CFMail sending to first recipient of query result only - coldfusion

When attempting to send an email to multiple recipients using ColdFusion, only the first row is receiving the email and it seems to be hit three times but only sending once. This works but all recipients are visible and the cfoutput is displayed as many times are there are recipients:
<cfmail
to = "#ValueList(getEmail.Schd_Email)#"
from="test#test.edu"
subject="This is a Test"
type="HTML"
query="getEmail"
failto="test#test.com">
The location has been moved to <b><cfoutput>#location#</cfoutput></b><br/>
</cfmail>
This only sends to the first person listed in the query and the cfoutput in the body is still listed as many times as there are recipients.
<cfmail
to = "#Schd_Email#;"
from="test#test.edu"
subject="This is a Test"
type="HTML"
query="getEmail"
failto="test#test.com">
The location has been moved to <b><cfoutput>#location#</cfoutput></b><br/>
</cfmail>
I can output the query to the page and see all emails listed. Not sure why the latter does not work. Any ideas?

I think you should use ';' delimiter in valueList(). the default delimiter for valueList() is ','. If you pass delimiter ';' it might work.
Try this one #ValueList(getEmail.Schd_Email,";")#

Since you are using the query attribute of the cfmail tag you do not need to use the ValueList() function. The query attribute handles that functionality for you. It also negates the need for using a delimeter between each of the "to" addressees. It should work like this assuming you have valid email addresses in your query results.
<cfmail
to="#getEmail.Schd_Email#"
from="test#test.edu"
subject="This is a Test"
type="HTML"
query="getEmail"
failto="test#test.com">
<div>The location has been moved to <b><cfoutput>#location#</cfoutput></b></div>
</cfmail>

Related

this.smtpServersettings is sending mail to undelivered options instead of gmail

I want to send a email to real gmail ID's to the end users. So I used smtp.gmail.com as mail server with my own email user name & password. But if I use this.smtpServersettings in my application.cfc it's not sending a email. All the mail's are went to undelivered options. My sample code,
App.cfc :
<cfset this.name='mailfn8'>
<cfset this.smtpServersettings={server:"smtp.gmail.com",username:"mygmail#gmail.com",password:"mypassword"}>
My.cfm :
<cfmail from='sender#gmail.com' to='receiver#gmail.com' subject='test' type='html' port="587" usetls="true">
I'm seding a email by using this.smtpServersettings options.
</cfmail>
But the credentials are working great in below scenario,
-- If I set my details in application scope and use that values in cfmail tag
-- Directly set it in coldfusion mail server setting
For example,
App.cfc :
<cfset this.name='mailfn8'>
<cffunction name='onApplicationStart'>
<cfset application.server='smtp.gmail.com'>
<cfset application.username='mygmail#gmail.com'>
<cfset application.password='mypassword'>
</cffunction>
My.cfm :
<cfmail from='sender#gmail.com' to='receiver#gmail.com' server= '#application.server#' username='#application.userName#' password='#application.password#' subject='test' type='html' port="587" usetls="true">
I'm seding a email by using application scope.
</cfmail>
The above working fine. So why this.smtpServersettings is send email to undelivered option instead of gmail. ? .Do I need to enable any other setting if I use this.smtpServerSetting ? Please help me on this. Correct me if I'm understood anything wrong. Thank you !.
The smtpServerSettings struct does not support port and usetls.
https://tracker.adobe.com/#/view/CF-4204467
My suggestion is to create your own struct in application scope then pass to cfmail tag with argumentCollection attribute.

How to stop infinite email response loop coldfusion?

I was testing the cfmail tag within coldfusion and kept refreshing the page and now my email is being spammed consistently with the same code that I wrote in the file. I tried to delete the file but my email keeps getting spammed with the code.
this isnt my real email but this is what I did pretty much. I tried deleting the file to stop the infinite email loop but I keep getting spammed in my email.
<cfmail to="myemail"
from="myemail"
subject="myemail"
type="text">
Dear myemail
We, here at Bedrock, would like to thank you for joining.
Best wishes
Barney
</cfmail>
<cfoutput>
<p>Thank you test for registering.
We have just sent you an email.</p>
</cfoutput>

