This email is to be read subject to the disclaimer below. Hi all,
I don't know if anyone has noticed this before but CFMX doesn't seem to check if variables have spaces in them before placing them into the URL scope (possibly does the same with Form and Cookie variables I suppose). This can then cause all sorts of weird errors later if you happen to loop through the URL, Form or Cookie scope (and can reveal some code to people with malicious intent). For example, 'http://mysite.com/page.cfm?test%20var=something' would happily get passed into the variable 'URL.test var' by CFMX... I'm not sure if it's a bug or deliberate laxness for legacy purposes but I thought it's worth a mention. Cheers, Vik --------------------- Viktor Radnai Web Developer, National E-Commerce, Ernst & Young Direct: +61 2 9248 4361 -------------------- NOTICE - This communication contains information which is confidential and the copyright of Ernst & Young or a third party. If you are not the intended recipient of this communication please delete and destroy all copies and telephone Ernst & Young on 1800 655 717 immediately. If you are the intended recipient of this communication you should not copy, disclose or distribute this communication without the authority of Ernst & Young. Any views expressed in this Communication are those of the individual sender, except where the sender specifically states them to be the views of Ernst & Young. Except as required at law, Ernst & Young does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. Liability limited by the Accountants Scheme, approved under the Professional Standards Act 1994 (NSW) -------------------- --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
