I'll second Sean's "don't do that!", and I'll come in with a reason why.
Because this is for a CMS, you will (I assume) have end users putting content in and specifying hashed values that you want to evaluate. Firstly, keep in mind that you'll have to do something to handle it if the user puts in something invalid (eg undefined, but plenty of other possibilities too). The big concern I have is that you are opening up yourself to malicious code injecting. How will you stop users putting great strings of nasty CF code in that either attack the system or reveal things about the system that aid in attacking the system? Having said that, if I've made a wrong assumption about this and this warning does not apply to your particular situation or there's any other reason why this risk will not apply to your system, please reply with a short post saying so. Long explanations are not necessary. I will accept your (or anyone else's) reply and will not be replying to it. If I feel some overwhelming need to reply, I'll probably even do it off list. ;-) Regards Darren Tracey Systems Analyst Web Applications p: + 61 7 3232 4091 (x64091) f: + 61 7 3232 4022 e: [EMAIL PROTECTED] > l: Lvl 9, 388 Queen St Brisbane QLD 4000 > > > -----Original Message----- > From: Sean Corfield [SMTP:[EMAIL PROTECTED] > Sent: Thursday, 1 July 2004 16:12 > To: CFAussie Mailing List > Subject: [cfaussie] Re: Parsing DB content containing CF Vars > > On Thu, 1 Jul 2004 15:30:30 +1000, Jason Bayly <[EMAIL PROTECTED]> > wrote: > > Working on a basic custom CMS system for a client and was wondering if > > anyone has a bright idea on how to convert any cfvars in the content to > > their values. > > My first reaction is "don't do that!" but somehow folks never accept that > :) > > My second reaction is use regex to process the string from the DB. > Search for patterns like this: > > #([^#]*)# > > and then for each match, replace it with evaluate(x) where x is the > matched pattern. > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Aussie Macromedia Developers: http://lists.daemon.com.au/ ----------------------------------------------------------------------------------- This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its related entities ("Suncorp"). Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 1800 689 762 or at suncorp.com.au. The content of this e-mail is the view of the sender or stated author and does not necessarily reflect the view of Suncorp. The content, including attachments, is a confidential communication between Suncorp and the intended recipient. If you are not the intended recipient, any use, interference with, disclosure or copying of this e-mail, including attachments, is unauthorised and expressly prohibited. If you have received this e-mail in error please contact the sender immediately and delete the e-mail and any attachments from your system. If this e-mail constitutes a commercial message of a type that you no longer wish to receive please reply to this e-mail by typing Unsubscribe in the subject line. --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
