Fusion Authority The House of Fusion Technical Magazine	Issue: 38 August 28, 2000 September 3, 2000
	This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission.

Community

Classes Full at CF101

Allaire Hosts Free ColdFusion Seminars from Allaire

Announcing New Custom Tag Generator

Presentation on CF and Flash a Sure Crowd-Pleaser

Next Issue

 

News

Web Development Giants Allaire and Adobe Partner

Research Shows Buyers, Wall Street, Forcing Changes on E-Commerce Software Providers

iE Further Strengthens Its Synergistic Partnership With Allaire

MSDN Praises ColdFusion

 

Tech and Tags

What's new in the Tag Gallery

WebReview Has Fun with ColdFusion

 

Techniques

Custom Functions in ColdFusion (Part I)

 

Security

Allaire Posts Revised Tags and Patches

Allaire Security Bulletin (ASB00-23): Spectra 1.0.1: Workaround Available for Administrative Interface Security Issue

 

Knowledge Base

Win2000/NT Users Get an Error When Trying to Launch HomeSite or Studio 4.5.1

SiteMinder and MSSQL Services Load Dependencies

Security Best Practice: Evaluating the Risks of Allowing Uploading and of Attached Files on Your Server

 

Stock

Forbes Article Lists Allaire as Budding Profit Maker

SmartMoney Picks Allaire

Weekly Numbers

 

Community

Classes Full at CF101

CF101 Website

[Top]

Allaire Hosts Free ColdFusion Seminars from Allaire

FREE ColdFusion Seminar

[Top]

Announcing New Custom Tag Generator

Ever wanted your custom tags to have that cool right click edit parameter and help? Can do with VTM extensions to CF studio but they suck to write to complex syntax and are very little help! Now, you can create them free on the web at CF_Custom Tag Generator. The CF_Custom Tag Generator is a web-driven replacement for the custom tag wizard that can be found in ColdFusion Studio's wizard templates. The url to connect directly to the wizard is http://www.netwebapps.com/mytags/index.cfm. There is a link to the generator from the kcfusion site above.

I made this tool for myself because I write a lot of components for other developers and the fastest way to bring them up to productivity with a custom tool, is to provide them with a tag editor that contains a help file. There are some added features in the web version of this tool:

1. Choose CF_, CFX_ or no prefix for your custom tag dialogue editor.
2. Create the same custom tag template as CF Studio's wizard does.
3. Create a tag editor for your custom tag.
4. Choose what control types are associated with each attribute value pair.
5. Enable content body editing for tags that have child or end tags.
6. Zips templates, editor's and readme instructions into an email attachment sent to you by the application.

I hope you all get as much use out of it as I had fun building it. If you have suggestion or bug reports, send them to blaplante@netwebapps.com.

Custom Tag Generator

[Top]

Presentation on CF and Flash a Sure Crowd-Pleaser

NYCFUG site

[Top]

Next Issue

[Top]

News

Web Development Giants Allaire and Adobe Partner

Web Development Giants Allaire and Adobe Partner to Enable Rapid Creation of Web Applications

Web Development Giants Allaire and Adobe Partner to Enable Rapid Creation of Web Applications (Yahoo! News)

Adobe and Allaire Join to Simplify Development of E-Businesses; ColdFusion Extension for GoLive is First of Many Joint Development Efforts (Yahoo! News)

Adobe and Allaire Join to Simplify Development of E-Businesses; ColdFusion Extension for GoLive is First of Many Joint Development Efforts (ZDii)

(Requires a login at Quote.com)

[Top]

Research Shows Buyers, Wall Street, Forcing Changes on E-Commerce Software Providers

Doculabs Research Shows That Buyers and Wall Street Forcing a Dramatic Turning Point For E-Commerce Software Providers

[Top]

iE Further Strengthens Its Synergistic Partnership With Allaire

iE Further Strengthens Its Synergistic Partnership With Allaire (Northern Light News Alert)

[Top]

MSDN Praises ColdFusion

ColdFusion and SQL Server

[Top]

Tech and Tags

What's new in the Tag Gallery

LightningMANAGER v3.5

Organize your business with our multi-functional, streamlined LightningMANAGER. This set of applications is perfect for companies of all shapes and sizes in need of simple and effective organizational tools. Our secure, cusomizable LightningMANAGER includes login and registration forms, Contact, Leads and Marketing Managers, a Scheduling system, E-mail client, setup wizard and online help documentation.

