There is an interesting change in the CF9.0.1 updater that will make CF sites more secure. The CFID and CFToken cookies will now be marked as httpOnly. What this means is your browser will not allow JavaScript to access the CFID and CFToken cookies. I think this will greatly help to reduce XSS hacks on CF sites.
If you are using jSessionID instead of CFID/CFToken, you need to take an additional step. jSessionID is a session cookie, session cookies aren’t httpOnly by default. But if you add a “-Dcoldfusion.sessioncookie.httponly=true” argument in your jvm.config file, all your session cookies will be httpOnly, including jSessionID.
It would be nice if there was an option to the CFCOOKIE tag to mark a cookie as httpOnly or not. Lacking that, you could always send the cookies yourself using cfheader or java.
Posted by Ryan Stille on July 15 2010 at 8:41 pm under ColdFusion.
6 Comments.
Here is a little ‘Apply To All’ feature I added to a large form we had. There were many rows of data, each with several columns the user needs to fill out. Most of the time the values they were entering in the top row ended up being what they would set all the subsequent rows to. So I wanted to add an easy way they could set all the later rows to the value of the first.
This was actually very easy to do with jQuery. I added a class to each form element, and links on the first row, so my code ended up looking something like this:
Continue reading ‘Making an ‘Apply to all’ with jQuery’ »
Posted by Ryan Stille on July 6 2010 at 10:32 am under AJAX / JavaScript.
Comments Off on Making an ‘Apply to all’ with jQuery.
We have a new ColdFusion book! The CF community has not been blessed with an abundency of printed materials, so I was excited when I heard this book was coming out. Adobe ColdFusion Anthology is a compilation of Fusion Authority Quarterly Update articles. FAQU is a great publication that has contributions from many smart ColdFusion developers.
This book is 476 and covers a lot of interesting things. I’ve been using CFCs for years but I learned some new things in Michael Dinowitz’s chapters on Components. There are articles on all the major frameworks, there is even one on the new FW/1 framework.
Pete Freitag has a good article on image processing that also covers creating your own captchas. Did you know ColdFusion can read EXIF data?!
I also found John Mason’s article on BlazeDS interesting since I’ve never used BlazeDS before. I’ve always been confused about the differences between BlazeDS and LiveCycle Data Services, and this article helped clear some of that up.
This isn’t a beginner book, I’ll bet every CF developer out there could learn a few things from this book. Also they’ve done a nice job with the editing, everything is clearly explained.
http://www.amazon.com/dp/1430272155/
Posted by Ryan Stille on June 29 2010 at 9:15 pm under Book Reviews, ColdFusion.
Comments Off on New ColdFusion book – Adobe ColdFusion Anthology.
If you’ve ever had the need to convert a query column to an array, there are a couple ways to do it. There is a queryColumnToArray function on cflib, or you could roll your own, but you can also do it with the built in ValueList and ListToArray functions.
Given the query “myQuery”, and a column called “name”, you can turn that into an array with this:
<cfset myArray = ListToArray(ValueList(myQuery.name)) />
The only problem with this is if the name column were to ever contain a comma, that value will get split into separate values, probably causing problems later on in your code. I ran into this issue with some old code the other day. The quick solution was to use a different delimiter than the default, which is a comma. You can pick a bizarre ascii character that you are unlikely to encounter in your data. I usually use one of the unprintable characters like 31, a “unit separator”, which sounds like a good one, doesn’t it?
<cfset myArray = ListToArray(ValueList(myQuery.name, Chr(31) ), Chr(31) ) />
Posted by Ryan Stille on May 28 2010 at 10:46 pm under ColdFusion.
2 Comments.
In our application we create some large queries using QueryNew(). Before we started specifying the datatypes we would run into strange bugs occasionally. When you don’t specify the data type ColdFusion makes a guess. So if we had some code like this:
<cfset myQuery = queryNew('name,age,address,code')></cfset>
Then populate that query with data from another system (in our case, its often SAP) everything usually works fine. But ColdFusion is guessing the datatype based on the first 50 records, which can sometimes cause problems.
If for example, the first 50 records contain a ‘code’ value that is all integers, ColdFusion will give that column a datatype of integer. Then if the 51st record contains a varchar value, ColdFusion will blow up.
The solution is to declare the data types when creating the query, like this:
<cfset myQuery = queryNew('name,age,address,code' , 'varchar,integer,varchar,varchar')></cfset>
This can get a little harder to manage when the query has many columns in it. We have some with over 40 columns and it’s hard to keep track of which datatype is for which field.
