> Expanding on what Russ said, we've got a "mimic" feature that takes a
> logged in session user (session.user variable), moves it (session.
> originaluser) and then logs in the admin as the requested user to
> mimic. So there is a new session.user and the admin's own session.
> originaluser.
Hello,
I've been doing pretty well w/ my site so far but the powers-that-be requested
a last minute addendum to the code and I'm not sure how to write it. I was
hoping you folks could be of assistance to this developer-in-training.
As it stands, a certain page (random.cfm) will pull info ba
P.S. My test was simply this:
http://citiprogram.desk.com/customer/portal/articles/search?q=#URLEncodedFormat('thisis
a test')#" addtoken="no">
On Wed, Jan 23, 2013 at 2:25 PM, John M Bliss wrote:
>
> On Wed, Jan 23, 2013 at 2:16 PM, Torrent Girl wrote:
>
>> this is a test
>
>
> I just ran th
On Wed, Jan 23, 2013 at 2:16 PM, Torrent Girl wrote:
> this is a test
I just ran that and ended up looking at this URL:
http://citiprogram.desk.com/customer/portal/articles/search?q=this%20is%20a%20test
...where that page reads:
1 results found for "this is a test"
...all of which is corr
By any wild chance did you urlencode it already? If you output
form.searchparam
_before_ the cflocation, and throw in an abort, is it encoded?
Also - you don't need cfoutput tags around a cflocation.
On Wed, Jan 23, 2013 at 2:16 PM, Torrent Girl wrote:
>
> >Still not clear RE: which page is
>Still not clear RE: which page is which and where you're seeing what.
>
>Let's say you have:
>
>page1.cfm
>
>
>
>
>...then, on page2.cfm, you should see in the browser's URL/location bar:
>
>...page2.cfm?variable=this%20is%20a%20test
>
>...and, on page2.cfm, if you do this:
>
>#url.variable#
>
>.
index.cfm is part of the variable? So your telling cflocation to go to a
url and pass along a value that also includes a file name in it??
Is this online someplace? Because this is a SERIOUSLY simple thing and I
think all of us are missing something obvious.
On Wed, Jan 23, 2013 at 1:59 PM, To
>Still not clear RE: which page is which and where you're seeing what.
>
>Let's say you have:
>
>page1.cfm
>
>
>
>
>...then, on page2.cfm, you should see in the browser's URL/location bar:
>
>...page2.cfm?variable=this%20is%20a%20test
>
>...and, on page2.cfm, if you do this:
>
>#url.variable#
>
>.
>"When I output the var on the page I see the encoded version:
>index.cfm?variable=this%20is%20a%20test"
>
>Eh? You wouldn't see index.cfm, etc. Seriously, like, do this:
>
>#url.variable#
>
>Do you see "this is a test" or "this%20etc"
>
>
>
>On Wed, Jan 23, 2013 at 10:38 AM, Torrent Girl wrote:
>
On Wed, Jan 23, 2013 at 12:57 PM, Rob Voyle wrote:
>
> Hi Greg
> As I continue to update my security processes, I'm curious
> Was this injection attempt at the url or at a form input.
>
Keep in mind that vulnerabilites can come from any input that the attacker
can manipulate, eg form, url, cgi,
It was attempted via the URL
On Wed, Jan 23, 2013 at 11:57 AM, Rob Voyle wrote:
>
> Hi Greg
> As I continue to update my security processes, I'm curious
> Was this injection attempt at the url or at a form input.
>
> Thanks
> Rob
>
> On 22 Jan 2013 at 11:12, Greg Morphis wrote:
>
> >
> > I saw
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Thanks
Rob
On 22 Jan 2013 at 11:12, Greg Morphis wrote:
>
> I saw some request errors but what were they trying to do?
> This is what the onRequest error email showed
>
"When I output the var on the page I see the encoded version:
index.cfm?variable=this%20is%20a%20test"
Eh? You wouldn't see index.cfm, etc. Seriously, like, do this:
#url.variable#
Do you see "this is a test" or "this%20etc"
On Wed, Jan 23, 2013 at 10:38 AM, Torrent Girl wrote:
>
> >Dumb qu
Still not clear RE: which page is which and where you're seeing what.
Let's say you have:
page1.cfm
...then, on page2.cfm, you should see in the browser's URL/location bar:
...page2.cfm?variable=this%20is%20a%20test
...and, on page2.cfm, if you do this:
#url.variable#
...that should prod
>> but when I pass the var using cflocation it isn't.
>
>Where, specifically? In the browser's URL/location bar? Or when you
>#url.variable#? (If the latter, that's the way it's
>supposed to work.)
>
>
>On Wed, Jan 23, 2013 at 10:22 AM, Torrent Girl wrote:
>
>>
When I output the var on the page
>Dumb question - what are you seeing in the browser? When you output
>#url.variable# what do you see?
>
>
>On Wed, Jan 23, 2013 at 10:22 AM, Torrent Girl wrote:
>
>>
When I output the var on the page I see the encoded version:
index.cfm?variable=this%20is%20a%20test
when it passes as a URL str
> but when I pass the var using cflocation it isn't.
Where, specifically? In the browser's URL/location bar? Or when you
#url.variable#? (If the latter, that's the way it's
supposed to work.)
On Wed, Jan 23, 2013 at 10:22 AM, Torrent Girl wrote:
>
> >Yep try this
> >
> >
> >
> >
> >
> >
> >Tha
Dumb question - what are you seeing in the browser? When you output
#url.variable# what do you see?
On Wed, Jan 23, 2013 at 10:22 AM, Torrent Girl wrote:
>
> >Yep try this
> >
> >
> >
> >
> >
> >
> >That should work, especially if this is suffering the same problem as
> >cfsavecontent and a few
>Yep try this
>
>
>
>
>
>
>That should work, especially if this is suffering the same problem as
>cfsavecontent and a few other tags and functions.
>
>--
>Regards,
>Andrew Scott
>WebSite: http://www.andyscott.id.au/
>Google+: http://plus.google.com/113032480415921517411
That still didn't work
Yep try this
That should work, especially if this is suffering the same problem as
cfsavecontent and a few other tags and functions.
--
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google.com/113032480415921517411
~~
Hello all
I am trying to do the following:
When I output var1 on the page, it is encoded, but when I pass the var using
cflocation it isn't.
Any suggestions?
Thank you
~|
Order the Adobe Coldfusion Anthology now!
http:
21 matches
Mail list logo