CF_Peanuts

Tag that uses CFHTTP and goes out to www.comics.com to get the daily Peanuts comic strip.

A EZwidget

EZwidget can build you a complete website or add database, shopping cart and secure e-commerce to your existing website.

3D picture

Applet to display a 3D image. The user can turn the image around with the mouse. The image is build by a serie of pictures discribing 360 degree of the article.

cf_xsltransform

Cold Fusion custom tag to transform XML to HTML using an XSL stylesheet. (NT only requires Microsoft XML parser)

Single Pixel Spacers

This is a collection of single pixel .gif's in each of the 216 browser safe hues, plus a transaprent .gif. Naming convention compresses each of the RGB values to a single character, thus giving the single pixel white (#FFFFFF) spacer a filename of "fff.gif"

CF_DumpClientVars

This tag shows you all of the client variables current in use on a particular CFID/CFTOKEN. It has the capability to hide/display in IE4, and just shows up in Netscape. Validates any WDDX data stored in Client variables and clearly indicates which data are WDDX packets.

CF_GOgraph

is a ColdFusion tag that include the functionnality of the GOgraph search engine into web site. With this tag people can bring a complete image search system to their site without a complete setup.

Intranet/Hosting Toolkit

The Intranet/Hosting Tookit is a set of CFX extension tags for Cold Fusion intended to fully support intranet and isp/hosting automation. The toolkit includes: CFX_UserManager, CFX_NFS, CFX_IIS, CFX_Services and CFX_NetworkTopology. It's also bundled with the FREEWARE CFX_GetUserGroups

Activescan

Activescan is a development tool for Allaire Cold Fusion® that allows clients to send images directly from their scanner to your web server. This makes it extremely simple for clients to publish photographs, hard copy documents, or anything else that can be scanned.

CF Compound Interest

Calculates compound interest.

cf_scc

cf_scc runs the strongly connected components algorithm using a randomly generated adjacency matrix or one you provide.

CF_EUL (Easy Unmarkup Language)

This Tag convert EUL to HTML or 'MAIL'. Convert internet addresses with their protocol (eg http://www.fruir.net) to HTML links. We can add a title, set a target, filter the protocols. Also we can choose the type of format.

cfx_DumpText

This allows the user to create a delimited text file from a CF query. It allows the user to specify the column delimiter as well as the text delimiter.

Task Tracking (Logistics) system

This is a fully functional task tracking (logistics) system. Users can add/edit/delete tasks, assign tasks to other users, generate emails at task completion and creation as well as many other built in features.

CF_HTPASSWD

CF_HTPASSWD is a CFML custom tag which runs on Unix, Solaris, or Linux operating systems that have the htpasswd executable and ColdFusion Server 4.5 or greater installed. It allows your ColdFusion applications to control the usernames and passwords in a password file, effectively letting you synchronize the user of a web server's directory-level security and ColdFusion application security and/or personalization.

Web Site Update Form

This application is useful to organizations, or webmasters that maintain several web sites, & are in need of one central location to gather web site update information. This application will route form mail to the proper web site administrator based on the site selected via dynamic drop down boxes.

passwordGenerator

Creates a password of given length comprised of letters and numbers.

CFX_Query2PDF

Query2pdf is an open source java-based CFX tag that takes a standard CF query, and creates a report in PDF format. Many options allow for extensive configurability.

JPFNews

JPFNews is an online newsroom Cold Fusion Custom Tag. It features a basic listing of news releases with the release date and heading. It also allows you to use a news release archive and specify how you want your releases archived, by date or number of news releases. If features a full featured administration that is password protected and allows you to add, edit, and delete your news releases. The program also allows you to customize all of the fonts used by font face, color, and size so that this newsroom will fit the look and feel of your site.

CF_IsLeapYear

Tests whether or not a given year is a leap year.

WebReview Has Fun with ColdFusion

Fun with ColdFusion (WebReview.com)

[Top]

Techniques

Custom Functions in ColdFusion (Part I)

Let's be honest here. ColdFusion is a great development tool and language with a lot of capability, but it's missing an important piece: the ability to write custom functions. I'm not talking about custom tags or extending ColdFusion's abilities with outside code. I'm referring to a function that can be used in a tag, can be used in other functions and can be outputted to a page. I want to be able to do IsEmail(email) and have it return a yes or no. ColdFusion can't do this.

