I created a web page to compute Dollars and Cents. In our assignment we had a few values that we had to assign such as Pennies = 23; Nickels = 8; Dimes = 34 and Quarters =12. We need to enter the ColdFusion statements to display the resulting values in the second Column. Format the Total output as currency.
I created the table but when I run it in the URL it only shows up #Dollarformat(Pennies)#
What can I do to display the number.
<!---Add code to initial variables--->
<cfset Pennies = 23>
<cfset Nickels = 8>
<cfset Dimes = 34>
<cfset Quarters = 12>
<!---Add code to perform calculation--->
<cfset Total_In_Cents = Pennies*1+Nickels*5+Dimes*10+Quarters*25>
<cfset Total = Total_In_cents * 100>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Kitchen Sink Model 2123</title>
</head>
<body bgcolor="#FFFFFF">
<table align="center" width="200" border="center">
<tr>
<th allign"center" colspan="2">Coin Counter Results
</tr>
<tr>
<td align="right">Pennies:</td>
<td align="right"><cfoutput>#Dollarformat(Pennies)#</cfoutput></td>
</tr>
<td align="right">Nickels:</td>
<td align="right"><cfoutput>#Dollarformat(Nickels)#</cfoutput></td>
</tr>
<td align="right">Dimes:</td>
<td align="right"><cfoutput>#Dollarformat(Dimes)#</cfoutput></td>
</tr>
<td align="right">Quarters:</td>
<td align="right"><cfoutput>#Dollarformat(Quarters)#</cfoutput></td>
</tr>
<td align="right">Total(Cents):</td>
<td align="right"><cfoutput>#Dollarformat(Total_In_Cents)#</cfoutput></td>
</tr>
<td align="right">Total:</td>
<td align="right"><cfoutput>#Dollarformat(Total)#</cfoutput></td>
</tr>
</table>
Do a simple test to ensure your server is processing ColdFusion. Write a file called mytest.cfm with this code.
<cfset pennies = 23>
<cfoutput>#pennies#</cfoutput>
This will help your debugging to eliminate any complex code problems.
If you see "23" when you are running this, then your server is processing ColdFusion and something else is wrong, but like Leigh and Scott said in the comments I suspect your server is not processing ColdFusion, which would be confirmed if you see "#pennies#" or all of the code. If this is the case then you need to fix that (a separate question / problem) before answering your code, which looks like it would work, though Scott does point out some extra code help that improves the logic.
Related
I have a query written in a stored procedure and the data is dumping just fine. Some of the results return [empty string] and in those cases, I'm trying to output a different message. Here's what I have thus far:
Looping through the query:
<cfloop query="#inactiveAdmins#">
<tr>
<td class="text-left">#Admin_Name#</td>
<td class="text-left">#Dept_Name#</td>
<td class="text-left">#Acad_Lead#</td>
<td class="text-left">#Acad_Lead_Email#</td>
<td class="text-right">#dateFormat(Last_Logon, 'mmm dd, yyyy')#</td>
</tr>
</cfloop>
At the top of the page, I'm running this cfif statement.
<cfif #inactiveAdmins.Last_Logon# eq "">
Never Logged On
<cfelse>
#inactiveAdmins.Last_Logon#
</cfif>
But, in my output, I'm still getting a display with no message.
When I try to run the condition inside the loop, I get the following:
Is this supposed to be inside your table? Make sure you wrap it inside a tr and td.
<cfloop query="#inactiveAdmins#">
<tr>
<td class="text-left">#Admin_Name#</td>
<td class="text-left">#Dept_Name#</td>
<td class="text-left">#Acad_Lead#</td>
<td class="text-left">#Acad_Lead_Email#</td>
<td class="text-right">#(Len(Last_Logon) ? dateFormat(Last_Logon, 'mmm dd, yyyy') : 'Never Logged On')#</td>
</tr>
</cfloop>
Or the long form:
<cfloop query="#inactiveAdmins#">
<tr>
<td class="text-left">#Admin_Name#</td>
<td class="text-left">#Dept_Name#</td>
<td class="text-left">#Acad_Lead#</td>
<td class="text-left">#Acad_Lead_Email#</td>
<td class="text-right">
<cfif Len(Last_Logon)>
#dateFormat(Last_Logon, 'mmm dd, yyyy')#
<cfelse>
Never Logged On
</cfif>
</td>
</tr>
</cfloop>
This is the continuation of my previous question. Below is the script I am trying to build to parse HTML which looks like the example below. I am getting the error Value must be initialised before use. Not able to attached the error.
