[thelist] Re: <CFINCLUDE> INSIDE <CFQUERY OUTPUT>?

mle mle at cargo9.com
Wed Dec 5 00:42:48 CST 2001


.jeff and Ray,

Slow to respond but not unappreciative of your help...

> so were you seeing "?include=%20myfile.cfm" in the url?
> i hope you're not passing the file to include directly in the url.  if so,
> you're opening up a major security hole into your website. 

What I call a url variable is not a value passed in a url, but the value
of a url 
(path to an include page) that is stored in a database and called by a
template serve-side.
There is no user input or opportunity to jigger the process, so far as I
can tell...

How do you display the url (as executed) of an include file? When trying
to sort out 
problems with dynamically generated paths, it would be useful to see it. 

I've tried using the CF path display functions and also the debugging
cgis through
CF administrator. Can't get them show me anything about the include
file.

Thanks.

mle




More information about the thelist mailing list