Bug Loading Scripts for CFFileUpload and CFMediaPlayer
It has recently come to my attention that there are some hard coded references to
/CFIDE/scripts/ in some of the JS files that are used by the new (in CF9) tags
CFMediaPlayer. The tags will work just fine if you are serving scripts from
/CFIDE/scripts but if you have changed the location of
/CFIDE/scripts/ for security reasons - then you will experience some errors when trying to use these tags.
#83328 was logged for this issue in June 2010 in the ColdFusion Bug Tracker, please vote it up.
The workaround for
CFFileUpload on ColdFusion 9.0.1 is pretty simple, I would imagine that the workaround for
CFMediaPlayer is just as easy.
Edit the file
/CFIDE/scripts/ajax/package/cffileupload_swf.js, and change the following lines:
$FS.defaultSWFLocation="/CFIDE/scripts/ajax/resources/cf/assets/MultiFileUpload.swf"; var defaultAddIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/addfile.png"; var defaultUploadIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/upload.png"; var defaultClearIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/clear.gif"; var defaultDeleteIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/delete.png";
$FS.defaultSWFLocation=_cf_ajaxscriptsrc+"/resources/cf/assets/MultiFileUpload.swf"; var defaultAddIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/addfile.png"; var defaultUploadIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/upload.png"; var defaultClearIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/clear.gif"; var defaultDeleteIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/delete.png";
_cf_ajaxscriptsrc was defined on the page before the
script tag loads
cffileupload_swf.js and it contains whatever value you have setup in the ColdFusion Administrator for the Default ScriptSrc path with
ajax appended to the end.
- New HackMyCF Features - October 24, 2013
- Changing the ColdFusion CFIDE Scripts Location - January 10, 2011
- Is your ColdFusion Administrator Actually Public? - April 28, 2010
- Howto Require SSL for ColdFusion Administrator - October 23, 2009
- What is the difference between ASCII Chr(10) and Chr(13)
- Fixinator and Foundeo Security Bundle
- Running CFML on AWS Lambda with FuseLess Slides
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token