Three of my CF7-driven sites just got hit this morning with an exploit that I'm
having trouble finding information on.
The attack did the following:
1) wrote 0 KB Application.cfm file to the web-root of the sites
2) wrote an onRequestEnd.cfm file (also to the web-root) that contained a
script
Three of my CF7-driven sites just got hit this morning with an exploit that
I'm having trouble finding information on.
The attack did the following:
1) wrote 0 KB Application.cfm file to the web-root of the sites
2) wrote an onRequestEnd.cfm file (also to the web-root) that contained
?
That seems easy enough. Thanks.
Andy matthews
-Original Message-
From: Kevin Aebig [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 16, 2007 9:37 AM
To: CF-Talk
Subject: RE: Flash remoting and onRequestEnd.cfm
Here's what I dug up... basically just make sure the call isn't originating
15, 2007 6:28 PM
To: CF-Talk
Subject: RE: Flash remoting and onRequestEnd.cfm
If you dump the current calling page and filter out pages coming from
/flashservices/gateway than you shouldn't be triggering the onRequestEnd.cfm
page anymore.
I've got a sample at work I'll post tomorrow when I get
16, 2007 8:08 AM
To: CF-Talk
Subject: RE: Flash remoting and onRequestEnd.cfm
A sample would help out. In this case, the page is all Flash and we're
needing to find out how onRequestEnd is getting called multiple times from
within this particular app.
Thanks for the help Kevin.
-Original
and onRequestEnd.cfm
Here's what I dug up... basically just make sure the call isn't originating
from the remoting gateway.
cfif ARGUMENTS.thePage NEQ /flashservices/gateway
// PROCEED AS NORMAL...
/cfif
Cheers,
!k
-Original Message-
From: Andy Matthews [mailto:[EMAIL PROTECTED]
Sent: Tuesday
My company has a stats page that runs when onRequestEnd.cfm gets called. We
use it to collect stats about page visits and that sort of thing. It's only
supposed to run on certain templates, but lately we've noticed some
inconsistencies.
It appears that onRequestEnd.cfm is getting called not only
guys using authentication for your CFC?
Is this happening with other CFC's?
Has this been confirmed through the NetConnection Debugger (Flash tool)?
At bare minimum you could ignore anything coming from the gateway within
your onRequestEnd.cfm.
Cheers,
Kevin
-Original Message-
From
Kevin...
I'm not familiar with remoting at all. Can you clarify how I can filter out
processes coming from remoting in the onRequestEnd.cfm?
andy
-Original Message-
From: Kevin Aebig [mailto:[EMAIL PROTECTED]
Sent: Monday, January 15, 2007 3:47 PM
To: CF-Talk
Subject: RE: Flash
If you dump the current calling page and filter out pages coming from
/flashservices/gateway than you shouldn't be triggering the onRequestEnd.cfm
page anymore.
I've got a sample at work I'll post tomorrow when I get in...
Cheers,
!k
-Original Message-
From: Andy Matthews [mailto
Hi,
Does anyone know (otherwise I'll try myself) if the onRequestEnd.cfm
template is still executed after CFABORT?
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL
no it isn't. Try putting a cfdump var=#whatever# in there and then
cfabort up above it.
..
--
--mattRobertson--
Janitor, MSB Web Systems
mysecretbase.com
~|
Logware (www.logware.us): a new and convenient web-based time tracking
no it isn't.
Thanks.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
~|
Does anybody know how to simulate the function of onRequestEnd.cfm in ASP?
I have an ASP app (that has to stay in ASP) where I need to add a footer to
the bottom of a bunch (100+) pages. Rather than attempting to find and edit
each of these pages, it would be much nicer to put the footer code
of onRequestEnd.cfm
Does anybody know how to simulate the function of onRequestEnd.cfm in
ASP? I have an ASP app (that has to stay in ASP) where I need to add a
footer to the bottom of a bunch (100+) pages. Rather than attempting to
find and edit each of these pages, it would be much nicer to put the
footer
: Suppress OnRequestEnd.cfm output
Better than the cfabort is the cfexit tag. You use within the actual
template you wish to not include or stop processing.
You can continue processing, just not within the included file. Sort of
like a cfabort for each individual template.