I have to make a http call using jsoup where I need to provide username and password for the server login. Is the below code right way to do it? I looked at the Bennals blog for html parsing using jsoup.
I have this in my Application.cfc
component {
this.name = "jsoupTest";
this.javaSettings = {loadPaths=["/jsoup/jsoup-1.7.3.jar"], loadColdFusionClassPath=true};
}
Example of the HTML to be parsed
Note there are at least 5000 rows like below which need to be parsed and extract only the TEXT from the TD.
<tbody>
<tr>
<td class="drpdetailtablerowdetailleft">Robert M Best Jr.</td>
<td class="drpdetailtablerowdetailleft">AAI</td>
<td class="drpdetailtablerowdetail">7948</td>
<td class="drpdetailtablerowdetail">1</td>
<td class="drpdetailtablerowdetail">MC</td>
<td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td>
</tr>
</tbody>
<tbody>
<tr>
<td class="drpdetailtablerowdetailleft">Robert M Best Jr.</td>
<td class="drpdetailtablerowdetailleft">ABWS</td>
<td class="drpdetailtablerowdetail">4884</td>
<td class="drpdetailtablerowdetail">4</td>
<td class="drpdetailtablerowdetail">NMC</td>
<td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td>
</tr>
</tbody>
Updated Code to be used
<cfhttp url="https://intra.att.com/itscmetrics/EM2/LTMR.cfm" method="get" username="abc" password="zxyr">
<cfhttpparam type="url" name="LTMX" value="Andre Fuetsch / Shelly K Lazzaro">
</cfhttp>
<cfset jsoup = createObject("java", "org.jsoup.Jsoup") />
<cfset document = jsoup.parse(myPage.filecontent) />
<cfset content = doc.getElementById("contentwrapper")>
<!--- Let's see what we got. --->
<cfdump var="#content#" />
The myPage variable is being declared for the first time in your parse command.
I think you need to add result="myPage" to your cfhttp call.
<cfhttp result="myPage" url="https://intra.att.com/itscmetrics/EM2/LTMR.cfm" method="get" username="abc" password="zxyr">
It looks like the reason it is not working is because you have not called the constructor on the Jsoup class.
Try changing this line
var jSoupClass = createObject( "java", "org.jsoup.Jsoup" ).init(); // note calling init calls the constructor for the Java class
Did you install your jar file correctly?
ColdFusion searches for the objects in the following order:
The ColdFusion Java Dynamic Class Load directories:
Java archive (.jar) files in web_root/WEB-INF/lib
Class (.class) files in web_root/WEB-INF/classes
Quoted from : About ColdFusion, Java, and J2EE
So copy your jar file to web_root/WEB-INF/lib, restart CF, and try again.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I'm experiencing XSS in a legacy site.
The Parameter vulnerable to this attack is: ldapSearch.jsp?f=
After adding the XSS payload to check whether it is vulnerable or not: "><img src=x onerror=prompt(0);>
The URL will look like:
http://idenservices.hostname.com/axrac/ldapSearch.jsp?f=%22%3E%3Cimg%20src=x%20onerror=prompt%280%29;%3E
The XSS pop up comes up and proves that the site is vulnerable to XSS attacks.
