I have an application running on CF2016. We recently added Canonicalize() and some other functions to prevent xss attacks. Most of the clients using this app are on CF2016 but couple of them are at CF9 (will be upgraded next year or so)
Code fails because there is no such function in CF9. There are many ways to handle it, but if I have to go to write a custom Canonicalize function, how I can encode the input with native CF9 functions?
I ask a question that works in the opposite direction a while back. See: ColdFusion doing OWASP esapi via Java
Canonicalization is done via OWASP ESAPI. First you create a java object. It has all of the encoding functions
local.esapi = createObject("java", "org.owasp.esapi.ESAPI");
application.esapiEncoder = local.esapi.encoder();
Later you can
myVariable = application.esapiEncoder.canonicalize(myVariable);
For a complete list of all the functions that come with org.owasp.ESAPI.encoder(), see: https://static.javadoc.io/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Encoder.html
Related
I'm trying to learn my way around Postman and I see in Tests, for example pm.globals.set("id","12345") is used instead of postman.setGlobalVariable("id","12345") which is what I have working on mine. The former does not. I want to be able to use pm.globals.set
The new pm.* API was introduced in version 5.2.0 - https://www.getpostman.com/apps#changelog
Looking at the release notes for that version, the native OS clients have been updated but the Chrome App doesn't show this change. I believe the development for the Chrome App has now stopped.
The older syntax will still continue to work in the new versions but it will be dropped eventually in favour of the new pm.* functions.
The postman has replaced Postman.* to pm.* which has more cleaner and robust scripting. It includes a lot of global functions. This link explains the same : https://learning.getpostman.com/docs/postman/scripts/postman_sandbox_api_reference/
This should help you understand the additional features in it.
I am building webparts and self hosted apps for sharepoint 2013, I want to consume the Query String filters that the user sets up, the process should be as simple as specified here on this microsft site.
Unfortunately I dont get the option to send values to 'my web part' but I do for other stock webparts that come with sharepoint. Which leads me to believe I need to implement IFilter or equivelent in my webpart, I have found information into IFilterConsumer interface and IFilterProvider interface on msdn which seems to be exactly what I need, however the documentation has one snag:
NOTE: This API is now obsolete.
So My question is, what is Microsofts new intended way of doing this with Sharepoint 2013.
Ultimately I need to read query variables in the HostWeb request inside my AppWeb code.
Edit: Apparently IWebPartParameters is the new interface for this.... trying to implement now.
I have also tried whats suggested here:
Passing parameters through sharepoint sitepage to web part Still not working, at the moment I have implemented IWebPartParameters, IWebPart, IWebPartRow and none of my functions that implement these interfaces are being called. I must be missing something in the manifest or features file maybe?
Thanks in advance
Crash
Ok the answer to this question is simple, firstly you can only do this in a dev environment with sharepoint installed, as you need access to the sharepoint.dll.
Then this thread answers the question http://www.manning-sandbox.com/thread.jspa?threadID=19791, with the following code solution which is here http://www.markitup.com/BookCodeSamples/TestingWebPartConnections.zip
Google does not really deliver much content (or my query sucks). Has anyone made the switch and can share the experience?
We found that when we upgraded to CF 8:
Carraige returns are stripped in plain text emails. We found we had to be explicit about line feed characters by creating a var like so <cfset CRLF = "#Chr(13)##Chr(10)#"> and inserting it in the plain text email where we needed the line feed. We eventually went to HTML emails.
Third party jar files caused problems due to the order in which jar files are loaded. Certain jar files must appear first in the java classpath as defined in cfroot/runtime/bin/jvm.config. This was a messy workaround and we have discontinued using that jar.
Also make sure to patch immediately to 8.0.1. We had a performance nightmare becuase of this issue.
Best of luck!
I haven't had any CFMX 6.1 apps to switch across, but Railo is definitely my CFML engine of choice.
Compatibility-wise, there is very unlikely to be any significant issues migrating from CFMX 6.1, and you can easily test this with the Express version - no installation required!
Railo can be stricter about certain aspects of CFML, so you might get a few errors if you exploit bugs/weaknesses with CF, but nothing really to worry about.
And, if you do get stuck on anything, the Railo mailing list is active with plenty of friendly helpful people who can help to get you going again.
We made the switch about a year ago and if you are talking about only on the code side, then the change from cf6 to cf8 shouldn't require any changes as long as your setup remains the same. One change is the way that CF handles verity collections, so if you make use of cfsearch then it might be something you look into. There are a number of improvements from cf6 that you should look to implement. The few that we have found especially helpful are cfdocument, cfimage, cfpdf, and cffeed. Here is a good link with other key points... http://www.adobe.com/products/coldfusion/upgrade/
If you are upgrading from CFMX 6.1 to Railo 3.1 almost no problems should occur. There are some things that we do not support (like CFREPORT or C++ CFX tags). Besides that it should be very easy to migrate existing CFMX 6.1 code over to Railo. By default Railo is configured to be as compatible as possible with CFMX.
