Passing two form variables in a single URL - coldfusion

I'm running the following form inside abc.cfm.
// Parameters Defined
<cfparam name="startdate" default="#DateFormat(dateAdd('d',-40,now()), 'yyyy-mm-dd')#">
<cfparam name="enddate" default="#DateFormat(dateAdd('d',-1,now()), 'yyyy-mm-dd')#">
<cfform format="HTML" action="datedownload.cfm" method="get" >
<cfformgroup type="horizontal">
<cfinput type="dateField" name="startdate" width="100" value="#startdate#">
<cfinput type="dateField" name="enddate" width="100" value="#enddate#">
<cfinput name="submitApply" type="submit" value = "Apply">
<cfinput type="button" name="download" value="Download" onclick="window.location.href='datedownload.cfm?startdate=#form.startdate#&enddate=#form.enddate#path=http://abc.xyz.com/username/July30/datedownload.cfm'">
</cfformgroup>
</cfform>
Everything is printing fine with the following code in datedownload.cfm
Startdate: <cfdump var = "#startdate#">
End Date :<cfdump var = "#enddate#">
Except that, the Enddate is printing full path along with it as follows:
Startdate: 2013-06-20 End Date : 2013-07-29path=http://abc.xyz.com/username/July30/datedownload.cfm
How can I remove the stuff starting from path?

If I am reading this correctly, you are getting an error that startdate and enddate are not defined in the form scope when you try to load download.cfm. Since you are passing those variables to download.cfm as part of a query string (by submitting the form using GET), they would not be present in the form scope.
I can think of 2 quick and easy solutions:
First, you can change your reference to form.startdate and form.enddate to url.formdate and url.enddate respectively. Variables passed in as part of the query string (like when you do a GET) become part of the url scope, not the form scope (liek when you do a POST).
Second, you can param the variables like this in download.cfm:
<cfparam name="url.startdate" default="#DateFormat(dateAdd('d',-40,now()), 'yyyy-mm-dd')#">
<cfparam name="url.enddate" default="#DateFormat(dateAdd('d',-1,now()), 'yyyy-mm-dd')#">
<cfparam name="form.startdate" default="#url.startdate#">
<cfparam name="form.enddate" default="#url.enddate#">
This will first param the values in the url scope to the same values you have in the page that displays the form, then it will param the same variable names in the form scope to the same value of the same variable names in the URL scope.

Use an ampersand before enddate instead of the question mark and add an ampersand before the path variable
window.location.href='Download.cfm?startdate=#form.startdate#&enddate=#form.enddate#&path=http://abc.xyz.com/<username>/Testing/Testing/Download.cfm'

The simplest way to solve your problem is to get rid of the 2nd button. It is not necessary and will confuse not only you, but your users. Since your form method is "get" the two formfields will be part of the url scope which seems to be what you want.
Also, where are the form variables coming from in the value attributes of your two inputs?

What's wrong with using a form post? That's the way I prefer to do it. I also test the request type (POST versus GET) to ensure that the download file isn't bookmarkable.
You'll need to use javascript to get the dates in the web-based form, not ColdFusion. (The user will also need to have javascript enabled to use the form to use location.href.)
Give your form fields matching IDs and try the following:
window.location.href='Download.cfm?startdate='+ document.getElementById('startdate').value +'&enddate='+ document.getElementById('enddate').value +'&path=http://abc.xyz.com/<username>/Testing/Testing/Download.cfm';
I'd recommend not using CFForm tags since they require the the /CFIDE/ directory and is currently recommended to be blocked:
Secure CFIDE Directory for ColdFusion
ColdFusion 9 Server Lockdown Guide (PDF)
ColdFusion 10 Server Lockdown Guide (PDF)
Make sure you perform date validation on the server-side. If you need client-side date validation, you can use HTML5 DOCType and the attributes type="date" & required or consider using the jQuery Validation plugin (preferable to CFForm validation).