Actually, ColdFusion can do this, but it's very ugly. Writing custom functions involves hacking the way ColdFusion evaluates variables. To do this, you need an intimate understanding of how ColdFusion evaluates variables, functions and expressions as well as a twisted imagination. Once you have this, hacking custom functions will be relatively easy.

Let's start with a single assumption. We want to take an email address and evaluate if it is 'proper.' That is, we want to see if it is formatted correctly with the proper extensions and lack of 'wrong' characters. After hours of fighting with Regular Expressions (or about two minutes looking through CF-Talk) you have your code.

<CFIF Not REFindNoCase('^([[:alnum:]][-a-zA-Z0-9_%\.]*)?[[:alnum:]]@[[:alnum:]][-a-zA- Z0-9%\>.]*\.[[:alpha:]]{2,}$',email)> <CFABORT showerror="Your email address is not formatted properly"> </CFIF>

Now what you really want to do is take all of that and make it into some sort of module. You don't want it to be a custom tag because a custom tag can't be used inside a function or inside a CF tag body. Additionally, you don't want to have to keep referring to that complex Regular Expression for each email check. The solution is to write the RegEx to a server variable in such a way that it can be called later along with some arbitary data--in other words, as a custom function.

Let's start by setting up our function generator. This is the code that will 'pre-load' our function library into server memory for use. It's set up with the proper locking and checks so that it will use as little page resources as possible.

<CFLOCK scope="SERVER" type="READONLY" timeout="5"> <!--- Only set server variables if they do not already exist ---> <CFIF Not IsDefined('Server.Custom')>   <!--- ALways exclusive lock when setting memory variables --->   <CFLOCK SCOPE="SERVER" TYPE="EXCLUSIVE" TIMEOUT="3">     <CFSET Server.Custom=1>     <!--- Return 0 if email is false or 1 if it is a proper address --->     <CFSET Server.IsEmail="REFindNoCase('^([[:alnum:]][-a-zA-Z0-9_%\.]*)?[[:alnum:]]@[[ :alnum:]][-a-zA-Z0-9%\>.]*\.[[:alpha:]]{2,}$','">     <CFSET Server.IsEmailEnd="')">     <!--- Returns 0 if number is not an US number, 1 otherwise --->     <CFSET Server.IsPhone="REFindNoCase('^([0-9]{3}[-_./]?)?[0-9]{3}[-_. /]?[0-9]{4}', '">     <CFSET Server.IsPhoneEnd="')">     <!--- returns a decimal number that can be used in place of an IP for site lookups --->     <CFSET Server.DotLessIP="(ListGetAt(SetVariable('dotlessipworkvar', '">     <CFSET Server.DotLessIPEnd="'), 1,'.')*16777216)+(ListGetAt(dotlessipworkvar, 2,'.')*65536)+(ListGetAt(dotlessipworkvar, 3,'.')*256)+(ListGetAt(dotlessipworkvar, 4, '.'))">   </CFLOCK> </CFIF> </CFLOCK>

1. Function 1: Check if an email address is properly formatted. Returns Boolean.
2. Function 2: Check if a phone number is properly formatted for American use. Returns Boolean.
3. Function 3: Turn an IP address into its decimal equivilent. Returns Number.

Lets return to our email address checking function and walk it through from a full function to a custom function. The importing thing here is the logic behind what we're doing. Once you have that, you can build custom functions on your own. Lets assume for this example a variable called email with a value of "mdinowitz@houseoffusion.com".

REFindNoCase('^([[:alnum:]][-a-zA-Z0-9_%\.]*)?[[:alnum:]]@[[:alnum:]][-a-zA- Z0-9%\>.]*\.[[:alpha:]]{2,}$',email)

This is the regular expression we want to make into a custom function

Evaluate("REFindNoCase('^([[:alnum:]][-a-zA-Z0-9_%\.]*)?[[:alnum:]]@[[:alnum :]][-a-zA-Z0-9%\>.]*\.[[:alpha:]]{2,}$',email)")

Start by turning the entire function into a string. The Evalaute() function will turn the string into a function and then evaluate it.

