This email is to be read subject to the disclaimer below.

Hi all,

I don't know if anyone has noticed this before but CFMX doesn't seem to
check if variables have spaces in them before placing them into the URL
scope (possibly does the same with Form and Cookie variables I suppose).
This can then cause all sorts of weird errors later if you happen to loop
through the URL, Form or Cookie scope (and can reveal some code to people
with malicious intent).

For example, 'http://mysite.com/page.cfm?test%20var=something'  would
happily get passed into the variable 'URL.test var' by CFMX...

I'm not sure if it's a bug or deliberate laxness for legacy purposes but I
thought it's worth a mention.

Cheers,
Vik
---------------------
Viktor Radnai
Web Developer, National E-Commerce, Ernst & Young
Direct:  +61 2 9248 4361


--------------------
NOTICE - This communication contains information which is confidential and
the copyright of Ernst & Young or a third party.

If you are not the intended recipient of this communication please delete
and destroy all copies and telephone Ernst & Young on 1800 655 717
immediately. If you are the intended recipient of this communication you
should not copy, disclose  or distribute this communication without the
authority of Ernst & Young.

Any views expressed in this Communication are those of the individual
sender, except where the sender specifically states them to be the views of
Ernst & Young.

Except as required at law, Ernst & Young does not represent, warrant and/or
guarantee that the integrity of this communication has been maintained nor
that the communication is free of errors, virus, interception or
interference.

Liability limited by the Accountants Scheme, approved under the
Professional Standards Act 1994 (NSW)
--------------------




---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

Reply via email to