Encoding E-Mail Addresses: EncodeForHTML or EncodeForURL

When a user registers on a site, should we use EncodeForHTML() or EncodeForURL() before storing the value in a DB?
The reason I ask this is that when I send an e-mail to someone that includes a URL that contains an email address as a URL variable, I have to use EncodeForURL(). But if this email address is already encoded using EncodeForHTML(), it will mean I have to Canonicalize() it before using EncodeForURL() on it again.
I would therefore think that EncodeForURL() is probably good, but is it 'safe' and 'correct' when storing the value in a database?
Update: Upon reading the docs it says that EncodeForURL is only for using a value in a URL. Thereofore it seems to make sense that I should store it as EncodedForHTML, but then Canonicalize and re-encode for URL when using it in a URL context. I don't know how much of a performance hit all this encoding is going to take on my server...??
Copying this from my company's internal documentation. Not sure if the images uploaded correctly since imagr is blocked # work. If so, I'll re-upload them later. I'll be publishing this and more related content to a Githib repo in the future.
You should store it as simple text, but make sure you scrub your data on the way in using an AntiSamy library. Once the data is safe, make sure to encode the data on the way out using the proper encoder. And FYI, there's a big difference between the output of encodeForHTML() and encodeForHTMLAttribute().
In the below examples, substitute the variables that define email addresses with data from the DB.
PROTIP: Don't use these encoders in CFFORM tags. Those tags take care of the encoding for you. CF 9 and below use HTMLEditFormat(), CF 10 and above most likely use encodeForHTMLAttribute().
Simple Implementation
A basic implementation is to include a single e-mail address in order to populate the "To" field of a new e-mail window.
CFML
<cfset email = "someone#example.com" />
E-mail
HTML Output
E-mail
CFML with Proper Encoding
<cfset email = "someone#example.com" />
E-mail
Encoded HTML Output
Notice that the "#" symbol is properly percent encoded as "%40".
E-mail
Results when clicked
And if you plan on showing the e-mail address on the page as part of the link:
<cfset email = "someone#example.com" />
#encodeForHTML(email)#
Attack Vector
An advanced implementation includes e-mail addresses for "To" & "CC". It can also pre-populate the body and subject of the new e-mail.
CFML without encoding
<cfset email = "someone#example.com" />
<cfset email_cc = "someone_else#example.com" />
<cfset subject = "This is the subject" />
<cfset body = "This is the body" />
E-mail
HTML Output
E-mail
Results when clicked
Notice that the subject and body parameters contain spaces. While this string will technically work, it is still prone to attack vectors.
Imagine the value of body is set by the result of a database query. This record has been "infected" by a malicious user and the default body message has an appended "BCC" address, so some evil user can get copies of e-mails sent via this link.
Infected Data
<cfset body = "This is the body&bcc=someone#evil.com" />
HTML Output
E-mail
Results when clicked
In order to stop this MAILTO link from being infected, this string needs to be properly encoded.
CFML with HTML Attribute Encoding
Since "href" is an attribute of the <a> tag, you might think to use the HTML Attribute encoder. This would be incorrect.
<cfset email = "someone#example.com" />
<cfset email_cc = "someone_else#example.com" />
<cfset subject = "This is the subject" />
<cfset body = "This is the body&bcc=someone#evil.com" />
E-mail
HTML Output
E-mail
Results when clicked
CFML with URL Encoding
The correct encoding of a MAILTO link is done with the URL encoder.
<cfset email = "someone#example.com" />
<cfset email_cc = "someone_else#example.com" />
<cfset subject = "This is the subject" />
<cfset body = "This is the body&bcc=someone#evil.com" />
E-mail
HTML Output with Correct Encoding
Notice these things about the URL encoder:
Each space (" ") is converted to a plus sign ("+") instead of its expected percent value ("%20").
Encoding is otherwise done using percent ("%") values.
Since the individual query paramters are encoded, the ampersands ("&") connecting each paramter were not encoded.
When the "body" paramter is encoded, it includes the "&body=" string that was maliciously injected. This entire string is now part of the message body, which prevents the unintended "bcc" of the e-mail.
E-mail
Results when clicked
What's with the plus signs? It is up to the individual mail client (e.g. Outlook, GMail, etc.) to correctly decode these URL encoded values.
Store the email addresses in plain text, then encode them when you use them, depending on the context. If it's going to be a part of URL, use EncodeForURL(). If it's going to be displayed in HTML as text, use EncodeForHtml().

