Copy link to clipboard
Copied
Hello,
I've noticed that cfparam and IsValid accepts a list of integers as a valid value when type="integer" is specified. Is this a bug, or the expected behavior?
Example:
I have a code like this on my pages to check the values passed,
<cftry>
<cfparam name="url.n" default="1" type="integer">
<cfcatch>
<cflocation url="error.cfm" addtoken="no">
</cfcatch>
</cftry>
And also tried:
<cfif NOT IsDefined("url.n") OR NOT IsValid("integer",url.n)><cflocation url="error.cfm" addtoken="no"></cfif>
In both cases, if I pass an url value like n=4 or n=string, it works as expected. With n=4, n passes the check, and the rest of the page is executed. With n=string, a string is detected and a redirection to error.cfm is called.
But, if I pass an url value like n=4,14 then n passes the checks and the rest of the page is executed... ???
Using CF 8.01 over CentOS.
I've have found this old thread while cleaning my mail... just a fast update: never received a bug id, but on ColdFusion 2016 the issue seems to have been solved (I suppose it was on an earlier version, but CF2016 is where I have just checked) and <cfdump var="#isValid('integer','1,2,3')#">
returns NO, as expected.
Copy link to clipboard
Copied
This
<cfdump var="#isValid('integer','1,2,3')#">
give me YES.
To me, that's an unexpected result. Also, the docs don't mention anything about this. I recommend that you submit a bug report.
Copy link to clipboard
Copied
Agreed.
I was somewhat surprised that CF can't do this fairly fundamental sort of validation correctly.
If you raise the issue & let us know the URL / bug ID, I'll go vote for it.
--
Adam
Copy link to clipboard
Copied
Dan, Adam, thanks for your replies.
I also was so surprised that I was afraid that it was a "feature", not an error. I've submited a bug report form, I'll post the ID if accepted.
Thanks, best wishes,
Copy link to clipboard
Copied
Helllo,
actually I got the same problem and try to find out if this is a bug or a feature.
If this is a bug, is a bug id available.
I found no bug with isvalid and integer in the bugtracker(http://cfbugs.adobe.com)
My investigations has the following results.
- In CF6 it is false
- <cfparam name="list" type="integer"> also returns true
- 3,1,5 is also an integer and int(3,1,5) give a cfusion time value38412 (01.03.2005[DD.MM.YYYY])
at first I thought CF9 switch the list into a datetimevalue and this is an integer, but the list 3,5,7,12,456,222,.... is also an integer.
This is a big problem for websites, that check a url variable for integer.
All of my <cfparam type="integer" name="url.number"> does not work anymore.
Thanks for the help
AA
Copy link to clipboard
Copied
I've have found this old thread while cleaning my mail... just a fast update: never received a bug id, but on ColdFusion 2016 the issue seems to have been solved (I suppose it was on an earlier version, but CF2016 is where I have just checked) and <cfdump var="#isValid('integer','1,2,3')#">
returns NO, as expected.
Copy link to clipboard
Copied
Thanks for reporting back.
Please mark your post as the answer to close this thread.
Cheers
Eddie
Copy link to clipboard
Copied
Hi Eddie, I can find no 'Correct' option anywhere on my last post,,, Also, there is not "This question is Not Answered" on my original post. Perhaps the thread is too old to have that features active?
Copy link to clipboard
Copied
How strange. Maybe it is, as you say, because of the age of the thread.
Is it possibly hidden in the "Actions" list at the bottom-left of the post?
If not then I guess there is nothing that can be done.
Cheers
Eddie
Copy link to clipboard
Copied
Nope, neither is on the 'Action' menu... well, as actually nobody should notice that issue, I suppose it doesn't mind a lot
Regards,
Copy link to clipboard
Copied
I think after a certain age of a post, only moderators can re-mark them as questions. I did that, and marked your earlier reply as the correct answer.
Thank you,-Carl V.