Versioning custom tags by name gets a little crazy after a while.
Do you think that the original tag name should be used with additional
comments in the header and new functionality added as parameters defaulted
to off?
This is such an important foundation to what we do. Maybe we should submit
suggested changes and have new versions of the tag maintained at
fusebox.org...?
By the way, great stuff so far in that security paper Noam. We're going to
use the application.cfm check right now!
Thanks, Phil
-----Original Message-----
From: BOROVOY Noam [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 4:49 AM
To: '[EMAIL PROTECTED]'; 'Bert Dawson'
Subject: RE: auto trim of attributes.*
I've run into some problems with fields containing '<' and have modified
FormURL2Attributes to filter these by replacing them with '<'
Line 82:
<cfset "caller.attributes.#trim(field)#" =
Replace(evaluate("form.#trim(field)#"), "<", "<", "ALL")>
This way they display properly - only catch is they get saved in the
database that way as well...
The funny thing is it still works great for searches - since the search
criteria also gets converted to the same thing and therefore comes up as a
match.
Of course this is not a one size fits all - since searches won't work if you
already had the '<' in your dB fields. But then you would anyway need to
take care of those when displaying - otherwise they would mess up the HTML.
To prevent version problems I renamed the modified FormURL2Attributes as
FilterFormURL2Attributes, that way It's only included in applications where
it can be used safely.
HTH,
Noam
----------
From: Bert Dawson [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, 11 July 2000 20:38
To: '[EMAIL PROTECTED]'
Subject: RE: auto trim of attributes.*
I did a simailar thing to replace < and > with space, and replace "
with '
using a loop before the call to FormURL2Attributes:
<CFIF IsDefined('form.fieldnames')>
<CFLOOP INDEX="field" LIST="#form.fieldnames#">
<CFSET 'form.#field#' = Replacelist(Evaluate(field),
'<,>,"', ' ,
,''')>
</CFLOOP>
</CFIF>
I don't know if this is the best way to do this sort of thing, but i
didn't
want to mess with FormURL2Attributes.
And i suppose if i get the same sort of bugs then I'll just need to
add a
trim to the one place..
Bert
> -----Original Message-----
> From: Jeff Johnson [mailto:[EMAIL PROTECTED]]
> Sent: 11 July 2000 17:33
> To: [EMAIL PROTECTED]
> Subject: auto trim of attributes.*
>
>
> I haven't used trim() around my form fields and now I'm
> getting bug reports from people that put single spaces in
> fields that should
> have real data. Rather than go through a lot of forms and
> try to find every place that needs a trim(), I thought I might
just
> either modify FormURL2Attributes.cfm to trim all form and
> maybe url fields, or I could write a tag to do it and shove it
into
> application.cfm. Any reasons why I shouldn't do this? Any
> better ideas?
>
> Thanks,
> Jeff
>
> --------------------------------------------------------------
> ----------------
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=list
> s/fusebox or send a message to
> [EMAIL PROTECTED] with 'unsubscribe' in the body.
>
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
