Bug Loading Scripts for CFFileUpload and CFMediaPlayer
By Pete Freitag
It has recently come to my attention that there are some hard coded references to
/CFIDE/scripts/ in some of the JS files that are used by the new (in CF9) tags
CFMediaPlayer. The tags will work just fine if you are serving scripts from
/CFIDE/scripts but if you have changed the location of
/CFIDE/scripts/ for security reasons - then you will experience some errors when trying to use these tags.
#83328 was logged for this issue in June 2010 in the ColdFusion Bug Tracker, please vote it up.
The workaround for
CFFileUpload on ColdFusion 9.0.1 is pretty simple, I would imagine that the workaround for
CFMediaPlayer is just as easy.
Edit the file
/CFIDE/scripts/ajax/package/cffileupload_swf.js, and change the following lines:
$FS.defaultSWFLocation="/CFIDE/scripts/ajax/resources/cf/assets/MultiFileUpload.swf"; var defaultAddIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/addfile.png"; var defaultUploadIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/upload.png"; var defaultClearIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/clear.gif"; var defaultDeleteIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/delete.png";
$FS.defaultSWFLocation=_cf_ajaxscriptsrc+"/resources/cf/assets/MultiFileUpload.swf"; var defaultAddIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/addfile.png"; var defaultUploadIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/upload.png"; var defaultClearIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/clear.gif"; var defaultDeleteIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/delete.png";
_cf_ajaxscriptsrc was defined on the page before the
script tag loads
cffileupload_swf.js and it contains whatever value you have setup in the ColdFusion Administrator for the Default ScriptSrc path with
ajax appended to the end.
Bug Loading Scripts for CFFileUpload and CFMediaPlayer was first published on September 02, 2011.
If you like reading about cfide, scripts, cffileupload, cfmediaplayer, or security then you might also like:
- New HackMyCF Features
- Changing the ColdFusion CFIDE Scripts Location
- Is your ColdFusion Administrator Actually Public?
- Howto Require SSL for ColdFusion Administrator
The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.