CFMail not sending to email address that has a single quote in it

How can I use cfmail to send an email to an address that has a single quote in it? For example:
firstname.o'flanagan#example.com
For some reason I can't get an email sent to that address no matter what I do. Here's the cfmail tag code I'm using. I've tested all the variables and they're all defined:
<cfmail from="#getEmail.from_email#"
to="#email#"
subject="#getEmail.subject#"
type="HTML"
cc="#cc_email#"
bcc="#attributes.bcc_email#"
charset="UTF-8">
Am I missing something? Thanks for the help.
Did you try
<cfmail from="#getEmail.from_email#"
to="#preserveSingleQuotes(email)#"
subject="#getEmail.subject#" type="HTML"
cc="#cc_email#" bcc="#attributes.bcc_email#" charset="UTF-8">
using the PreserveSingleQuotes should allow you to send to that address. Unfortunately using a single quote is valid in an email.

White Space / Coldfusion

What would be the correct way to stop the white space that ColdFusion outputs?
I know there is cfcontent and cfsetting enableCFoutputOnly. What is the correct way to do that?
In addition to <cfsilent>, <cfsetting enablecfoutputonly="yes"> and <cfprocessingdirective suppressWhiteSpace = "true"> is <cfcontent reset="true" />. You can delete whitespaces at the beginning of your document with it.
HTML5 document would then start like this:
<cfcontent type="text/html; charset=utf-8" reset="true" /><!doctype html>
XML document:
<cfcontent reset="yes" type="text/xml; charset=utf-8" /><CFOUTPUT>#VariableHoldingXmlDocAsString#</CFOUTPUT>
This way you won't get the "Content is not allowed in prolog"-error for XML docs.
If you are getting unwanted whitespaces from a function use the output-attribute to suppress any output and return your result as string - for example:
<cffunction name="getMyName" access="public" returntype="string" output="no">
<cfreturn "Seybsen" />
</cffunction>
You can modify the ColdFusion output by getting access to the ColdFusion Outpout Buffer. James Brown recently demo'd this at our user group meeting (Central Florida Web Developers User Group).
<cfscript>
out = getPageContext().getOut().getString();
newOutput = REreplace(out, 'regex', '', 'all');
</cfscript>
A great place to do this would be in Application.cfc onRequestEnd(). Your result could be a single line of HTML which is then sent to the browser. Work with your web server to GZip and you'll cut bandwidth a great deal.
In terms of tags, there is cfsilent
In the administrator there is a setting to 'Enable whitespace management'
Futher reading on cfsilent and cfcontent reset.
If neither <cfsilent> nor <cfsetting enablecfoutputonly="yes"> can satisfy you, then you are probably over-engineering this issue.
When you are asking solely out of aesthetic reasons, my recommendation is: Ignore the whitespace, it does not do any harm.
Alternatively, You can ensure your entire page is stored within a variable and all this processing is done within cfsilent tags. e.g.
<cfsilent>
<!-- some coldfusion -->
<cfsavecontent variable="pageContent">
<html>
<!-- some content -->
</html>
</cfsavecontent>
<!-- reformat pageContent if required -->
</cfsilent><cfoutput>#pageContent#</cfoutput>
Finally, you can perform any additional processing after you've generated the pagecontent but before you output it e.g. a regular expression to remove additional whitespace or some code tidying.
Here's a tip if you use CFC.
If you're not expecting your method to generate any output, use output="false" in <cffunction> and <cfcomponent> (not needed only if you're using CF9 script style). This will eliminate a lot of unwanted whitespaces.
If you have access to the server and want to implement it on every page request search for and install trimflt.jar. It's a Java servlet filter that will remove all whitespace and line breaks before sending it off. Drop the jar in the /WEB-INF/lib dir of CF and edit the web.xml file to add the filter. Its configurable as well to remove comments, exclude files or extensions, and preserve specific strings. Been running it for a few years without a problem. A set it and forget it solution.
I've found that even using every possible way to eliminate whitespace, your code may still have some unwanted spaces or line breaks. If you're still experiencing this you may need to sacrifice well formatted code for desired output.
for example, instead of:
<cfprocessingdirective suppressWhiteSpace = "true">
<cfquery ...>
...
...
...
</cfquery>
<cfoutput>
Welcome to the site #query.userName#
</cfoutput>
</cfprocessingdirective>
You may need to code:
<cfprocessingdirective suppressWhiteSpace = "true"><cfquery ...>
...
...
...
</cfquery><cfoutput>Welcome to the site #query.UserName#</cfoutput></cfprocessingdirective>
This isn't CF adding whitespace, but you adding whitespace when formatting your CF.
HTH