Bug Loading Scripts for CFFileUpload and CFMediaPlayer
It has recently come to my attention that there are some hard coded references to
/CFIDE/scripts/ in some of the JS files that are used by the new (in CF9) tags
CFMediaPlayer. The tags will work just fine if you are serving scripts from
/CFIDE/scripts but if you have changed the location of
/CFIDE/scripts/ for security reasons - then you will experience some errors when trying to use these tags.
#83328 was logged for this issue in June 2010 in the ColdFusion Bug Tracker, please vote it up.
The workaround for
CFFileUpload on ColdFusion 9.0.1 is pretty simple, I would imagine that the workaround for
CFMediaPlayer is just as easy.
Edit the file
/CFIDE/scripts/ajax/package/cffileupload_swf.js, and change the following lines:
$FS.defaultSWFLocation="/CFIDE/scripts/ajax/resources/cf/assets/MultiFileUpload.swf"; var defaultAddIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/addfile.png"; var defaultUploadIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/upload.png"; var defaultClearIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/clear.gif"; var defaultDeleteIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/delete.png";
$FS.defaultSWFLocation=_cf_ajaxscriptsrc+"/resources/cf/assets/MultiFileUpload.swf"; var defaultAddIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/addfile.png"; var defaultUploadIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/upload.png"; var defaultClearIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/clear.gif"; var defaultDeleteIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/delete.png";
_cf_ajaxscriptsrc was defined on the page before the
script tag loads
cffileupload_swf.js and it contains whatever value you have setup in the ColdFusion Administrator for the Default ScriptSrc path with
ajax appended to the end.
- New HackMyCF Features - October 24, 2013
- Changing the ColdFusion CFIDE Scripts Location - January 10, 2011
- Is your ColdFusion Administrator Actually Public? - April 28, 2010
- Howto Require SSL for ColdFusion Administrator - October 23, 2009
- Why is my cron.daily script not running?
- Announcing FuseGuard Version 3
- CFSummit 2017
- Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
- Java 9 Security Enhancements
- Upcoming CFML Conferences in April 2017
- CFSummit 2016 Slides
- Securing Legacy CFML - dev.Objective() 2016 Slides