I just put the following in my application template to check all urls:
<cfscript>
tmp = urldecode(cgi.query_string);
// remove all opening and closing tags..
tmp = Replace(tmp, "<", "", "ALL");
tmp = Replace(tmp, ">", "", "ALL");
// remove other...
// [ and ] have to be handled seperately
other="[\(){}]";
tmp = REReplace(tmp,other,"","ALL");
tmp = Replace(tmp,"[","","ALL");
tmp = Replace(tmp,"]","","ALL");
tmp = Replace(tmp,"+","","ALL");
tmp = Replace(tmp,"*","","ALL");
tmp = ReplaceNoCase(tmp,"DROP","","ALL");
tmp = ReplaceNoCase(tmp,"DELETE","","ALL");
tmp = ReplaceNoCase(tmp,"exe","","ALL");
</cfscript>
<cfif CompareNoCase(cgi.query_string,tmp) GT 0>
<!--- cfmail tag can go here...... --->
<cfabort>
</cfif>
>Would you be willing to share your modded cf_codecleaner custom tag?
>
>Thanks!
>MAD
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Special thanks to the CF Community Suite Silver Sponsor - RUWebby
http://www.ruwebby.com
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:188153
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
