[thelist] RE: <CFINCLUDE> INSIDE <CFQUERY OUTPUT>?

.jeff jeff at members.evolt.org
Fri Nov 30 19:11:37 CST 2001


mle,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: mle
>
> My url variables retained this space and barfed the
> INCLUDE.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

so were you seeing "?include=%20myfile.cfm" in the url?

i hope you're not passing the file to include directly in the url.  if so,
you're opening up a major security hole into your website.  suppose i wanted
to shut your site down.  say i'm visiting /sales.cfm.  all i'd have to do is
pass "/sales.cfm" as the include file and you'd have an infinite loop that'd
take the machine down.

if that's not what you're doing then nevermind.  ;)

.jeff

http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/






More information about the thelist mailing list