Re: security issue with reading file with cfimage read and write
What is the security issue exactly? Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 20 May 2014 03:19, Matthew Smith chedders...@gmail.com wrote: /Had it working a couple of times but I think I am having pathing issues here and there. NOt sure where I am off... Any help is appreciated... cftry cfimage action=read name=myImage source=/site_theartoflovingcatsanddogs_com/taolcad_images/products/resize/#qry_allItemsInProductKeyList.largepic1# cfcatch cfimage action=read name=myImage source=/site_theartoflovingcatsanddogs_com/taolcad_images/products/#qry_allItemsInProductKeyList.largepic1# !--- Set the square size of the thumb --- cfset sq_size = 333 !--- Write the result to a file. --- cfset ImageSetAntialiasing(myImage,on) cfset ImageScaleToFit(myImage,sq_size,sq_size) !--- Calculate the x and y position to paste the image --- cfif myImage.width GTE myImage.height cfset x = 0 cfset y = ceiling((myImage.width - myImage.height)/2) cfelse cfset x = ceiling((myImage.height - myImage.width)/2) cfset y = 0 /cfif cfset newimg = ImageNew(,sq_size, sq_size, rgb, c4cba9) cfset ImagePaste(newimg, myImage, x, y) cfset ImageWrite(newimg,/site_theartoflovingcatsanddogs_com/taolcad_images/products/resize/#qry_allItemsInProductKeyList.largepic1#) /cfcatch /cftry ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: security issue with reading file with cfimage read and write
The try catch seems peculiar. If the first CFimage fails and throws an error, things go inside the cfcatch. The first line inside there is the same as the very first, so I would assume you are really getting 2 of the same errors in a row, and not catching the second. I can only see this working, if some code just wrote the original file and is locked on the first try but not the second try when reading the file. Byron Mann Lead Engineer Architect HostMySite.com On May 19, 2014 10:19 PM, Matthew Smith chedders...@gmail.com wrote: /Had it working a couple of times but I think I am having pathing issues here and there. NOt sure where I am off... Any help is appreciated... cftry cfimage action=read name=myImage source=/site_theartoflovingcatsanddogs_com/taolcad_images/products/resize/#qry_allItemsInProductKeyList.largepic1# cfcatch cfimage action=read name=myImage source=/site_theartoflovingcatsanddogs_com/taolcad_images/products/#qry_allItemsInProductKeyList.largepic1# !--- Set the square size of the thumb --- cfset sq_size = 333 !--- Write the result to a file. --- cfset ImageSetAntialiasing(myImage,on) cfset ImageScaleToFit(myImage,sq_size,sq_size) !--- Calculate the x and y position to paste the image --- cfif myImage.width GTE myImage.height cfset x = 0 cfset y = ceiling((myImage.width - myImage.height)/2) cfelse cfset x = ceiling((myImage.height - myImage.width)/2) cfset y = 0 /cfif cfset newimg = ImageNew(,sq_size, sq_size, rgb, c4cba9) cfset ImagePaste(newimg, myImage, x, y) cfset ImageWrite(newimg,/site_theartoflovingcatsanddogs_com/taolcad_images/products/resize/#qry_allItemsInProductKeyList.largepic1#) /cfcatch /cftry ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358665 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: security issue with reading file with cfimage read and write
The first call is to the ./resize/ directory for the already processed image. If that fails, the source image is read, processed, and saved into the ./resize/ directory. At a glance it seems like this code should work OK. I'm no sure what Matthew's question is either. (As long as allItemsInProductKeyList.largepic1 isn't user-defined that is.) On 5/20/14, 3:22 AM, Byron Mann wrote: The try catch seems peculiar. If the first CFimage fails and throws an error, things go inside the cfcatch. The first line inside there is the same as the very first, so I would assume you are really getting 2 of the same errors in a row, and not catching the second. I can only see this working, if some code just wrote the original file and is locked on the first try but not the second try when reading the file. Byron Mann Lead Engineer Architect HostMySite.com On May 19, 2014 10:19 PM, Matthew Smith chedders...@gmail.com wrote: /Had it working a couple of times but I think I am having pathing issues here and there. NOt sure where I am off... Any help is appreciated... cftry cfimage action=read name=myImage source=/site_theartoflovingcatsanddogs_com/taolcad_images/products/resize/#qry_allItemsInProductKeyList.largepic1# cfcatch cfimage action=read name=myImage source=/site_theartoflovingcatsanddogs_com/taolcad_images/products/#qry_allItemsInProductKeyList.largepic1# !--- Set the square size of the thumb --- cfset sq_size = 333 !--- Write the result to a file. --- cfset ImageSetAntialiasing(myImage,on) cfset ImageScaleToFit(myImage,sq_size,sq_size) !--- Calculate the x and y position to paste the image --- cfif myImage.width GTE myImage.height cfset x = 0 cfset y = ceiling((myImage.width - myImage.height)/2) cfelse cfset x = ceiling((myImage.height - myImage.width)/2) cfset y = 0 /cfif cfset newimg = ImageNew(,sq_size, sq_size, rgb, c4cba9) cfset ImagePaste(newimg, myImage, x, y) cfset ImageWrite(newimg,/site_theartoflovingcatsanddogs_com/taolcad_images/products/resize/#qry_allItemsInProductKeyList.largepic1#) /cfcatch /cftry ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358666 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
security issue with reading file with cfimage read and write
/Had it working a couple of times but I think I am having pathing issues here and there. NOt sure where I am off... Any help is appreciated... cftry cfimage action=read name=myImage source=/site_theartoflovingcatsanddogs_com/taolcad_images/products/resize/#qry_allItemsInProductKeyList.largepic1# cfcatch cfimage action=read name=myImage source=/site_theartoflovingcatsanddogs_com/taolcad_images/products/#qry_allItemsInProductKeyList.largepic1# !--- Set the square size of the thumb --- cfset sq_size = 333 !--- Write the result to a file. --- cfset ImageSetAntialiasing(myImage,on) cfset ImageScaleToFit(myImage,sq_size,sq_size) !--- Calculate the x and y position to paste the image --- cfif myImage.width GTE myImage.height cfset x = 0 cfset y = ceiling((myImage.width - myImage.height)/2) cfelse cfset x = ceiling((myImage.height - myImage.width)/2) cfset y = 0 /cfif cfset newimg = ImageNew(,sq_size, sq_size, rgb, c4cba9) cfset ImagePaste(newimg, myImage, x, y) cfset ImageWrite(newimg,/site_theartoflovingcatsanddogs_com/taolcad_images/products/resize/#qry_allItemsInProductKeyList.largepic1#) /cfcatch /cftry ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358659 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