Evaluate("REFindNoCase('^([[:alnum:]][-a-zA-Z0-9_%\.]*)?[[:alnum:]]@[[:alnum :]][-a-zA-Z0-9%\>.]*\.[[:alpha:]]{2,}$','"&email&"')")

Knowing this, we can 'slice' the string up into smaller pieces and put them together inside the evaluate() function using simple concatenation.Pay attention to the order of operation within the Evaluate() function AND to the quotes used. Rather than have the email inside quotes, we use a small trick. At the end of the first part of the regex, we have an additional single quote that seems to be hanging. The same is at the beginning of the last segment of the RegEx. The email is totally without quotes and according to the order of operation inside functions, will be evaluated first. After it is evaluated, you'll have a text value that will be concatenated into the regex to look like this:

REFindNoCase('^([[:alnum:]][-a-zA-Z0-9_%\.]*)?[[:alnum:]]@[[:alnum:]][-a-zA- Z0-9%\>.]*\.[[:alpha:]]{2,}$','mdinowitz@houseoffusion.com')

Now take this to the last step. You have a string containing part of a regular expression. Another string containing the other part of the same expression and all it's expecting is a variable. If we load the two parts into variables as we did above, then we can call the whole thing like so:

Evaluate(Server.IsEMail&email&Server.IsEmailEnd)

This is the full custom function. The start of a RegEx, the variable to be manipulated and the end of the regex. Looks a little ugly, but works suprisingly well.

There's actually a lot more you can do beyond single variable functions. The third function in the library above actually uses a single variable multiple times. I'll wait a bit to explain that, as this technique may take some time to sink in. Within the next week or so I'll post how to use a single variable multiple times in a custom function and how to use multiple variables. Be warned. These are all hacks that work and work well, but are ugly. If you use a custom function, document it. Someone who dosn't know how they work will have an epileptic seizure trying to understand what's going on without it.

A final note. Many functions such as RegEx return numbers. These can be treated as if they give a yes/no result. If you want to return an actual yes or no response, try wrapping the entire custom function call inside a YesNoFormat() function.

<cfset email="mdinowitz@houseoffusion.com"> <cfset IP="207.31.122.140"> <CFOUTPUT>   #YesNoFormat(Evaluate(Server.IsEMail&email&Server.IsEmailEnd))#   #YesNoFormat(Evaluate(Server.Isphone&email&Server.IsPhoneEnd))#   #YesNoFormat(Evaluate(Server.Isphone&'951-3235'&Server.IsPhoneEnd))#   #Evaluate(Server.DotLessIP&IP&Server.DotLessIPEnd)# </CFOUTPUT>

Stay tuned for Part II, where Michael discusses more advanced types of custom functions.

[Top]

Security

Allaire Posts Revised Tags and Patches

If you're an ISP or customer hosting multiple ColdFusion applications on a single-server machine, downloading and enabling the first ColdFusion Security Patch listed on this page will prevent undocumented Administrative CFML tags and functions from executing on a server, as explained in Allaire Security Bulletin (ASB99-10). (NOTE: unless you are hosting multiple ColdFusion 3.12 or 4.01 applications on a single server machine, you DO NOT require this patch. This patch is for customers who allow .CFM files written by other developers to execute on their servers.)

The second patch, the ColdFusion Expression Evaluator Patch, fixes the known security issues explained in the Allaire Security Bulletin ASB99-01. This bulletin addresses the fact that one of the sample applications installed with ColdFusion Server, the Expression Evaluator, exposes the ability to read, upload, and delete files on the server. Allaire's patch will limit access to the Expression Evaluator to page requests made from the machine where it is installed.

As an additional measure of protection, Allaire recommends that customers not install (or remove existing) documentation, sample code, example applications and tutorials on production servers and secure access to these files on workstations.

Allaire Security Zone

[Top]

Allaire Security Bulletin (ASB00-23): Spectra 1.0.1: Workaround Available for Administrative Interface Security Issue

Allaire Security Bulletin ASB00-23

[Top]

Knowledge Base

Win2000/NT Users Get an Error When Trying to Launch HomeSite or Studio 4.5.1

Win2000/NT Users get an Error when trying to Launch HomeSite or Studio 4.5.1

[Top]

SiteMinder and MSSQL Services Load Dependencies

SiteMinder and MSSQL Services Load Dependencies

[Top]

Security Best Practice: Evaluating the Risks of Allowing Uploading and of Attached Files on Your Server

Security Best Practice: Evaluating the Risks of Allowing Uploading and of Attached Files on Your Server

[Top]

Stock

Forbes Article Lists Allaire as Budding Profit Maker

Survival Skills (Forbes.com)

[Top]

SmartMoney Picks Allaire

SmartMoney's Latest Picks

[Top]

Weekly Numbers

[Top]

All articles are for informational purposes only and do not constitute a suggestion to buy, sell, or in any way trade in any stock or securities.