Is anyone here using Portcullis to defend against SQL Injection and/or XSS attacks? My clients has been using for it for a bit to secure its web server and suddenly its choking on FCKEdit, not every instance but just the newest app I've added to one of their sites.
I even tried copying the code exactly from another page that works and it still breaks. I converted the FCKEdit field to a textarea field and it works fine so it's not the field name or the content that's causing the issue. Anyway the error is: The string "url.404HTTPERCMSHORG80LEADERNETEDITORFCKEDITORHTMLINSTANCENAME" is not a valid ColdFusion variable name. Valid variable names must start with a letter, and can only contain letter, numbers, and underscores. The error occurred in D:\Inetpub\wwwroot\ERC\com\fusionlink\Portcullis.cfc: line 94 92 : <cfheader name="Set-Cookie" value="#itemname#=#temp.cleanText#;HttpOnly"> 93 : <cfelse> 94 : <cfset "#objectname#.#itemname#" = temp.cleanText/> 95 : </cfif> 96 : </cfif> Duane Boudreau Sandy Bay Networks P: 902.232.2345 x222 P: 603.879.0249 x222 F: 866.631.6272 http://www.sandybay.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317855 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