I wrote this little helper function to make it easier:
Continue reading ‘Little UDF for creating typed queries: TypedQueryNew()’ »
Posted by Ryan Stille on May 2 2010 at 9:41 pm under ColdFusion.
Comments Off on Little UDF for creating typed queries: TypedQueryNew().
The CFWindow tag can be useful to prompt for information on a form. We use this sometimes after a user has clicked the submit button. We do some client side validation in JavaScript, and if certain conditions are met, we use CFWindow to prompt for some additional information.
Its a little tricky though. If you try to use a CFWindow tag inside a CFForm tag you will get a ColdFusion error. If you use it inside a regular form tag you won’t get an error, but it won’t work like you expect. Lets take this code for example:
Continue reading ‘Using CFWindow within a form’ »
Posted by Ryan Stille on March 27 2010 at 9:13 pm under AJAX / JavaScript, ColdFusion.
2 Comments.
Capitalizing the first letter of each word – a common need for sure. There is a function for this on cflib but it didn’t work for me. No errors but it wasn’t returning what I expected. I came across this function that works, and does so with much less code:
<cffunction name="CapFirst" access="public" output="false" returntype="String">
<cfargument name="inputString" required="false" type="String" default="" />
<cfreturn rereplace(lcase(arguments.inputString), "(\b\w)", "\u\1", "all") />
</cffunction>
I found this snippet on the WeCodeThings blog. Good stuff.
Posted by Ryan Stille on March 17 2010 at 7:56 pm under ColdFusion.
8 Comments.
One of the problems I looked into this week was why some items on our site that used to be in bold were no longer displaying as such. Viewing the source showed me that the text was indeed surrounded by <strong>
tags.
Using the awesome Firebug extension for Firefox, I could see that the ext-all.css file was disabling the font-weight on the strong tag. This was quite surprising to me!
The ext-all.css file will automatically be included on your page whenever you use almost any of the UI features such as cfgrid, cflayout, etc.
You can easily reproduce the problem with this minimal code:
<cflayout type="tab"></cflayout>
<strong>This should be bold but its not.</strong>
You can fix the problem by adding this to your site’s style sheet, if you have one:
strong { font-weight: bold; }
If you don’t use a separate style sheet you can just put it directly into your page like this:
<style type="text/css">
strong { font-weight: bold; }
</style>
Hopefully this can be fixed before 9.01 comes out. I think its a pretty big deal, it disabled tons of bold content on our site. A lot of our content is created using the FCK rich text editor, which uses strong tags to indicate bold. I’ve file a bug report with Adobe, you can vote for this bug here: http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html#bugId=82156
After looking through the EXT documentation, I think this css originates with the EXT group. But when Adobe repackages EXT into CF, they need to either override this style it or take it out of the css file completely.
Posted by Ryan Stille on February 19 2010 at 8:45 pm under ColdFusion, CSS.
3 Comments.
A few weeks ago, the people at CFWheels announced a contest to get people to try out CFWheels. To enter the contest all you need to do is build a version of litepost in CFWheels. If you haven’t heard of litepost, its a simple blogging app thats been used to demonstrate different ColdFusion frameworks. Really all you need from the litepost project is the database. Then just build some CRUD for the users, entries, comments, etc. I’ve been wanting to learn more about this framework for a while so I thought this contest would be a good excuse to check it out. The top 3 winners get Amazon gift cards.
So far I’ve found this to be a pretty neat framework. I see a lot of similarity to Rails. The documentation is very good. The plugins are pretty neat, you just drop a zip file into your plugins directory and you can start using that plugin.
To start I downloaded cfwheels and setup my database. I installed the scaffolding plugin and used that to generate my CRUD views, models and controllers. Already I had the basics working! I tried creating/listing/editing users and it worked great.
Continue reading ‘Trying out the CFWheels framework’ »
Posted by Ryan Stille on February 13 2010 at 11:26 pm under ColdFusion, Web Development.
6 Comments.
A while back I wrote a post explaining how to wrap the tabs generated by the new cflayout tab in ColdFusion 8.
The tabs generated by ColdFusion 9 are completely different, since they use Ext version 3. ColdFusion 8 used Ext 1.
The tabs in ColdFusion 9 do not wrap by default, but they do automatically add scroll controls so you can scroll through the long horizontal line of tabs. If you’d rather have them wrap into multiple lines, this little bit of CSS will do it:
.x-tab-panel ul.x-tab-strip {
width: auto !important;
}
Posted by Ryan Stille on January 23 2010 at 9:16 pm under ColdFusion, CSS.
1 Comment.