Snippet from JSP
<tr>
<td class="required">*</td>
<td class="label"><h3>Enter User's Core ID</h3></td>
<td class="field"><input type="text" name="userid" size="25" maxlength="20" onkeypress="return isAlphaNumberKey(event)" onblur="return LowerCaseAlphanumeric(document.getElementById('userid'));">Lookup User</td>
</tr>
Snippet from JS
function userlookup(fieldName, formName)
{
var uri = "/axrac/ldapSearch.jsp?f=" + formName + "&f1=" + fieldName;
msgWindow=open(uri,'lookup','width=600,height=400,resizable=yes,toolbar=no,menubar=no,location=no,directories=no,status=no');
msgWindow.focus();
}
Adding ldapsearch.jsp
<%
String backFieldName = request.getParameter("f1");
String backFormName = request.getParameter("f");
%>
<table width="100%" cellpadding="0" cellspacing="0" border="0" class="PageSubHeader1">
<tr class="bg">
<td class="flag"> </td>
<td class="banner" width="100%"><h2>LDAP Search</h2></td>
</tr>
</table>
<table cellpadding="0" cellspacing="0" border="0" class="PageIntroduction">
<tr>
<td class="copy">
<br/>When searching for a person by their name, please provide 2 or more letters for their first and last name.
If less than 2 letters are entered for both fields or if one field is empty, the search may not return any results.
</td>
</tr>
</table>
<p class="HorizontalRule"></p>
<form action='ldapSearchResults.jsp' method='post'>
<input type="HIDDEN" name="backFieldName" value="<%=backFieldName%>">
<input type="HIDDEN" name="backFormName" value="<%=backFormName%>">
<table width="100%" cellspacing="0" border="0" class="Forms">
<tr>
<td class="required">*</td>
<td class="instruction" colspan="2"><h2>Indicates required field</h3></td>
</tr>
<tr>
<td class="required">*</td>
<td class="label"><h3>First Name</h3></td>
<td class="field"><input type=text name='firstName' size="20"></td>
</tr>
<tr>
<td class="required">*</td>
<td class="label"><h3>Last Name</h3></td>
<td class="field"><input type=text name='lastName' size="20"></td>
</tr>
<tr>
<td> </td>
<td class="label" colspan="2"><h3>- Or -</h3></td>
</tr>
<tr>
<td class="required">*</td>
<td class="label"><h3>Core ID</h3></td>
<td class="field"><input type=text name='coreID' size="20"></td>
</tr>
</table>
<p class="HorizontalRule"></p>
<table width="100%" cellpadding="0" cellspacing="0" border="0" class="Buttons">
<tr>
<td><input type="submit" class="systemButton1" value="Submit Form" id="Submit"> <input type="reset" class="systemButton2" value="Reset Form" id="Reset"></td>
</tr>
</table>
</form>
</body>
</html>
I do not see any issue with JavaScript, but still it is prone to XSS attack.Need help in understanding why it is vulnerable and what should I do to fix this.
Need help in understanding why it is vulnerable
You take user input here:
String backFieldName = request.getParameter("f1");
Then your output it, without modification, here:
<input type="HIDDEN" name="backFieldName" value="<%=backFieldName%>">
(You do the same with other data too, but we'll use this for the example).
This allows anyone to craft a link that contains a "> followed by any HTML (including <script> elements or a Payment Required form) they want, send it to someone, and then have their HTML appear on your site when that person follows the link.
and what should I do to fix this.
Either convert any characters with special meaning in HTML to their respective entities, or run the data through a whitelist to filter out potentially bad input.
Further reading: OWASP XSS Prevention Cheat Sheet
I am creating a footer in a PDF document using <cfdocumentitem type="footer"> and it is working fine. Except that I cannot seem to control the font. I have tried <span>, <font face> etc. with no luck. Currently I am trying a table with class as below.
Anyone know how to control the font look in a footer with <cfdocumentitem>?
<cfdocument format="pdf"
marginBottom = ".5"
marginLeft = ".4"
marginRight = ".4"
marginTop = ".2"
>
<style type="text/css">#import "pdf.css";</style>
<cfdocumentitem type="footer">
<cfoutput>
<table width=100%>
<tr>
<td class=verd10>
<b>#pdfstuff.pdffinal#</b>
</td>
<td align=right class=verd10 valign=top>
Page #cfdocument.currentPageNumber# of #cfdocument.currentPageNumber#
</td>
</tr>
</table>
</cfoutput>
</cfdocumentitem>
pdf document data etc
</cfdocument>
Try adding a copy of the stylesheet link inside the footer, like so:
<cfdocumentitem type="footer">
<style type="text/css">#import "pdf.css";</style>
<cfoutput>
<table>
... etc
</table>
</cfoutput>
</cfdocumentitem>
Welcome to cfdocument. The only way I have been able to successfully format any text in the footer is to use a combination of html and inline styles.