- j
-Original
I have an OnRequestEnd.cfm file that I use for my application, and I find it to be
very useful, but I have a few documents that are used for the contents of iframes on
which I would like to be able to explicitly suppress the output of the
OnRequestEnd.cfm file. Is there any way to do
PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Wednesday, September 04, 2002 2:59 PM
Subject: Suppress OnRequestEnd.cfm output
I have an OnRequestEnd.cfm file that I use for my application, and I find it to be
very useful, but I have a few documents that are used for the contents of iframes
OnRequestEnd.cfm output
I'd use the cgi.script_name variable and test for that to suppress it:
e.g
cfif cgi.script_name neq iframe_template.cfm
Show output
/cfif
HTH,
Tim P.
p.s -- tell my father-in-law (Ron B) I said hello :)
- Original Message -
From: Yexley Robert D Contr Det 1 AFRL
PROTECTED]]
Sent: Wednesday, September 04, 2002 3:25 PM
To: CF-Talk
Subject: RE: Suppress OnRequestEnd.cfm output
That works for me. I hadn't even though about that. Thanks for the help, and I'll be
sure to pass on the greetings. :)
Bob
)))
-Original Message-
From: Tim Painter [mailto
Yexley Robert D Contr Det 1 AFRL/WSI wrote:
I have an OnRequestEnd.cfm file that I use for my application, and I find it to be
very useful, but I have a few documents that are used for the contents of iframes on
which I would like to be able to explicitly suppress the output
-Talk [EMAIL PROTECTED]
Sent: Wednesday, September 04, 2002 12:42 PM
Subject: RE: Suppress OnRequestEnd.cfm output
Well OK, I take it back. It worked for one. But the problem is I have a
number of different files that I need to suppress this on, so I have to
check for all of them to tell
It's just and and/or logic issue. Change your ors to ands...in other words,
the way it is now, it will always evaluate true, because
reviewList.cfm IS NOT reviewListSA.cfm
Make sense?
d
Deanna Schneider
Interactive Media Developer
[EMAIL PROTECTED]
I have an OnRequestEnd.cfm file that I use for my application, and I find
it to be very useful, but I have a few documents that are used for the
contents of iframes on which I would like to be able to explicitly
suppress the output of the OnRequestEnd.cfm file. Is there any way to do
Yexley Robert D Contr Det 1 AFRL/WSI wrote:
I have an OnRequestEnd.cfm file that I use for my application, and I find
it to be very useful, but I have a few documents that are used for the
contents of iframes on which I would like to be able to explicitly
suppress the output
Dealey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 04, 2002 3:58 PM
To: CF-Talk
Subject: Re: Suppress OnRequestEnd.cfm output
I have an OnRequestEnd.cfm file that I use for my application, and I find
it to be very useful, but I have a few documents that are used for the
contents of iframes
I know application.cfm must be Application.cfm on *n*x servers to be recognized, but
does onrequestend.cfm have to be OnRequestEnd.cfm as well?
---
Matt Robertson[EMAIL PROTECTED]
MSB Designs, Inc., www.mysecretbase.com
day, that my child may
have
peace'...
- Thomas Paine, The American Crisis
-Original Message-
From: Matt Robertson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 19, 2002 4:00 PM
To: CF-Talk
Subject: OnRequestEnd.cfm on linux?
I know application.cfm must be Application.cfm
(if
the form was
|submitted correctly, process the data, if not, include the form.cfm page
|again), then that would be a reason why OnRequestEnd.cfm isn't being
|processed.
Andrew!
That was it! I do have a cfabort after the cfinclude. That's what was
killing it! duh me So the solution is indeed to include
back to the
form cfinclude, and highlights the errors.
When I first load the form page ... All the templates that are supposed to
run, indeed do so. Including OnRequestEnd.cfm. If there is an error on the
page though, and the user gets sent back to the form, the OnRequestEnd does
not run
Yup, I have a very similar thing on one of my sites, except it runs the
OnRequestEnd.cfm from the folder above. Annoys the hell out of me.
Craig.
-Original Message-
From: Erika L Walker-Arnold [mailto:[EMAIL PROTECTED]]
Sent: 16 January 2002 15:21
To: CF-Talk
Subject: OnRequestEnd.cfm
Don't you have to actually have a named application using the
cfapplication tag?
-Original Message-
From: Erika L Walker-Arnold [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 7:21 AM
To: CF-Talk
Subject: OnRequestEnd.cfm not running
OK. This is weird.
I thought
Not sure if this is your problem but the onrequestend.cfm executed will be
the one in the same folder as the application.cfm, if its in a different
folder then I think it may not be executed.
HTH
Kola Oyedeji |Web Developer |ekeda
elthorne gate |64 high street |pinner |middx |ha55qa
t +44(208
I'm not sure if this is the case, but if you're on anything but Windows (the
server), filenames are case-sensitive. In other words, the file name should
be OnRequestEnd.cfm, not onrequestend.cfm.
What version of CF are you running? OnRequestEnd.cfm is only available in
4.5+
If you still can't
-Original Message-
From: Erika L Walker-Arnold [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 10:21 AM
To: CF-Talk
Subject: OnRequestEnd.cfm not running
OK. This is weird.
I thought OnRequestEnd runs every time a page is called, as long
as there is
a matching
Yer, that appears to be the case.
