Tip: Easily protect your include files
Hi All. Sorry I haven't posted in a while, I've been very very busy. Thanks to everyone who has been encouraging me to release our Content Management Software I demonstrated as CFUnited EUrope... soon I promise.
I just thought I'd share this quick and useful tip:
Put the following code in all your Application.cfm or Application.cfc fles to automatically protect your include files such like "inc_test.cfm" or "act_deleteUser.cfm" from being called directly.
UPDATE: This code had a bug which was fixed 30th April 2008
<!--- Any script such as inc_file.cfm or dsp_file.cfm can not be called directly --->
<cfif mid( ListLast( cgi.script_name, "/" ), 4, 1 ) IS "_">
<cflocation url="#APPLICATION.siteURL#" addtoken="no" />
</cfif>
There is some code in fusebox that prevents calling files other than index.cfm but we have found this too limiting.
I just thought I'd share this quick and useful tip:
Put the following code in all your Application.cfm or Application.cfc fles to automatically protect your include files such like "inc_test.cfm" or "act_deleteUser.cfm" from being called directly.
UPDATE: This code had a bug which was fixed 30th April 2008
<!--- Any script such as inc_file.cfm or dsp_file.cfm can not be called directly --->
<cfif mid( ListLast( cgi.script_name, "/" ), 4, 1 ) IS "_">
<cflocation url="#APPLICATION.siteURL#" addtoken="no" />
</cfif>
There is some code in fusebox that prevents calling files other than index.cfm but we have found this too limiting.
Tags:
Comments [4]
Peter Coppinger aka Topper is a neurotic web monster who spends most of his chaotic life developing ColdFusion web applications when not drinking himself into a stupor and scheming his plans for world dominance.
