Getting Around ColdFusion Form Validation

Posted At : September 30, 2008 2:38 PM | Posted By : Jason Delmore
Related Categories: ColdFusion

I read a posting on Ray Camden's blog called Fixing the Facebook Problem, and why one ColdFusion feature needs to die... and it occurred to me that there is a relatively simple way to get around this in a generic way.

The code below will essentially bypass ColdFusion's built-in Server-side Form Validation by hiding it in the URL struct while the server would do validation and then putting it back in the FORM struct before you need the data.

<cfcomponent output="yes">
    <cfset this.name = "myApplication">
    <cfset url.form = structnew()/>
    <cfset structappend(url.form,form)/>
    <cfset structclear(form)/>
    <cffunction name="onRequestStart">
        <cfset structappend(form,url.form)/>
        <cfset structdelete(url,"form")/>
    </cffunction>
</cfcomponent>

This way, you don't need to know anything about the form field names of data coming in.

I hope it helps with your next facebook app. :) Jason

Comments (18)       Print       Send      
Comments
[Add Comment]
Ben Nadel's Gravatar This looks good... but is it safe to assume that this feature will *finally be removed* in ColdFusion 9?
# Posted By Ben Nadel | 9/30/08 2:48 PM
ike's Gravatar Just makes me all the more grateful that I don't do anything with Facebook. :P Although I don't use cfform either. Interesting that this works though. I had assumed that the cfform validation would occur prior to the onRequestStart ... I think I'd assumed prior to loading the Application.cfc ... not sure why I had that assumption tho. :P
# Posted By ike | 9/30/08 2:53 PM
Jason Delmore's Gravatar Ben - "Removed" is a strong word. :) There are a lot of ColdFusion applications out there and I am sure someone is using this. Let's say it's on our list to consider adding the ability to disable. :)
# Posted By Jason Delmore | 9/30/08 2:55 PM
Ben Nadel's Gravatar Sometimes strong words need to be used :)
# Posted By Ben Nadel | 9/30/08 2:59 PM
Ben Nadel's Gravatar I know you guys talk to customers a lot - do you have any sense of how many customers actually use this feature?
# Posted By Ben Nadel | 9/30/08 3:00 PM
Jason Delmore's Gravatar Well, a feature like this is unlikely to come up in a customer conversation. Usually when we find out a customer is using something that we weren't sure anyone was, it goes something like this.

"We've built our entire product offering on this feature, what are your plans for improving it?"

That's when we're reminded that ColdFusion has hundreds of thousands of developers, and every feature in the product is being used somewhere.

The best thing for us to do is allow it to be disabled one release, and then possibly disable it by default but allow it to be turned back on for the next. In general, there is little to no harm in leaving something there for compatibility.

Maybe we will go through and kill a bunch of older features in ColdFusion 15. :)

Jason
# Posted By Jason Delmore | 9/30/08 3:10 PM
zac spitzer's Gravatar Rather than removing it, why not just make it controllable just like mappings with application.cfc
# Posted By zac spitzer | 9/30/08 9:05 PM
Jason Delmore's Gravatar That is another option for the implementation. All I am saying here is that we would not remove it because I am sure someone uses it. We would add a way to disable/enable it, either as a server setting, application setting, or some other way.
# Posted By Jason Delmore | 10/1/08 9:13 AM
Hotels Spain's Gravatar Many thanks
# Posted By Hotels Spain | 11/17/08 11:14 AM
opel yedek parca's Gravatar thanks
# Posted By opel yedek parca | 11/19/08 2:11 AM
evden eve nakliyat izmir's Gravatar thanks
# Posted By evden eve nakliyat izmir | 11/20/08 7:14 AM
arama motoru's Gravatar thanks
# Posted By arama motoru | 11/24/08 10:19 AM
otomatik kap?'s Gravatar thnks
# Posted By otomatik kap? | 11/27/08 4:14 AM
ofis mobilyalari's Gravatar thnks
# Posted By ofis mobilyalari | 11/28/08 10:00 AM
otogaz's Gravatar thnks
# Posted By otogaz | 11/29/08 7:37 AM
büro mobilyas?'s Gravatar thanks..
# Posted By büro mobilyas? | 11/29/08 9:29 AM
gö?üs büyütücü's Gravatar thanks..
# Posted By gö?üs büyütücü | 12/3/08 9:12 AM
Adventure's Gravatar You are a god.
# Posted By Adventure | 12/24/08 3:10 PM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.9. Contact Blog Owner
Legal Disclaimer: This is my personal blog. The opinions and statements voiced here are my own and should in no way be construed as representing the positions, views, strategies or opinions of Adobe. I take no responsibility for how you end up using the information provided here. In the event that the postings here do sound like they could be the positions, views, strategies or opinions of Adobe, please re-read this disclaimer. If you find yourself in an endless loop, that is also not my fault.