-Original Message-
From: Kola Oyedeji [mailto:[EMAIL PROTECTED]]
Sent: 16 January 2002 15:31
To: CF-Talk
Subject: RE: OnRequestEnd.cfm not running
Not sure if this is your problem but the onrequestend.cfm executed will
be
the one in the same folder
Thanks for the posts, and to answer some of the q's ...
My OnRequestEnd.cfm resides in the same folder as my Application.cfm,
spelled exactly that way even though the site runs on IIS 5 on a Win 2K box
.. I like to watch file case in the off-chance the app ever gets moved to a
Unix box
OnRequestEnd should only run in the folder where the calling template is.
So, though your form page should traverse up a level to find the
Application.cfm, it should not ever be finding the OnRequestEnd.cfm. I think
that's the way it's supposed to work anyway. So, the error is in the
form.cfm
Actually, that is not correct. OnRequestEnd.cfm will be executed if it
exists in the same directory as the Application.cfm that was executed.
--- Ben
-Original Message-
From: Deanna Schneider [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 2:52 PM
To: CF-Talk
Subject: Re
Oops. My bad. But, while we're pointint out mistakes, Ben, has anyone
mentioned your incorrect syntax on list functions in the CF 5.0 Language
Reference? *grin*
Deanna Schneider
Interactive Media Developer
[EMAIL PROTECTED]
Ouch... biting the hand that feeds you g
-Original Message-
From: Deanna Schneider [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 1:03 PM
To: CF-Talk
Subject: Re: OnRequestEnd.cfm not running
Oops. My bad. But, while we're pointint out mistakes, Ben, has anyone
mentioned
That's gratitude for ya. :/
-Original Message-
From: Deanna Schneider [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 4:03 PM
To: CF-Talk
Subject: Re: OnRequestEnd.cfm not running
Oops. My bad. But, while we're pointint out mistakes, Ben, has anyone
mentioned your
Aren't you feeding Ben when you buy his books?
-Original Message-
From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 5:54 PM
To: CF-Talk
Subject: RE: OnRequestEnd.cfm not running
Ouch... biting the hand that feeds you g
-Original Message
Mike,
OnRequestEnd.cfm works just like Application.cfm.
As we all know Applicaion.cfm gets run before every page.
OnRequestEnd.cfm runs at the end of every page.
Your OnRequestEnd.cfm should reside in the same folder as Application.cfm.
Justin Hansen - [EMAIL PROTECTED]
Web Application
NB. There is a major difference between application.cfm and onrequestend.cfm
application.cfm runs before all .cfm in current folder and ALL sub-folders
below.
(unless another application.cfm is found in any of the sub-folders)
onrequestend.cfm runs before all .cfm in current folder
To clarify a little more, there are differences:
ColdFusion traverses up the directory tree to find the Application.cfm .
ColdFusion looks for OnRequestEnd.cfm in the directory where it found
the Application.cfm , but does not do any further searching.
If it didn't find
:
To the original poster, OnRequestEnd is documented, but rarely used.
At 08:41 AM 07/11/2001 -0500, you wrote:
Mike,
OnRequestEnd.cfm works just like Application.cfm.
As we all know Applicaion.cfm gets run before every page.
OnRequestEnd.cfm runs at the end of every page.
Your OnRequestEnd.cfm
: Debug output - OnRequestEnd.cfm
Don't quite see how you can make this claim, I always use it. Every
application I've ever written makes use of it. I may be in the minority,
but you have no real way of knowing that, so it is not quite accurate nor
fair to say it's rarely used.
At 10:25 AM 7/11
the Applicaion.cfm with
only one OnRequestEnd.cfm?
Yes, If your application has multiple Application.cfm(s) you will need
multiple OnRequestEnd.cfm(s).
Did this solve the original the problem with the least amount of effort?
Justin Hansen - [EMAIL PROTECTED]
Web Application Developer
Interactive
Is there a way to disable error messages that are thrown when
Application.cfm or OnRequestEnd.cfm are called directly
ending up in and clogging ColdFusion's application.log?
Example from application.log:
--
Error,TID=1852,06/14/01,23:16:09,127.0.0.1,Mozilla/4.0
(compatible; MSIE
Don't call application.cfm or onrequestend.cfm directly. That's it. No
magic bullet. It's the only thing you can do.
|-Original Message-
|From: Erki Esken [mailto:[EMAIL PROTECTED]]
|Sent: Thursday, June 14, 2001 5:22 PM
|To: CF-Talk
|Subject: Calling Application.cfm/OnRequestEnd.cfm
Is there a way to disable error messages that are thrown when
Application.cfm or OnRequestEnd.cfm are called directly ending up in and
clogging ColdFusion's application.log?
