Execute ColdFusion Tags - coldfusion

I am at learning stage in ColdFusion. Now I am trying to execute below code to display variable content by using <cfset> and <cfoutput> tags. I completed my server installation and I am able to login to server with admin credentials. But it executed as normal html page, not getting the result from ColdFusion tags.
Do I need to install anything apart from this?
<!DOCTYPE html>
<html>
body>
<body background="download.jpg">
<cfset name ="swanav"/>
<cfoutput>#name#</cfoutput>
</body>
</html>

A small correction to your code,
<!DOCTYPE html>
<html>
<body background="download.jpg">
<cfset name="swanav" />
<cfoutput>#name#</cfoutput>
</body>
</html>
The code needs to be placed in,
/cfusion/wwwroot

Related

printing pdf files with <cfprint>

I am running ColdFusion 2018 on Windows 2016 (IIS) and having a problem printing a PDF file that I created using <cfdocument>. The printer is visible in CFAdmin and I can <cfdump> it. Here is what I've done:
<html>
<head>
<title>Printing PDF</title>
</head>
<body>
<cfdocument format="PDF" name="3099274.pdf">
<cfoutput>
.... HTML is here ...
</cfoutput>
</cfdocument>
<cfprint type="pdf" source="3099274.pdf" printer="HP LaserJet 4345 CS">
</body>
</html>
What am I doing wrong?

Why doesn't this XSS work?

Possibly simple solution, but I can't understand why my attempt to run this alert script on my welcome page via XSS input on the index page doesn't work.
I have a simple index.htm page with a form:
<!DOCTYPE html>
<html>
<body>
<form method="post" action="welcome.php">
Name: <input type="text" name="name">
<input type="submit">
</form>
</body>
</html>
And the welcome.php file:
<!DOCTYPE html>
<html>
<body>
<h3> Welcome <?php echo $_POST['name']; ?> </h3>
</body>
</html>
As a visitor to the index.php page, in the Name field I attempted to enter:
<script>alert("pwned")</script>
This has nothing to deal with PHP itself, as most browsers has XSS auditor which will try to protect the user from know XSS attacks
Running your example would result in:
The XSS Auditor refused to execute a script in 'http://localhost:9093/welcome.php' because its source code was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header.
For more information, you can check this question

ColdFusion: Download Will Start Shortly

I was trying to run this code, and browser ask me to download pdf file which is good, But it was not loading remaining HTML code or you can say I could not see "Thank you Message".
Am I doing something wrong or missing something?
Need your help
<cfheader name="content-disposition" value="attachment; filename=134.pdf"/>
<cfcontent type="application/pdf" file="#ExpandPath( './134.pdf' )#"/>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Download Now</title>
</head>
Thank you for your interest in downloading
this file. Your download should begin shortly.
Maybe show the 'download will begin shortly' message first as a distinct page, which then redirects (JavaScript or meta tag...) to the .cfm that generates the PDF.
What you're trying to do is load the PDF file immediatly. As stated before you should have a basic HTML Page:
<html>
<head>
<meta http-equiv="refresh" content="2;url=getpdf.cfm?file=123.pdf">
..rest of head
</head>
<body>
Download will begin shortly.
</body>
</html>
This getpdf.cfm?file=123.pdf will be
<cfheader name="content-disposition" value="attachment; filename=134.pdf"/>
<cfcontent type="application/pdf" file="#ExpandPath( './134.pdf' )#"/>
The reason it wont work, is that you browser reads the "headers" and will basically see the file as a PDF file. Like you were downloading a ".pdf". Now you're putting one step in between and let the browser redirect to the PDF download.

coldfusion cfsavecontent html page with dynamic variables

As a simple example of the problem:
<cfsavecontent variable = "pageOutput">
<cfoutput>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>#page_title#</title>
</head>
<body>
<cfdump var="#URL#">
</body>
</html>
</cfoutput>
</cfsavecontent>
I save this page to disk. Then when I call this newly-generated page via the following URL:
http://blah/products.cfm?search_keyword=bathroom&search_category=451&search_province=Auckland
The dump doesn't display the newly-passed url vars.
I'm obviously missing something pretty basic here.
What you need to do is replace the opening or closing portion of the tag so that when it gets output you have a valid tag. Something like this:
<cfsavecontent variable="page">
<cfset sCfO = "<" >
<cfset sCfC = "</" >
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><cfoutput>#page_title#</cfoutput></title>
</head>
<body>
<cfoutput>#sCFO#</cfoutput>cfdump var="#URL#">
<cfoutput>#sCFO#</cfoutput>cfoutput>
#URL.myMessage#
<cfoutput>#sCFC#</cfoutput>cfoutput>
</body>
</html>
Hopefully that makes sense...
If I understand your explanations correctly, in your generated with cfsavecontent pagevariables are already substituted, so you have the static HTML in products.cfm. Try to open it in editor and review the code.
I have a question: what is the purpose of using cfsavecontent here? What are you trying to achieve? Looks like you may not need it at all, plain ol' CFML should do the job.
I would be more inclined to hide that in a function which would read much nicer in your example you could call dumpVariable(url) and encapsulate that in a function. We actually had to do something similar by parsing custom tags from a database into a render function that used cfmodule for the actual implementation. I was pretty happy with the results and it was much easier to tell what was going on in the code than arbitrary character replacement.

How do I write text in ColdFusion?

I'm trying to understand ColdFusion, as I am coming from ASP.NET. I've put together a sample page to piggy-back off some already finished code -- but I can't seem to get the actual data from the object I am creating:
<cfset objProduct = createObject("component", "com.MyObj.Product")>
<cfset prodExists = objProduct.getProduct(10)>
<html>
<head/>
<body>
<h2>#objProduct.ProductName#</h2>
</body>
... It simply prints the literal #objProduct.ProductName# text, and not the data from within the object. Any idea where I'm going astray?
Thanks!
Don't forget the <cfoutput>!
<cfoutput>
<html>
<head>
<title>Test</title>
</head>
<body>
<h2>#HtmlEditFormat(objProduct.ProductName)#</h2>
</body>
</html>
</cfoutput>
You forgot the CFOUTPUT tags.
You're trying to output the wrong variable.
#objProduct.getProduct(10)#
or
<cfoutput>#prodExists#</cfoutput>