Solved

CFINCLUDE equivalent for HTML only

Posted on 2004-03-25
17
511 Views
Last Modified: 2013-12-24
Hi,

Is there CFINCLUDE equivalent tag that would include some html file, but would not process any CFM?

Basically I allow users to save files using my interface.

Then on my page I have the following structure:

.....my code (necessary)......
<cfinclude template="usersfile.html">
.....my code (necessary)......

Everything is fine except that user can potentially put CFM code to his file and get control of the server.

So how do I do that "cfinclude" without processing CFML inside usersfile.html

Thanks
0
Comment
Question by:alexerm
  • 6
  • 6
  • 3
  • +2
17 Comments
 
LVL 5

Expert Comment

by:Seth_Bienek
ID: 10678151
Hi alexerm,

Try using <cffile>:

<cffile action="read" file="usersfile.html" variable="usersfile">
<cfoutput>#usersfile#</cfoutput>

This should render the text of the file without evaluating it as ColdFusion code.

Best Regards,

Seth
0
 
LVL 2

Author Comment

by:alexerm
ID: 10678183
I'm trying to avoid cffile whenever is possible because of it's bad perfomance.

Is there any other ways to do it without cffile?

Thanks
0
 
LVL 5

Accepted Solution

by:
Seth_Bienek earned 150 total points
ID: 10679057
Hi alexerm,

There are some UDF's on cflib.org that use the Java FileReader object (for MX apps) and the Windows FileSystem COM object (for 5.x apps) to read in a file's content.

<a href="http://www.cflib.org/udf.cfm?ID=417">http://www.cflib.org/udf.cfm?ID=417</a>
(could be streamlined - see Aaron Johnson's CF blog: http://cephas.net/blog/coldfusion/)

<a href="http://www.cflib.org/udf.cfm?ID=755">http://www.cflib.org/udf.cfm?ID=755</a>

You will want to compare their performance against cffile (using gettickcount()) before committing to any given solution though, and I have a feeling it's giong to be pretty close to cffile.

If it were my app (:D), I would do some performance testing using CFFILE before deciding it's too slow.  Remember, CFMX is a whole new animal.

Hope this helps,

Seth
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10681168
How about saving the file as include.html and use cfinclude, I don't think it will evaluate any CF code, give it a go.
0
 
LVL 2

Author Comment

by:alexerm
ID: 10681200
Reply to Tacobell777:

Unfortunetely, it does evaluate CF code, when using CFinclude, no matter what extension of the included file is

Alex
0
 
LVL 15

Expert Comment

by:danrosenthal
ID: 10682926
The only thing I can think of (other than CFFILE) is to store the page in a Database.
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10684969
I never tried it, weird though.

How about, if you read the file into a variable and the output it like so

#dE(myFileVariable)#
0
 
LVL 17

Expert Comment

by:anandkp
ID: 10711511
try this

<img src="my_cfm_or_html_or_any_file_i_need_to_execute.htm' width="1" height="1" border="0">

let me know ...

K'Rgds
Anand
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Author Comment

by:alexerm
ID: 10714057
Hi, Anand

The idea with <img> did not work. I would be surprised if it did work

Thanks

Alex
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10717120
Did you try my idea?

I don;t know what it is lately but people ignore me, any ideas why?
0
 
LVL 2

Author Comment

by:alexerm
ID: 10717296
Hi, Tacobell

I did not ignore your post.

If I read from file and just output variable, then there is no need to use DE(...).

Basically when I posted this question I was aware of solution that would read from file using cffile or some other custom tag and then just output whatever was read from file. (and there is no need to use DE in this solution)

However, my question was is there standard coldfusion tag that would include file like CFINCLUDE but would not process CFML inside.

Alex
0
 
LVL 5

Expert Comment

by:Seth_Bienek
ID: 10717315
I stand by my original suggestion. :)
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10717425
If you read a html file with cffile, then output the result within dE() them I'm pretty sure it won't be evaluated.
dE stands for Delay Evaluation, thus is your problem is that something is evaluated then you'd want to use dE()
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10717444
or in your html file that you call in the cfinclude you need to put dE() around every variable present, I'm pretty sure that will work to, if it's not dE() that works then dE(dE(variable)) will work.
0
 
LVL 2

Author Comment

by:alexerm
ID: 10717491
Hi, Taco

-------------------------------------------------------
<cffile action="read" ......... variable="myvar">
#myvar#
-----------------------------------------------------

does not require to use DE.

My problem was that CFINCLUDE evaluates CFML.

Alex

0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10717644
you know what, you seem to know it all, sort it out by yourself. ciao
0
 
LVL 2

Author Comment

by:alexerm
ID: 10717808
Tacobell,

You asked me to comment about your idea and I did

I don't understand why you got frustrated
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now