Here is a footer that works for me:
<cfdocumentItem type="footer">
<table width="100%">
<tr>
<td style="font-family:Arial; font-size: 9pt;">Printed On: #dateFormat(now(), "mm/dd/yyyy")# #timeFormat(now(), "HH:MM")#</td>
<td style="font-family:Arial; font-size: 9pt;" align="right">Page #cfdocument.currentPageNumber# of #cfdocument.totalPageCount#</td>
</tr>
</table>
</cfdocumentItem>
I got a coldfusion query where the result is grouped on country names. With a click on this one, I try to open or close the list under the country. But i cannot work correctly with this siblings and this parents. The result is, if i click on a country name, the fourth one, for example, it close all childrens, and the three country name which are before too.
Can someone help me to choose the right selectors ?
Thank you in advance ,
Michel
The code:
<script type="text/javascript" language="javascript">
$(document).ready(function(){
var toggleMinus = '<cfoutput>#variables.strWebAddress#</cfoutput>/images/bullet_toggle_minus.png';
var togglePlus = '<cfoutput>#variables.strWebAddress#</cfoutput>/images/bullet_toggle_plus.png';
var $subHead = $('table#categorylist tbody th:first-child');
$subHead.prepend('<img src="' +toggleMinus+ '" alt="collapse this section" /> ');
$('img', $subHead).addClass('clickable').click(function(){
var toggleSrc = $(this).attr('src');
if(toggleSrc == toggleMinus){
$(this).attr('src',togglePlus).parents('.country').siblings().fadeOut('fast');
}else{
$(this).attr('src',toggleMinus).parents('.country').siblings().fadeIn('fast');
}
});
});
</script>
<table width="95%" border="0" cellspacing="2" cellpadding="2" align="center id="categorylist">
<thead>
<tr>
<th class="text3" width="15%">
<cfmodule template="../custom_tags/get_message.cfm" keyName="L_ACTOR_CODENUMBER">
</th>
<th class="text3" width="15%">
<cfmodule template="../custom_tags/get_message.cfm" keyName="L_ACTOR_CODE">
</th>
<th class="text3" width="55%">
<cfmodule template="../custom_tags/get_message.cfm" keyName="L_ACTOR_NAME">
</th>
<th class="text3" width="15%">
<cfmodule template="../custom_tags/get_message.cfm" keyName="L_ACTIVE">
</th>
</tr>
</thead>
<tbody id="content">
<cfoutput query="qryCategoryUrl" group="country_name" groupcasesensitive="false">
<tr class="country">
<th style="font-weight:bold; text-align:left;" colspan="4">#country_name#</th>
</tr>
<cfoutput>
<tr>
<td valign="top" class="text3">#Replace(ACTOR_CODENUMBER, Chr(13) & Chr(10), "<br>", "ALL")# </td>
<td valign="top" class="text3">#Replace(ACTOR_CODE, Chr(13) & Chr(10), "<br>", "ALL")# </td>
<td valign="top" class="text3">#Replace(ACTOR_NAME, Chr(13) & Chr(10), "<br>", "ALL")# </td>
<td valign="top" class="text3"><cfmodule template="../custom_tags//get_message.cfm" keyName="#ACTIVE_display(qryCategoryUrl.ACTIVE)#"></td>
</tr>
</cfoutput>
</cfoutput>
</tbody>
</table>
Instead of:
.parents('.country').siblings().fadeOut('fast');
Try this:
.closest('.country').nextUntil('.country').fadeOut('fast');
And of course, apply the same change to the .fadeIn(). You might also look into .fadeToggle()docs.
Here's a (reduced) example: http://jsfiddle.net/redler/5sqJz/. While it doesn't affect the example, presumably you would be setting the initial state of those detail rows as hidden.
woah all that cfmodule usage, cfmodule can be a memory hog.
Although what I always recommend is that people try their pages in whatever browser, and use the SelectorGadget bookmarklet at http://www.selectorgadget.com/
This makes it easier to test and check the correct selector, for your app needs.