[CFXML_Blog] RE: Re[2]: ToString(xml) and Sandboxes

[Steven Erat]

Bug 48509 is definitely not fixed in Redsky.   I believe that I may have a workaround:

Lines 172-184 of blog.cfc convert outputted text to an xml object by using the cfxml 
tag, then it converts the xmlobject back to a string for use in the cffile tag.

I suggest that the conversion be skipped completely by 1) changing cfxml to 
cfsavecontent, and 2) removing the tostring() function.



For example, the code was this:
============================

<cfxml variable="salvaxml">
<multi>
<cfloop index="k" from="1" to="#arraylen(salva)#">
<cfset partexml=replace(tostring(salva[k]),"<?xml version=""1.0"" 
encoding=""UTF-8""?>","","ALL")>
<cfoutput>#partexml#</cfoutput>
</cfloop>
</multi>
</cfxml>
<cflock timeout="10" throwontimeout="Yes" name="#pform.data#_lock" type="EXCLUSIVE">
<cffile charset="UTF-8" action="write" 
     file="#request.percorsoblog#\blog\#pform.data#.xml" 
     nameconflict="OVERWRITE" 
     output="#CDataFormat(tostring(salvaxml))#">
<cfinvoke component="blog" method="caricagiorni">
</cfinvoke>
</cflock>


So, change it to this:
===========================
<cfsavecontent variable="salvaxml">
<multi>
<cfloop index="k" from="1" to="#arraylen(salva)#">
<cfset partexml=replace(tostring(salva[k]),"<?xml version=""1.0"" 
encoding=""UTF-8""?>","","ALL")>
<cfoutput>#partexml#</cfoutput>
</cfloop>
</multi>
</cfsavecontent >
<cflock timeout="10" throwontimeout="Yes" name="#pform.data#_lock" type="EXCLUSIVE">
<cffile charset="UTF-8" action="write" 
     file="#request.percorsoblog#\blog\#pform.data#.xml" 
     nameconflict="OVERWRITE" 
     output="#CDataFormat(salvaxml)#">
<cfinvoke component="blog" method="caricagiorni">
</cfinvoke>
</cflock>


You will also have to change lines 236 - 249 for the addcomment method.  

I have tested this and it works for me, and it avoids using ToString.  Let me know how 
it works for you in a sandbox.

- Steve



-----Original Message-----
From: Oguz Demirkapi [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 22, 2003 6:28 PM
To: [EMAIL PROTECTED]
Subject: Re[2]: ToString(xml) and Sandboxes (was [CFXML_Blog] Change Reque st: RSS 
Category Feeds)



Thanks for your answer.

serat> Oguz:
serat> 
serat> I believe that you are referring to bug 48509.  The bug is for tostring(xmlobj) 
failing in a sandbox and throwing a NPE.   I've seen you mention that this is fixed in 
redsky, but I don't think so.  This discussion should really be on the redsky list, 
not here.  That bug is open, and is not fixed in redsky.

Yes it is same bug #.

I have tried at my local by activating sandbox security and it seems it is ok. But I 
can not be sure and just because of that I want to see one more test if it is ok or 
not.

I know it is not the correct place, but unfortunately nobody has answered my questions 
on RedSky beta forums and I wanted to also try to find a solution only for this bug 
here. Sorry !

serat> Do you have another bug number?  Have you tried the blog on 
serat> Redsky?  Which build?

No it is same bug #.  I have all blog version. I have tried with 1.2 and 1.5 with GMC 
build and it seems it is ok. But of course I do not know how my hosting company done 
Sandbox security etc. I will not be sure until new patch implementation. 

serat> 
serat> Thanks

I am really sorry. I could not use my blog application now and I do not want to switch 
into any other blog application. I hope we could find a solution in a short time.


Thanks in advance !