdle with compatibility is the change in charting system. For full page requests this is generally fine but in some spots we generate a chart in png format, capture the content generated and strip out some js that is generated simultaneously and return the result in json as part of a page update. A problem we are running into is that CF is

ColdFusion 2016: Can you have a folder in your web root named 'api' or 'rest'?

非 Y 不嫁゛ 提交于 2020-02-23 10:22:12
问题 I just installed ColdFusion 2016 (upgraded from CF10) and I noticed that whenever I try and access a folder in my webroot called 'api', I get an internal 500 error. For example: www.mysite.com/api/ I assume this has something to do with the new ColdFusion API REST service so I created another directory called 'rest', performed the same test (www.mysite.com/rest/), and received yet another 500 error. See the IIS error screenshot: The strange thing is that I don't use the ColdFusion REST

cfquery crashes when there are tsql comments

北城以北 提交于 2019-12-19 06:18:53
问题 This does not crash in ColdFusion 11, but does crash in ColdFusion 2016 SELECT * FROM dbo.Roles WITH (NOLOCK) WHERE Code IS NOT NULL AND Active = 1 AND RoleID IN (SELECT RoleID FROM dbo.Emp WITH (NOLOCK)) -- It's ok to look at termed employees This works OK in both SELECT * FROM dbo.Roles WITH (NOLOCK) WHERE Code IS NOT NULL AND Active = 1 AND RoleID IN (SELECT RoleID FROM dbo.Emp WITH (NOLOCK)) Is there a setting to restore the orginal behavior? UPDATE I thought I had a minimal example of

ColdFusion too big to be an integer

天涯浪子 提交于 2019-12-19 05:53:13
问题 I am trying to convert a large number going in to Megabytes. I don't want decimals numeric function formatMB(required numeric num) output="false" { return arguments.num \ 1024 \ 1024; } It then throws an error How do I get around this? 回答1: You can't change the size of a Long, which is what CF uses for integers. So you'll need to BigInteger instead: numeric function formatMB(required numeric num) { var numberAsBigInteger = createObject("java", "java.math.BigInteger").init(javacast("string",

How to fix 'POST request Exceeded' error while we passed the number of parameters to the server using API call (POST request) in ColdFusion?

泄露秘密 提交于 2019-12-12 19:45:49
问题 In my Application, I have the 300 user permissions for user role 'admin'. As a super admin, added a new admin users means, need to enable the user permissions for this admin user. If I choose below 100 and sent it to the backend via API call POST method, I can able to get the success response. But, If I'm selecting more than 100 means, I couldn't able to get the success response. It's throwing error message like 'POST request Exceeded'. 回答1: I'm sure, ColdFusion has some settings for this. So

ColdFusion 2016 - Security service not available

痞子三分冷 提交于 2019-12-11 10:41:08
问题 CF 2016 on windows10 with IIS I've checked other threads on similar issues and they don't appear to apply. My laptop has needed to be crash-started on a number of occasions recently due to the laptop not waking up from sleep mode. A couple of times ColdFusion 2016 didn't start automatically and needed to be manually started. Now, ColdFusion appears to be starting automatically, but now I'm getting an error: HTTP Error 500.0 - The Security service is not available. I'm afraid I have no idea

ColdFusion: trying to create dynamic downloadable PDF, but not create a file?

落花浮王杯 提交于 2019-12-11 05:42:38
问题 I haven't been able to find an answer to this ColdFusion/PDF question so here goes: I already have a back-end that creates dynamic PDFs using CFDOCUMENT . The user has to submit payment first via authorize.net, then once the payment is processed, they click a link to download a dynamic PDF we create. The PDF is saved in a file on our server. The link the user clicks to download it calls CFHEADER and CFCONTENT which points to the PDF location on the server and it downloads for them. However, I