Aye, ye might have a use for Sandeep's file as well for some form var
scrubbing:-)
<!---
Name: Input filter v1
Use: This file cleans up all the form and url fields before they are used in
the code.
Especially useful in filtering out MSword tags before they are committed
to the database.
Can also be used to filter out any other tags that the programmer does not
want the user to use.
Usage: copy this file to your websites root directory and <cfinclude> this
file in your application.cfm.
you can even use this file in appglobals.cfm or index.cfm if you are
using fusebox methodology to build your application.
eg:
<cfinclude template="cleanfields.cfm">
Important Note:
You have to exclude file upload fields from going through the filter
process.
For this the naming convention for upload fields in an application needs to
be consistent for eg:
- you can name your upload fields like file1, file2 ....etc and use the
below code.
- If you prefer to name your upload files differently make sure they are
consistent (i.e a part of the name appears in all fields)
and change the code marked with ********** appropriately.
Code: Sandeep Shetty, Alpha EC London
[EMAIL PROTECTED]
--->
<cfsetting enablecfoutputonly="Yes">
<!--- Cleans up form fields --->
<cfif IsDefined("form.FieldNames")>
<!--- Cleanup List --->
<cfset attributes = "xmlns([[:punct:]]+|[[:alpha:]]+)">
<cfset tags =
"<script[^>]*>|</script>|<%[^>]*%>|<asp:[^>]*>|<asp:[[[:alpha:]]+]*>|<embed[
^>]*>|</embed>|<object[^>]*>|</object>|<applet[^>]*>|</applet>|<font[^>]*>|<
/font>|<meta[^>]*>">
<cfset msword =
"class=([[:alpha:]]+|('|"")[^('|"")]*('|""))|style=""[^""]*""|<o:p></o:p>|<s
pan[^>]*>|</span>| ">
<!--- The expression --->
<cfset FormExpr = "#tags#|#msword#|#attributes#">
<!--- Loop through the form variables --->
<cfloop list="#form.FieldNames#" index="field">
<!--- ******************************Exclude file fields from filter
below*************************** --->
<cfif field DOES NOT CONTAIN "file"> <!--- replace the word
'file' with
any upload name part you use --->
<cfset "form.#Trim(field)#" =
ReReplaceNoCase(Evaluate("form.#field#"),"#FormExpr#","","ALL")>
<!--- You can replace the above code to
<cfset "attributes.#Trim(field)#" =
ReReplaceNoCase(Evaluate("form.#field#"),"#FormExpr#","","ALL")>
if you use fusebox
--->
</cfif>
<!--- ******************************Exclude file fields from filter
above*************************** --->
</cfloop>
</cfif>
<!--- Cleans up URL fields --->
<cfif Len(cgi.query_string)>
<!--- Cleanup List --->
<cfset URLExpr =
"<script[^>]*>|</script>|<font[^>]*>|</font>|<meta[^>]*>">
<!--- Loop through URL variables --->
<cfloop list="#cgi.query_string#" delimiters="&" index="valuepair">
<cfif ListLen(valuepair,"=") EQ 2>
<cfset URLName = "#ListGetAt(valuepair, 1, '=')#">
<cfset "URL.#URLName#" =
ReReplaceNoCase(Evaluate("URL.#URLName#"),"#URLExpr#","","ALL")>
<!--- You can replace the above code to
<cfset "attributes.#URLName#" =
ReReplaceNoCase(Evaluate("form.#field#"),"#FormExpr#","","ALL")>
if you use fusebox
--->
</cfif>
</cfloop>
</cfif>
<cfsetting enablecfoutputonly="No">
-----Original Message-----
From: Colm Brazel [mailto:c.brazel@;ntlworld.ie]
Sent: 13 November 2002 12:42
To: [EMAIL PROTECTED]
Subject: RE: [ cf-dev ] Micro$hite
AFAIK textpad doesn't collect the notepad etc dross causing these problems
-----Original Message-----
From: Taz -=TT=- [mailto:chris@;cfmaster.co.uk]
Sent: 13 November 2002 12:37
To: [EMAIL PROTECTED]
Subject: Re: [ cf-dev ] Micro$hite
> Notepad at it again then..... Use textpad http://www.textpad.com/ and
> configure it the way you like for unix or windows
What on earth are you talking about???
Taz
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.394 / Virus Database: 224 - Release Date: 10/3/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.394 / Virus Database: 224 - Release Date: 10/3/2002
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.394 / Virus Database: 224 - Release Date: 10/3/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.394 / Virus Database: 224 - Release Date: 10/3/2002
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