Related

ColdFusion: Passing a variable from an include back up to the parent page

I'm using Mura CMS 7.1, which uses ColdFusion. On a page template I have some markup and am including a template file that has code for displaying calendar events from an outside source. When there are no events, I'm currently displaying a message as such. Instead however, I'd like to hide this entire section on the page template itself. Problem is I need to pass some sort of value from the include file back to the page template so I can set inline CSS to either display block/none for this section, and I'm not sure how to do this. My page template code is:
<section class="collegeEvents" style="display:">
<div class="collegeEvents__container wrapper-1170MaxWidth">
<h2 class="collegeEvents__heading">What's coming up?</h2>
<cfinclude template="inc/homeEvents.cfm" />
</div>
</section>
And the calendar code is all inside of the 'homeEvents.cfm' file. I need to be able to alter that inline css 'display' property with a value that I set in 'homeEvents.cfm'. How would I go about doing this so that the value is accessible from the page template?
I'm not suggesting this is good practice, but you could use a style block from code inside your included cfm. eg:
<cfsavecontent variable="variables.styleBlock">
<style>
<cfif myLogicHere>
.collegeEvents {display:none;}
<cfelse>
.collegeEvents {display:block;}
</cfif>
</style>
</cfsavecontent>
<cfhtmlhead text="#variables.styleBlock#" />
You could also use javascript to change the style afterwards, but with that there's more chance of a delay where the user sees the 'wrong' layout before the style is eventually applied.
This is a formatted comment.
I know that variables in the calling page are available in the included page. This leads me to believe that variables in the included page are available to the calling page. Here is a simple test of that theory.
CallingPage.cfm
<cfinclude IncludedPage.cfm>
<cfdump var = "#x#">
IncludedPage.cfm
<cfset x = 1>
Browse CallingPage.cfm and see what happens. If you get an error for an undefined variable, there is always to good old session scope.
Please see the comment from #haxtbh. I was able to accomplish the desired task using JS directly within the include.

Why is the FORM scope showing fewer values than were actually submitted by this AJAX file uploader?

I'm not sure I understand how to phrase my question, but I believe it's specific to ColdFusion's handling of certain AJAX form data, despite my reference to a specific JavaScript plugin.
I'm trying to implement the FilePond uploader on a ColdFusion 2011 server, and I've got it configured well on the frontend (it uploads the files to tmp folder just fine), but my problem is not knowing how to get ColdFusion to process the extra metadata it sends along with it on every upload. This data doesn't look to me like it comes in the same format as plain old hidden input fields.
When I inspect the network request with Dev Tools, it looks different to me than other forms I've processed. There are two "filepond" entries, one a JSON object and the other the binary image. When I < cfdump var="#form.FilePond#">, I only get the tmp uploaded file path, which I can process. But how do I access the JSON in my screenshot containing the "parentid"? Nothing I've tried, like form.FilePond[1], seems to work and throws errors.
Update with output from CF form processing page:
1st line is output of Form.FilePond.
2nd is cfdump of Form.
3rd is cfdump URL.
4th is cfdump of getHttpRequestData()
Update:
Bugs filed for CF2016 (core support ending for CF11 after April 2019)
CF-4204103 -
FORM scope is missing values when same named fields include type=file
CF-4204102 - sameFormFieldAsArray setting doesn't work with enctype="multipart/form-data"
After some testing, I've concluded it's a ColdFusion bug.
Issue:
The issue seems to occur under these conditions
Request is a multipart/form-data POST
Contains multiple fields with the same name
At least 1 of those fields is a file field i.e. type="file"
The first field submitted (within the group) is NOT a file field
Under those conditions, ColdFusion seems to ignore everything before the first file field. (If you check the filepond source ut confirms the metadata field is submitted before any file fields). That's why the metadata value doesn't appear when dumping the FORM scope.
Note, the this.sameFormFieldsAsArray setting has no effect because it doesn't work with multipart/form-data requests.
Test Case
Below is a test case. Notice the results are what you'd expect when the same named field occurs after the first file field?
<cfdump var="#form#" label="Form scope">
<form method="post" enctype="multipart/form-data">
<br>First:
<input type="file" name="fileFirst"><br>
<input type="text" name="fileFirst" value="Lions"><br>
<br>Last:
<input type="text" name="fileLast" value="Tigers"><br>
<input type="file" name="fileLast"><br>
<br>Middle:
<input type="text" name="fileMiddle" value="Bears"><br>
<input type="file" name="fileMiddle"><br>
<input type="text" name="fileMiddle" value="Oh My"><br>
<input type="submit">
</form>
Workaround
This blog provides a workaround using an undocumented feature of the FORM scope. Using form.getPartsArray() provides access to both "filePond" fields allowing you to extract the value of the dropped field. Not ideal, but does work until the issue is fixed.
Keep in mind this is an undocumented feature, so be sure to isolate the code for easier alterations in case Adobe alters or removes that function in the future (which they've done before, so fair warning!).
<cfscript>
// dump raw form fields
for (part in form.getPartsArray()) {
writeDump({ fieldName = part.getName()
, isFile = part.isFile()
, fieldValue = (part.isFile() ? part.getFileName() : part.getStringValue())
}
);
}
</cfscript>

Django: How can I invisibly pass a variable to another template?

I have three templates in my project—we'll call them first.html, second.html, third.html.
first.html gets a string from the user, using an <input> tag:
<input type="radio" name="selection" value="example_string" />
second.html displays this string using {{selection}}. (In my views.py, I got the value using request.POST.get and render_to_response().)
The question is: how do I send this value from second.html to third.html? One of my attempts—using a <span> tag to save the information in a variable—is illustrated below, but it doesn't seem to work.
<span name="selection" value={{selection}}>{{selection}}</span>
Edit: The following line works by creating a dummy single radio button. I don't know why it shouldn't be possible to create a variable without an <input> tag [visible to the user].
<input type="radio" name="selected" value={{selected}} checked="checked" />
You need to understand how the web works: each page is entirely separate, and is requested using a separate request.
Your basic options are: save data on the client side, or post it back to the server.
Both options can be performed with javascript, or posting back can also be performed by posting the form back to the server.
If you want to send it back to the server, it will have to be stored in the current session, or in a model.
There are many javascript libraries. If you want to use them, I suggest you google around the subject.
Answering my own question, now that I've found the answer on Django's documentation.
There's a special kind of <input> tag precisely for this: "hidden". The following line accomplishes the same as was asked in the question, but without a dummy element visible to the user:
<input type="hidden" name="selected" value={{selected}} />

Dynamically set default form values in django

I'm trying to find a way to dynamically set default form values. So for example, if I add a facebook login feature on my webpage, and I can get his first name and last name from what the facebook javascript returns, I want to be able to set these values as the new "value" parameter in the given form. (basically so I'm able to put the user in my database)
I was hoping that there is some sort of
{{ form.firstname.default = Javascript.return.firstname }}
that I can insert into a template but there isn't...
Any ideas? Thank you.
Edit;; Maybe it would be better to first pass in the information into a views.py? But how would I do this? I am just considering hand writing the inputs out in the javascript field, which would be annoying...
You can set the default value of a template variable:
{{ form.firstname|default:Javascript.return.firstname }}
assuming that {{ Javascript.return.firstname }} is valid in that template context.
The code generated by Django is all server-side, its templates can't use anything which isn't available when the page is loaded. You need to use javascript to set the value.
For example, if your form looks like this:
<form id="login">
<input name="firstname" />
</form>
You could use this javascript (assuming you're using jQuery):
// Do the facebook login, set the var fname to the first name, then:
$('#login [name=firstname]').val(fname);

form variables and double quotes

I am populating form variables from a database.
If the field value has a double quote in it, such as 3" for 3 inches, then the html source looks like the following:
<input name="width" value="3"">
Q: How do I handle fields that contain double quotes?
I first thought it was a cfqueryparam problem, but it turns out it's an html problem.
Use HtmlEditFormat when displaying the value.
Like this:
<input name="width" value="#HtmlEditFormat(Form.Width)#" />
There is also:
XmlFormat for XML output;
JsStringFormat for JavaScript output;
UrlEncodedFormat for URL content.
For more complete/heavyweight stuff, you could consider OWASP's ESAPI - a Java Security API which can be used from CF and provides the following:
Context Method
------- ------
HTML esapi.encodeForHTML(variable)
HTML Attribute esapi.encodeForHTMLAttribute(variable)
JavaScript esapi.encodeForJavaScript(variable)
CSS esapi.encodeForCSS(variable)
URL esapi.encodeForURL(variable)
(from Pete Freitag's cfunited presentation slides)
I think it's probably the browser, you need to encode the quote using " in your HTML then it should pass properly.