Example from application.log:
--
Error,TID=1852,06/14/01,23:16:09,127.0.0.1,Mozilla/4.0
(compatible; MSIE 5.5
I know what application.cfm is for. What does onrequestend.cfm do?
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk
, May 23, 2001 6:47 PM
To: CF-Talk
Subject: OnRequestEnd.cfm
I know what application.cfm is for. What does onrequestend.cfm do?
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
: OnRequestEnd.cfm
I know what application.cfm is for. What does onrequestend.cfm do?
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Dan Haley, you fail to grasp Ti Kwan Leep. Approach me that
you might see."
"Observe closely, class. Boot to the Head! (SH-ZOOMP!)"
And for those who would like an audio representation... Feel free to
hit:
Hello folks,
Someone once told me that OnRequestEnd.cfm should exist in every directory,
whether you're using it or not. The reason he gave was that CF would
traverse the directory tree until either an OnRequestEnd.cfm was found, or
the top level was reached. Is this true? Does anyone do
It only searches the directory where the application.cfm was found.
Wouldn't hurt to have one in that directory though.
-Original Message-
From: Ken Goldstraw [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 22, 2000 11:56 AM
To: '[EMAIL PROTECTED]'
Subject: OnRequestEnd.cfm
Hello
I don't think the same holds true for onrequestend.cfm that does for
application.cfm. CF will only look for onrequestend.cfm in the directory
that it found application.cfm.
Dan
-Original Message-
From: Ken Goldstraw [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 22, 2000 8:56 AM
Someone once told me that OnRequestEnd.cfm should exist in
every directory, whether you're using it or not. The reason
he gave was that CF would traverse the directory tree until
either an OnRequestEnd.cfm was found, or the top level was
reached. Is this true? Does anyone do
That's correct only if it exists... The transverse of application.cfm
At 12:27 PM 8/22/2000 -0400, you wrote:
Someone once told me that OnRequestEnd.cfm should exist in
every directory, whether you're using it or not. The reason
he gave was that CF would traverse the directory tree until
Could someone offer a brief explanation regarding what
OnRequestEnd.cfm is used for? I've never heard of this one.
Does it process after the requested cfm template processes as the
name might suggest?
--
Archives
Mr. Miagi Voice
Ahhh, very good Clint son
/Mr. Miagi Voice
That is correct, howeveer; unlike Application.cfm OnRequestEnd.cfm must be
in the same directory as the calling template, CF will NOT recurse the
directory tree for OnRequestEnd.
Kevin
-Original Message-
From: Clint Tillerson
Ahh, but there is a flaw in your explanation, grasshopper. It will recurse
the directory tree for application.cfm, and use the onrequestend.cfm from
that directory. So, if you have an onrequestend.cfm in the calling
template's directory, but no application.cfm, it will not use
ication.cfm for each directory. ;)
-Original Message-
From: Dan Haley [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 22, 2000 11:07 AM
To: '[EMAIL PROTECTED]'
Subject: RE: OnRequestEnd.cfm
Ahh, but there is a flaw in your explanation, grasshopper. It will recurse
the directory tree for application.cfm
To: [EMAIL PROTECTED]
Subject: RE: OnRequestEnd.cfm
"Dan Haley, you fail to grasp Ti Kwan Leep. Approach me that you might see."
There's a very simple solution here...
"Observe closely, class. Boot to the Head! (SH-ZOOMP!)"
cfinclude template="../Application.cfm&qu
: OnRequestEnd.cfm
Hello folks,
Someone once told me that OnRequestEnd.cfm should exist in every directory,
whether you're using it or not. The reason he gave was that CF would
traverse the directory tree until either an OnRequestEnd.cfm was found, or
the top level was reached. Is this true
You are best to simply create an HTML or CFML template containing
your contact details then use cfinclude to display the contact details at
the bottom of each of your pages.
Agreed.
The ONRequestEnd.cfm template is not directly viewable in the browser
(as is the Application.cfm file
--openmail-part-0b94ab05-0001
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Good question
This OnRequestEnd.cfm has a query INSERT into a table which counts a
user with the runtime based on a variable set at the begining
--openmail-part-0b88b59b-0001
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: Quoted-Printable
Content-Disposition: inline
Can anyone shed some light on possible limitations using
OnRequestEnd.cfm?=A0 For some reason, when we add an OnRequestEnd.cfm in a
particular
Erika,
You are best to simply create an HTML or CFML template containing your
contact details then use cfinclude to display the contact details at the
bottom of each of your pages.
The ONRequestEnd.cfm template is not directly viewable in the browser (as is
the Application.cfm file) and behaves
Can someone tell me about the OnRequestEnd.cfm template? I think I remember
seeing somewhere that it is just like the Application.cfm file, except it
runs at the END of every .cfm template in the application. Is this true?
If so, will it be useful for say, putting my contact information
72 matches
Mail list logo
