Copy link to clipboard
Copied
Hi,
I am using cfparam in the following fashion.
<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">
Basically I am trying to whitelist the sort_col variable to one of these in the pattern. Later in my code values come in from a form where I set this value. My assumption was that if i tried to set it to something other than one of the values in the pattern then it would crash out. This doesnt seem to be the case though. It gets set to whatever comes in via the form. Can anyone confirm this?
Regards,
Paul
Hi Paul,
It only executes the pattern validation on the line of code where cfparam is located.
So the following will cause an error as you expect:
<cfset sort_col = "Bacon">
<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">
However, this sequence will not cause an error:
<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">
<cfset sort_col = "Bacon">
Because the validation only runs a
...Copy link to clipboard
Copied
Hi Paul,
It only executes the pattern validation on the line of code where cfparam is located.
So the following will cause an error as you expect:
<cfset sort_col = "Bacon">
<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">
However, this sequence will not cause an error:
<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">
<cfset sort_col = "Bacon">
Because the validation only runs at the cfparam tag, not each time you set the variable.
--
Pete Freitag
Copy link to clipboard
Copied
Thanks Pete. Have gone the switch route now to do some sort of whitelisting.