Michael Zock

Recent Blog Comments By Michael Zock

• For Better Security Use HtmlEditFormat() In Conjunction With JSStringFormat() In ColdFusion

  Posted on Jan 3, 2014 at 10:19 AM

  Keep in mind that the library was added in one of the CF9 updates (and was at least somewhat integrated in CF10). If it fails on a CF9 dev machine be sure to check whether it's missing any updates (running the unofficial updater should take care of that).... read more »

• For Better Security Use HtmlEditFormat() In Conjunction With JSStringFormat() In ColdFusion

  Posted on Jan 2, 2014 at 11:49 AM

  Have to agree with David and since the newer versions of CF and Railo have facades for the standard ESAPI methods you can simply run your source through a find&replace once you get rid of any legacy servers.... read more »

• Setting Unscoped Variables Inside CFThread In ColdFusion

  Posted on Sep 18, 2013 at 2:00 AM

  If you want to write to a scope outside the thread you'll have to use a backdoor to pass in a reference (just remember ACF's idiotic legacy behaviour of passing arrays by copy instead of by reference): <cfthread action="run" name="LOCAL.myLittleThread" tunnel="#createObje... read more »

• Detecting File Type Using Magic Numbers In ColdFusion

  Posted on Jun 26, 2013 at 11:03 AM

  BTW: Ben you actually provided an even better example yourself. Files produced by modern versions of MS Office and OpenOffice will also match the magic number for ZIP files because they're just that, renamed ZIP archives containing a ton of XML files and related junk. That's why file type detection... read more »

• Detecting File Type Using Magic Numbers In ColdFusion

  Posted on Jun 26, 2013 at 9:14 AM

  There will always be a certain level of multiple candidates in certain situations (e.g., MP3s containing ID3 data of different versions or old files from back when DivX and Xvid split into two separate codec projects and the differences were still minor).... read more »

• Detecting File Type Using Magic Numbers In ColdFusion

  Posted on Jun 26, 2013 at 1:21 AM

  Thanks for the nice summary. You might also want to take a closer look at TrID (or the stand-alone DLL behind it), which does various checks to return the file types with the highest probability: http://mark0.net/soft-trid-e.html... read more »

• ColdFusion 10 - ColdFusion Query Of Queries vs. Functional Programming

  Posted on Apr 10, 2012 at 2:37 PM

  Thanks for the example. It's nice to see a summary in action, even when it demonstrates one of CF's ongoing shortcomings (some features are only available in one of both modes).... read more »

• Thoroughly Document Your Use Of ColdFusion's CFHTMLHead Tag

  Posted on Sep 30, 2009 at 4:45 AM

  That's not all. Using <cfhtmlhead> can also bite you in the a$% if at some point you have to use <cfflush> to partially serve large files and one of the "head" calls happens after the "flush".... read more »