I added the following to my CF_FormURL2Attrubites.cfm and am going to rename
my local version of the tag CF_FormURLWDDXEncryption2Attributes.cfm hehe
I include this in say an act_file.cfm:
<CFSCRIPT>
return_message=StructNew();
StructInsert(return_message, "message_text", "Your password has
been emailed to you.");
StructInsert(return_message, "message_type", "Success");
StructInsert(return_message, "fuseaction",
"#attributes.XFA.onNormal#");
</CFSCRIPT>
<cfwddx action="CFML2WDDX" input="#return_message#"
output="client.return_message" usetimezoneinfo="No">
<CFLOCATION url="#self#" addtoken="No">
Each of the name/value pairs in the structure would be variables that you
wanted to access in the attributes scope on the other end.
The main reason I did this is so that I can pass large(er) strings back to
the calling template. I kept running into the 2K buffer.
In FormURL2Attributes I added the followin lines just above the form
processing section. I suppose that the order that you included these parsers
in the file would determine attributes precedence being gotten from say url,
then wddx, then form.
<!--- Added on 3/27/01 to extend the attributes scope to include the WDDX
structure 'client.return_message'
It can include any attributes that are too long for your query_string.
==> client.return_message = a WDDX structure that contains variables that
need to be scoped to attributes. This includes all name=value pairs.
and contains a fuseaction=x pair. Required
Future plans:
==> decrypt = [0|1] if the packet is encrypted then decrypt it. Defaults
to 0.
This would be useful for cookie stored client variables. Not
implemented in this version
==> key = The variable that holds the decryption key. --->
<cfif isdefined("client.return_message") and len(client.return_message)>
<CF_WDDX_IsPacketValid
PACKET="#client.return_message#">
<CFIF WDDX_IsPacketValid>
<cfwddx action="WDDX2CFML" input="#client.return_message#"
output="AttributesTemp">
<cfloop index="formItem" list="#StructKeyList(AttributesTemp)#">
<cfset "caller.attributes.#trim(formItem)#" =
"#Evaluate("AttributesTemp." & formItem)#">
</cfloop>
<!--- Reinitialize the clientvar so we do not pass the WDDX packet every
time. --->
<cfset client.return_message = "">
</cfif>
</cfif>
The CF_WDDX_IsPacketValid is available from the Developers exchange.
Then I added a way to encrypt the fuseactions in my pages, so my forms and
links are encrypted like so:
http://cliniweb.isu.edu/index.cfm?fuseaction=decrypt&B6V%26%20KK9%24F761L0%5
EB0GY9CXL%3FU%3B%3E%21DX%5FQOF9C7X%40%282%29F5%20B0%2B%0A=
Try to break into that and pass fako parameters. Alan, maybe a better
implementation than using a lookup table for fake UUID's to mask numbers?
This will always pass to the same fuse, decrypt which is handled in
CF_FormURL2Attributes with just a different urlencoded, encrypted
query_string. I plan to implement the encryption into the WDDX portion so
that I can encrypt longer strings than can fit in a url and pass them
seamlessly.
In my app_Globals.cfm I set the key, and wether I want to encrypt all my
links that have this code (I don't stick it in all of them, just the ones
that have DB related numbers that I do not want people to muck with).
<cfset request.EncryptLinks="1">
<cfset request.thekey="Thisismyencryptionkey">
To use this I put this stuff in place of the link in my code:
<cfset theLink =
"fuseaction=#attributes.XFA.onDelete#&StudentID=#QueryStudentBySchool.stu_id
#"> --the query_string
Then based on weither I am encrypting or not (turn it off for debugging
purposes, believe me or your brain will fry).
<A
href="#self#?#IIf(request.EncryptLinks,DE("fuseaction=decrypt&#URLEncodedFor
mat(encrypt(theLink,request.thekey))#="),DE("#theLink#"))#">Delete</A>
Then added the following code in my CF_FormURL2Attrubites.cfm file:
<cfelse>
-snipp-
<!--- This is for converting url fields to attributes scoped variables.
They may come in encrypted or normally. --->
<cfif isDefined("URL.fuseaction") AND URL.fuseaction IS "decrypt">
<!--- Added on 3/27/01 to use fuseaction = decrypt Joseph Higgins
[EMAIL PROTECTED]
This tag takes a query_string formatted like:
fuseaction=decrypt&ENCRYPTEDCONTENT=A.
It lops off the =A and fuseaction=decrypt&, decrypts the string into the
new
query_string.--->
<!--- Decrypt and extract the string.
To encrypt the string use the following in your code to produce your
links.
#self#?fuseaction=decrypt&#URLEncodedFormat(encrypt('fuseaction='&attributes
..XFA.onCancel,request.key))#= --->
<cfset Local.query_string = "#decrypt( URLDecode( Left(
(Right(cgi.query_string,(Len(cgi.query_string)-19))) ,
(Len(Right(cgi.query_string,(Len(cgi.query_string)-19)))-1) ) ),caller.reque
st.thekey)#">
<cfset caller.attributes.output = Local.query_string>
<!--- Create Attributes scopes --->
<cfloop list="#Local.query_string#" delimiters="&" index="valuepair">
<cfset DecryptName = "#ListGetAt(valuepair, 1, "=")#">
<CFIF refindnocase("[[:alpha:]]",left(trim(DecryptName),1)) and NOT
ISDEFINED( 'caller.ATTRIBUTES.' & DecryptName )>
<cfset "caller.attributes.#DecryptName#" = "#ListGetAt(valuepair, 2,
"=")#">
<!--- Remove these next 2 lines if you don't want a list of all
attributes...
it'll speed up processing by about .15 millisecond--->
<!---<cfset request.attributeslist =
listappend(request.attributeslist,DecryptName,"&")>
<cfset request.attributeslist =
listappend(request.attributeslist,urlencodedformat(evaluate("#DecryptName#")
),"=")> --->
</CFIF>
</cfloop>
<cfelseif isDefined("cgi.query_string")>
<!--- Unencrypted url. --->
<cfloop list="#cgi.query_string#" delimiters="&" index="valuepair">
<cfset URLName = "#ListGetAt(valuepair, 1, "=")#">
<CFIF refindnocase("[[:alpha:]]",left(trim(urlname),1)) and NOT
ISDEFINED( 'caller.ATTRIBUTES.' & urlname )>
<cfset "caller.attributes.#urlname#" =
"#evaluate("url."&"#urlname#")#">
<!--- Remove these next 2 lines if you don't want a list of all
attributes...
it'll speed up processing by about .15 millisecond--->
<!--- <cfset request.attributeslist =
listappend(request.attributeslist,urlname,"&")>
<cfset request.attributeslist =
listappend(request.attributeslist,urlencodedformat(evaluate("url.#urlname#")
),"=")> --->
</CFIF>
</cfloop>
</cfif>
</cfif>
--snip--
</cfif>
Right now I hope all of your brains are frying as mine is - been working on
this since 11 am today and it is now 2am tomorrow.
A shrubbery?! Bring out yer dead. Hey I'm not quite dead yet. Here it comes
begin the lashings.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists