test search results

lucee · May 3, 2024 · c4c8f84 · c4c8f84
1 parent d2484eb
commit c4c8f84
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/core/src/main/cfml/context/admin/Application.cfc b/core/src/main/cfml/context/admin/Application.cfc
@@ -34,6 +34,9 @@ this.sessionCookie.path = getAppFolderPath();  // the admin is always in a folde
 this.tag.cookie.sameSite = "strict";
 this.tag.cookie.path = getAppFolderPath();
 this.tag.cookie.httpOnly = true; // prevent access to session cookies from javascript
+this.searchImplicitScopes = false;
+this.searchResults = false;
+this.security.limitEvaluation = true;
 
 this.xmlFeatures = {
 	externalGeneralEntities: false,

diff --git a/core/src/main/cfml/context/admin/web.cfm b/core/src/main/cfml/context/admin/web.cfm
@@ -1,3 +1,25 @@
+<cfscript>
+	q = queryNew("id");
+	queryAddRow(q);
+	querySetCell(q, "id", "ooops");
+	a = getapplicationsettings();
+	dump(a);
+	for (aa in a){
+		if (isSimpleValue(aa) && aa contains "search")
+			dump(var=a[aa], label=aa);
+	}
+	loop query="q" {
+		systemOutput("this should crash", true); 
+		systemOutput(id, true); //unscoped, as this.searchResults = false;
+		echo(id);
+	}
+
+	//echo(cgi.remote_Address);
+	//	echo(remote_Address); // unscoped should crash
+
+	url.test =1;
+	//echo(test); // unscoped should crash
+</cfscript>
 <cfscript>
 
 	request.singleMode=getApplicationSettings().singleContext;