the url is not a variable name, its a structure A structure key, which is what a url variable is, can have spaces
Regards Steve Onnis Domain Concept Designs +61 422 337 685 +61 3 9444 7504 http://www.domainconceptdesigns.com <http://www.domainconceptdesigns.com> ("If you think it can't be done, you haven't asked me!") - Steve Onnis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 4:32 PM To: CFAussie Mailing List Subject: [cfaussie] RE: CFMX allows spaces in URL variable names This email is to be read subject to the disclaimer below. Steve, My point wasn't that it's not possible rather that it shouldn't be allowed. The CFMX documentation clearly states that: 'A variable name cannot contain spaces'. So I was wondering if this is a bug or a feature ;-) Cheers, Vik --------------------- Viktor Radnai Web Developer, National E-Commerce, Ernst & Young Direct: +61 2 9248 4361 "Steve Onnis" <[EMAIL PROTECTED]> To: "CFAussie Mailing List" <[EMAIL PROTECTED]> Sent by: cc: [EMAIL PROTECTED] Subject: [cfaussie] RE: CFMX allows spaces in URL variable names mon.com.au 12/03/2003 04:15 PM Please respond to "CFAussie Mailing List" Viktor If you create or call your url vars as URL["Test Var"] you wont have any issues:P Regards Steve Onnis Domain Concept Designs +61 422 337 685 +61 3 9444 7504 http://www.domainconceptdesigns.com <http://www.domainconceptdesigns.com> ("If you think it can't be done, you haven't asked me!") - Steve Onnis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 4:07 PM To: CFAussie Mailing List Subject: [cfaussie] CFMX allows spaces in URL variable names This email is to be read subject to the disclaimer below. Hi all, I don't know if anyone has noticed this before but CFMX doesn't seem to check if variables have spaces in them before placing them into the URL scope (possibly does the same with Form and Cookie variables I suppose). This can then cause all sorts of weird errors later if you happen to loop through the URL, Form or Cookie scope (and can reveal some code to people with malicious intent). For example, 'http://mysite.com/page.cfm?test%20var=something' would happily get passed into the variable 'URL.test var' by CFMX... I'm not sure if it's a bug or deliberate laxness for legacy purposes but I thought it's worth a mention. Cheers, Vik --------------------- Viktor Radnai Web Developer, National E-Commerce, Ernst & Young Direct: +61 2 9248 4361 -------------------- NOTICE - This communication contains information which is confidential and the copyright of Ernst & Young or a third party. If you are not the intended recipient of this communication please delete and destroy all copies and telephone Ernst & Young on 1800 655 717 immediately. If you are the intended recipient of this communication you should not copy, disclose or distribute this communication without the authority of Ernst & Young. Any views expressed in this Communication are those of the individual sender, except where the sender specifically states them to be the views of Ernst & Young. Except as required at law, Ernst & Young does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. Liability limited by the Accountants Scheme, approved under the Professional Standards Act 1994 (NSW) -------------------- --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/ --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/ -------------------- NOTICE - This communication contains information which is confidential and the copyright of Ernst & Young or a third party. If you are not the intended recipient of this communication please delete and destroy all copies and telephone Ernst & Young on 1800 655 717 immediately. If you are the intended recipient of this communication you should not copy, disclose or distribute this communication without the authority of Ernst & Young. Any views expressed in this Communication are those of the individual sender, except where the sender specifically states them to be the views of Ernst & Young. Except as required at law, Ernst & Young does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. Liability limited by the Accountants Scheme, approved under the Professional Standards Act 1994 (NSW) -------------------- --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/ --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
