James Moberg

Recent Blog Comments By James Moberg

• ColdFusion Custom Tags Can Use Dashed Attributes

  Posted on May 12, 2023 at 6:44 PM

  Passing strings that fail isvalid("variablename") work when passed as parameters to CFTags using EOL versions of ACF, like CF2016... but using the bracket notation with CFPARAM throws an error. For better cross-platform support, the ternary operator works. This is what I've had to... read more »

• The Elvis / Null Coalescing Operator Can Sometimes Replace The Safe Navigation Operator In Lucee CFML 5.3.6.61

  Posted on Mar 24, 2022 at 4:47 PM

  It's best to avoid (as commented here two years later): https://www.bennadel.com/blog/4231-fundamental-differences-in-elvis-operator-between-adobe-coldfusion-and-lucee-cfml.htm SUMMARY: Using Adobe ColdFusion, if foo.bar.baz exists & can be evaluated as falsey , it will use the fallb... read more »

• Mitigating Cross-Site Scripting (XSS) Attacks With A Strict Content Security Policy (CSP) In ColdFusion 2021

  Posted on Mar 4, 2022 at 6:11 PM

  Here's how I've been generating the nonce (0ms). nonce = toBase64(generateSecretKey("AES")); Is this less secure, random or compatible than using your SecureRandom CFC? Tool-wise, I benefited from using "chrome-csp-disable" browser extension while integrating CSP int... read more »

• The Elvis / Null Coalescing Operator Can Sometimes Replace The Safe Navigation Operator In Lucee CFML 5.3.6.61

  Posted on Feb 24, 2022 at 1:19 AM

  Brad's recommendation is fine ( "skip Safe Navigation operator & just use the Elvis operator" ) if you develop only for Lucee and have no expectation of your code being cross-compatible with Adobe. foo?.bar?.baz ?: "fallback value" works with CF2016-2021 as w... read more »

• Performing A Double-Check Lock Around "Run Once" Code In ColdFusion

  Posted on Feb 19, 2022 at 12:49 AM

  What approach do you recommend to perform a "forced refresh" of server-scoped variables? Is it safe to just add an additional argument to delete the server key? if (arguments.forceRefresh) { structDelete(server, "config"); }... read more »

• Inspecting Primary And Secondary Index Key Utilization For MySQL 5.7.32 In Lucee CFML 5.3.7.47

  Posted on Jan 30, 2022 at 10:32 AM

  We use Microsoft SQL Server and I needed to audit the current max/min values of all numeric columns in a database (not just columns flagged as primary or secondary keys). I'm sharing here in case it's beneficial for other devs that use MSSQL. I'm using this T-SQL that I found on the TechBro... read more »

• Making SQL Queries More Flexible With LIKE In MySQL 5.7.32 And Lucee CFML 5.3.7.47

  Posted on Oct 23, 2021 at 5:09 PM

  Just curious. Do you have a broader set of unit tests for this? How well does this work with different SQL databases? Does it work when dbtype="query"? I've been using a modified version of the SmartSearch UDF from CFlib. (It doesn't use regex.) https://cflib.org/udf/smartSea... read more »

• Generating Color Swatches With GraphicsMagick And Lucee CFML 5.3.7.47

  Posted on Jun 23, 2021 at 9:49 AM

  You can use pre-existing images with GraphicMagick's Montage utility to automatically generate contact sheets. http://www.graphicsmagick.org/montage.html gm.exe montage -geometry 120x120 -tile 3x2 C:\1.png C:\2.png C:\3.png C:\4.png C:\5.png C:\6.png c:\output.jpg Here's the syntax tha... read more »

• Pro Tip: Using The say Voice Synthesis Command After A Long-Running Task

  Posted on May 21, 2021 at 12:03 PM

  For Windows, I already use many NirSoft utilities (view WiFi password history, convert CSV to TSV, etc) and I found that their core NirCmd utility has a "speak" function. It's a little robotic and not as nice as the built-in Microsoft speech synthesis (or Fiona), but sounds better ... read more »

• Checking To See If A Struct Is Of Type Ordered / Linked In Lucee CFML 5.3.6.61

  Posted on Oct 23, 2020 at 1:34 PM

  I was determining whether an Adobe ColdFusion struct was ordered by examining the canonical Name. canonicalName = getMetaData(myStruct).getCanonicalName(); For structs, It would return one of the following: coldfusion.runtime.Struct coldfusion.runtime.StructOrdered If using a Link... read more »

