Copy link to clipboard
Copied
We found an issue related to the FORM submission in CF11. If the action attribute is not specified in the cfform tag, it does not generate the action using the current URL(Query-string values containing specific text are getting truncated ) .
For example :
sample URL : http://test.com/admin/index.cfm?page=test&prod=12 , in the given URL having the value 'prod' , after submiting this form , this URL will be showed like this - http://test.com/admin/index.cfm? with out query string values.
How can we resolve this issue in CF11 . Please advise.
Thanks in advance
Great example. Quite right: it appears to be a bug.
I can confirm your findings. Using the test I suggested yesterday, I obtained the following query strings:
Before submission: ?page=test&view=yes&prod=12
After submission: ?page=test
Before submission: ?page=test&view=yes&prdo=12
After submission: ?page=test&view=yes&prdo=12
Before submission: ?page=test&prod=12&view=yes
After submission: ?view=yes
Before submission: ?page=test&prdo=12&view=yes
After submission: ?page=test&prdo=12&view=yes
The behavi
...Copy link to clipboard
Copied
That is the expected behaviour, I should think. You have very likely submitted the form to http://test.com/admin/index.cfm. If you then enter http://test.com/admin/index.cfm?page=test&prod=12 into the browser's address field, how is Coldfusion to know about the query-string? It cannot.
In other words, for the form to submit to http://test.com/admin/index.cfm?page=test&prod=12, the client must first have opened the form page using this same URL.
Copy link to clipboard
Copied
When you submit the form (assuming you haven't set the "method" attribute to "POST"), the form fields will be converted into a URL query string. If you've put a URL with a query string into the form's "action" attribute, likely the form field values will be converted to a query string and swapped out with your URL query string during form submission, thus appearing to "truncate" the original query string.
If you want some URL parameters to be added to the form field data, store those values in hidden form fields so they get built into the new query string when the form is submitted.
-Carl V.
Copy link to clipboard
Copied
@Carl
Just to say it's about <cfform>. By default, assuming no method specified, <cfform> does a 'post' action.
Copy link to clipboard
Copied
@BKBK
You're right. I didn't realize that <cfform> does the exact opposite of <form> in this regard - <form> defaults to GET and <cfform> defaults to POST. So it looks like <cfform> strips off url parameters when it does a POST submit. This might be a bug, but I'm not sure.
However, I would suggest not trying to send both URL parameters and FORM data in the same form submittal. That's kind of "code smell". Rather, as I suggested, put the URL parameters into hidden form fields so they become part of the POST payload. On the server side, change references to URL.page and URL.prod to FORM.page and FORM.prod respectively.
As a somewhat-related side note, most ColdFusion MVC frameworks combine the URL and FORM scopes into a single request-scope variable (commonly a structure called "rc" which contains key/value pairs of the URL/FORM data as well as storing additional data passed by controller processing). Even if you don't use an MVC framework, it is a not uncommon practice to append the URL scope onto the FORM scope (or vice-versa) in the onRequest() method of Application.cfc. Here's how I do it (I think I originally stole this from someone else's blog post, possibly Raymond Camden or Ben Nadel):
<!--- Merge FORM and URL scopes together into FORM to simplify variable
scoping and to guarantee FORM scope is available. --->
<cfparam name="form" type="struct">
<cfif IsDefined('URL')>
<cfset StructAppend(form, URL)>
</cfif>
Now, all form data will be available in the FORM scope, regardless of whether it was sent via GET (url parameters) or POST (form data). That can simplify your code as you can simply refer to all data incoming from forms or links as FORM.whatever. Alternatively, you could merge the data into a request scope variable like the MVC frameworks:
<!--- Merge FORM and URL scopes together into request variable to simplify variable
scoping. --->
<cfparam name="request.rc" type="struct">
<cfif IsDefined('URL')>
<cfset StructAppend(request.rc, URL)>
</cfif>
<cfif IsDefined('FORM')>
<cfset StructAppend(request.rc, FORM)>
</cfif>
Now any data passed in from forms or links can be accessed as request.rc.whatever.
-Carl V.
Copy link to clipboard
Copied
Poster, 2_Coldfusion, says there is no query-string after <cfform> is submitted. Hence, there will be no URL variables.
As I said earlier, <cfform> will submit to http://test.com/admin/index.cfm?page=test&prod=12 if you enter the form page by means of http://test.com/admin/index.cfm?page=test&prod=12, to start with, instead of http://test.com/admin/index.cfm. That is, if the referrer URL of the form page already contains the query string.
Suggested test:
<a href="http://test.com/admin/index.cfm">Form page URL without query-string</a><br>
<a href="http://test.com/admin/index.cfm?page=test&prod=12">Form page URL with query-string</a>
<cfform>
<cfinput name="txt" type="text" value="Some text">
<cfinput name="sbmt" type="submit" value="send">
</cfform>
<cfdump var="#form#" label="Form">
<cfdump var="#url#" label="url">
Copy link to clipboard
Copied
Hi All,
My issue is that ,the truncation of Qurey string doesnot occur in all cases .
Case 1 (Truncation happening 😞
Example :
URL Before form submission : - http://test.com/admin/index.cfm?page=test&prod=12&view=yes
URL After form submission : - http://test.com/admin/index.cfm?view=yes
As the above example the text 'page=test' and 'prod=2' seems to be deleted .
Case 2 ( No truncation):
Example :
URL Before form submission : - http://test.com/admin/index.cfm?page=test&view=yes
URL After form submission : - http://test.com/admin/index.cfm?page=test&view=yes
Copy link to clipboard
Copied
Great example. Quite right: it appears to be a bug.
I can confirm your findings. Using the test I suggested yesterday, I obtained the following query strings:
Before submission: ?page=test&view=yes&prod=12
After submission: ?page=test
Before submission: ?page=test&view=yes&prdo=12
After submission: ?page=test&view=yes&prdo=12
Before submission: ?page=test&prod=12&view=yes
After submission: ?view=yes
Before submission: ?page=test&prdo=12&view=yes
After submission: ?page=test&prdo=12&view=yes
The behaviour is so strange you should at least report it to the Coldfusion bug database.
Copy link to clipboard
Copied
OK. Now I have reported this to the ColdFusion bug database .
Copy link to clipboard
Copied
Thanks. I have voted for it (bug # 3861951)
Copy link to clipboard
Copied
Looks like this issue occurs when the URL contains any HTML character entity, not just &prod
I've voted and added a comment on the ticket.
Thanks!,
-Aaron
Copy link to clipboard
Copied
@Aaron
Thanks. It is indeed pointing strongly to HTML character entities, though some, like &comma and &equals, work OK. Weird.
Copy link to clipboard
Copied
Thank you all for supporting this issue.