There are some other things you might watch out for:
If you create a struct like this in CF: <cfset a["image.x"]> you will be able to call that variable by using the "." notation, although it's misleading. So in CF you could do <cfoutput>#a.image.x#</cfoutput> whereas in Railo you would have to write: <cfoutput>#a["image.x"]#</cfoutput>
Inside functions creating variables in the local scope that are named like scopes will work in CFMX but not in Railo. So this: <cfset var url = "whatever"> will work in CF but not in Railo.
In Railo you cannot use the application scope or the session scope before it was initialized with cfapplication. Well in CF you couldn't either but there CF will create a local variable in the variables scope called "application" or "session". This sometimes leads to confusion.
Besides these things, it should go flawlessly. If you have of course any problems, just contact our Railo Google group or us directly at www.getrailo.com
Gert Franz
Railo Professional Open Source
I'm not aware of any depreciated tags or functions from CF6.1 to CF8. CF8 has been optimized for performance so you will most likely see an improvement in your application depending on what was used.
I successfully upgraded a large application from CF4.5 to CF8 with no problems. If the application consists of pretty straight forward use of ColdFusion tags and functions, you shouldn't have much problem.
However, since the developer version is free to use, you should really setup a test environment and determine the answer to this question yourself by testing your application. All datasources, custom tags, etc will have to be migrated and tested. If any CF6.1 applications used any of the lower level java api available in some things, you may need to test that thoroughly to make sure the underlying implementation of the coldfusion hasn't changed and fix what's necessary.
As for Railo3.1, there may be some tags or functions not implemented yet. You will again need to setup a test environment and determine this yourself. Somewhere on the Railo site there should be a list of compatibilities between the difference versions of CF and Railo.
I need to use a rails app from C++. I say login in the title because that's one of my options.
As far as I see it, I either need to do the standard login, and keep track of a session or something in the C++ code, or use an API token of sorts, and just pass that on every URL and never actually create a session on the rails side (which uses restful_authentication).
Are those my only two options? Are there any nice C++ libs to deal with RESTful services or specifically rails?
The C++ side of things is on Windows btw.
It may be lower-level than you're looking for, but I believe you should be able to accomplish this sort of thing with libcurl (and, potentially, libxml if you need an HTML or XML parser to handle return values).
I need to consume an external web service from my VB6 program. I want to be able to deploy my program without the SOAP toolkit, if possible, but that's not a requirement. I do not have the web service source and I didn't create it. It is a vendor-provided service.
So outside of the SOAP toolkit, what is the best way to consume a web service from VB6?
I use this function to get data from a web service.
Private Function HttpGetRequest(url As String) As DOMDocument
Dim req As XMLHTTP60
Set req = New XMLHTTP60
req.Open "GET", url, False
req.send ""
Dim resp As DOMDocument
If req.responseText <> vbNullString Then
Set resp = New DOMDocument60
resp.loadXML req.responseText
Else
Set resp = req.responseXML
End If
Set HttpGetRequest = resp
End Function
.NET has a good support for Web Services since day one, so you can develop your Web Service client logic in .NET as a .dll library/assembly and use it in VB6 app via COM Interop.
Assuming that you're running on Windows XP Professional or above, one interesting method is to use the SOAP moniker. Here's an example, lifted from some MSDN page. I don't know if this particular service works, but you get the idea...
set SoapObj = GetObject
("soap:wsdl=http://www.xmethods.net/sd/TemperatureService.wsdl")
WScript.Echo "Fairbanks Temperature = " & SoapObj.getTemp("99707")
This mechanism also works from VBScript. Which is nice.
Pocketsoap works very well. To generate your objects use the WSDL generator. Using this you don't have to parse anything yourself, plus everything is nice and strongly typed.
Check out this article by Scott Swigart on the MSDN VB 6.0 Resource Center.
Calling Web Services from Visual Basic 6, the Easy Way
I've had some measure of success so far using PocketSOAP to connect to the Salesforce API. I could not use the WSDL Wizard because it generates wrapper class filenames using the first 23 characters of the call names, and this results in duplicates. Nevertheless, PocketSOAP has been working well enough for me without the wizard, and it's much more straightforward than using XMLHTTP with DOMDocument.
I also looked into making a wrapper in .NET or using one of the "MS Office {MSO version} Web Services Toolkit" libraries, but there were significant deployment hassles with those options. PocketSOAP is a simple COM DLL, not dependent on some particular version of MS Office, and is licensed under MPL.
The SOAP toolkit is arguably the best you could get. Trying to do the same thing without it would require considerable extra effort. You need to have quite serious reasons to do that.
The format of the SOAP messages is not really easy to read or write manually and a third-party library is highly advised.