• The canonicalize() Function Will Decode Strings That "Loosely Match" HTML Entities In Lucee CFML 5.3.5.92

  Posted on May 15, 2020 at 12:23 PM

  @Ben, What happens when an encoded ampersand ( & ) is legitimately used as part of the value? If brand=A&W is canonicalized, it will return: brand = A W = (empty) This is not desirable.... read more »

• cuid For ColdFusion - Collision-Resistant IDs Optimized For Horizontal Scaling And Performance

  Posted on Mar 16, 2018 at 9:45 AM

  I recommend adding slug support. That way "ColdFusion" (er, CFML) can be officially listed along with Ruby, .Net, Go, PHP, Elixir, Haskell, Python, Clojure, and Java. It would be a beneficial feature. We often generate smaller IDs when creating entry codes or "one-time" URLs.... read more »

• cuid For ColdFusion - Collision-Resistant IDs Optimized For Horizontal Scaling And Performance

  Posted on Mar 16, 2018 at 9:38 AM

  Nice. I like using generators that have multi-language support. Have you used hashIds yet? (I did a quick search on google and amazingly this is one library you haven't blogged about yet.) hashIds "generates (collision free) short unique ids from integers". The values that it generate... read more »

• ColdFusion Gateway For IPInfo.io Geolocation Service

  Posted on Oct 12, 2016 at 3:29 PM

  Sorry... it's $25/yr, but appears to may out at 60 API requests per hour (1000 (Per Day). This actually appears to be cheaper than the cheapest IPInfo.io plan, by $95/yr.... read more »

• ColdFusion Gateway For IPInfo.io Geolocation Service

  Posted on Oct 12, 2016 at 3:26 PM

  I just checked out IPInfo.io. They performed the correct reverse DNS lookup to get my Class C IP's hostname, but their lat/lng response indicates that I'm located near Wichita, Kansas in the middle of the Cheney Reservoir. It was off by about 1,600 miles. I checked using WhatisMyIP.com and they c... read more »

• ColdFusion Gateway For IPInfo.io Geolocation Service

  Posted on Oct 12, 2016 at 3:18 PM

  I've been working with GetIPIntel.net & AbuseIPDB.com APIs. To reduce redundant calls, API limits and potential performance bottlenecks, I incorporated CacheGet() & CachePut() functions so that repeated calls using the same IP don't generate additional HTTP calls. The data shouldn't be dif... read more »

• OWASP Encoder.cfc - A Java Encoder Proxy For ColdFusion

  Posted on Dec 29, 2015 at 10:05 AM

  Thanks for writing this! (This was on my TODO list.) I also work with older versions of ColdFusion and prefer to work with custom functions rather than the built-in ones as it makes it easier to add newer features to projects without having to worry about the version of CF used. ColdFusion 8 &... read more »

• Use preserveCase Consistently When Setting And Expiring Cookies In ColdFusion

  Posted on Dec 14, 2015 at 9:58 AM

  I discovered a recent issue regarding unencoded unicode cookie values. A JWPlayer language drop-down for sub-titles was causing problems on a ColdFusion website. The JWPlayer labels for the languages are used to create cookies and the unencoded unicode "Español" cookie value caused subse... read more »

• ColdFusion Image Resize Stuck At sun.java2d.cmm.kcms.CMM.cmmColorConvert With Massive CPU Usage

  Posted on Apr 30, 2015 at 11:35 AM

  I'm still using ColdFusion 9 w/Windows and our solution was to avoid using Java and use Jukka Manner's C++ CFX_OpenImage tag: http://www.kolumbus.fi/jukka.manner/cfx_openimage/ DISCLAIMER: A Linux/Unix port is unavailable. My personal experience with the Windows 64bit tag has been that it's faster... read more »

• ColdFusion 11 Accepts All Top-Level Domains (TLD) For IsValid() Email Validation

  Posted on Jan 19, 2015 at 10:19 AM

  I'm still using ColdFusion 9 for many applications and have access to better email validation than ColdFusion 11 by using Dominic Sayers' IsEMail java library. (I explored using a regex, but it required too many special rules.) The library can additionally test the domain's MX record to determine ... read more »