Even better... verify that the objectid is of the type you want:
<!---
Template: verifyUUID.cfm
Author: Aaron Johnson
Source Control: \\server\customtags\utility\verifyUUID.cfm
Change History:
creation: 1/19/2001
Description:
This custom tag is sort of a security guard that you can use to make
sure
that the
id of any id you are trying to view is the correct type of object AND
that
it
is a UUID... it keeps people
from hacking around with url or form variables to fire methods on
objects
you don't
want them to see.. For instance, if you append the Objectid of a press
release to an url
and then fire the display method on their objectid, you definitely
wouldn't want someone
hacking around with that url to fire the display method on a user
profile
for instance.
Usage:
<cf_verifyUUID
typeid="#variables.typeid"
objectid="#variables.objectid#"
datasource="#request.cfa.objectstore.dsn#">
Attributes:
typeid -- required, UUID of the object type we are verifying
objectid -- required, UUID of the object instance we are verifying
datasource -- optional, will default to the datasource presently used
by
the Spectra application
--->
<cfparam name="attributes.datasource"
default="#request.cfa.objectstore.dsn#">
<!--- wrap everything in a try/catch so that we can spit out errors if we
find them --->
<cftry>
<cfparam name="attributes.objectid" default="0" type="UUID">
<!--- if the objecttype is NOT of the type we want.., throw an error --->
<cfa_contentobjectget
datasource="#attributes.datasource#"
objectid="#attributes.objectid#"
r_stobject="r_stobject">
<!--- use compare instead of cfif for speed --->
<cfif compare(r_stObject.typeID, attributes.typeid)>
<cfthrow message="You don't have permission to view
this object. Please
try again." type="typeid">
</cfif>
<cfcatch type="typeid">
<cfoutput>#cfcatch.message#</cfoutput>
<cfabort>
</cfcatch>
<cfcatch type="Any">
You've entered an invalid UUID.
<cfabort>
</cfcatch>
</cftry>
AJ
> -----Original Message-----
> From: Gareth Hunt [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 24, 2001 9:46 AM
> To: Spectra-Talk
> Subject: RE: Valid Objectid
>
>
> To make cfparam useful, wrap it in a try catch
>
> <cftry>
> <cfparam name="attributes.objectID" type="UUID">
>
> <cfset r_bIsUUID = TRUE>
>
> <cfcatch>
> <cfset r_bIsUUID = FALSE>
> </cfcatch>
> </cftry>
>
>
> To *really* make it useful, but this in a customtag:
>
> <cfparam name="attributes.r_bIsUUID" type="string">
>
> <cftry>
> <cfparam name="attributes.objectID" type="UUID">
>
> <cfset "caller.#attributes.r_bIsUUID#" = TRUE>
>
> <cfcatch>
> <cfset "caller.#attributes.r_bIsUUID#" = FALSE>
> </cfcatch>
> </cftry>
>
>
>
> Cheers
> Gareth
>
> -----Original Message-----
> From: Darren Walker [mailto:[EMAIL PROTECTED]]
> Sent: 24 July 2001 14:23
> To: Spectra-Talk
> Subject: RE: Valid Objectid
>
>
> ha ha
>
> Clicked on the link, not realising outlook had chopped off the URL...So I
> got this error:
>
> The value 'CA34779B-2830-11D4-AA' is not valid object ID. This value was
> passed to the custom tag 'cfa_isEmbeddedObject' via the attribute
> 'objectID'.
>
> Heh. Ironic - this is a great tag, thanks to Justin who wrote it, maybe
> someone at macromedia should use it.
>
> If you use the old CFparam type="UUID" trick, you just get another error
> before the string is passed to the spectra tag. So not really a useful
> solution.
>
>
> -----Original Message-----
> From: Neil Clark [mailto:[EMAIL PROTECTED]]
> Sent: 24 July 2001 14:08
> To: Spectra-Talk
> Subject: RE: Valid Objectid
>
> or try a custom tag from the dev exchange like the one below.
>
> CF_isUUID
>
> http://devex.allaire.com/developer/gallery/info.cfm?ID=CA34779B-28
30-11D4-AA
9700508B94F380&method=Full
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
