Pete Freitag Pete Freitag

Bug Loading Scripts for CFFileUpload and CFMediaPlayer


It has recently come to my attention that there are some hard coded references to /CFIDE/scripts/ in some of the JS files that are used by the new (in CF9) tags CFFileUpload and CFMediaPlayer. The tags will work just fine if you are serving scripts from /CFIDE/scripts but if you have changed the location of /CFIDE/scripts/ for security reasons - then you will experience some errors when trying to use these tags.

Bug #83328 was logged for this issue in June 2010 in the ColdFusion Bug Tracker, please vote it up.

The workaround for CFFileUpload on ColdFusion 9.0.1 is pretty simple, I would imagine that the workaround for CFMediaPlayer is just as easy.

Edit the file /CFIDE/scripts/ajax/package/cffileupload_swf.js, and change the following lines:

var defaultAddIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/addfile.png";
var defaultUploadIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/upload.png";
var defaultClearIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/clear.gif";
var defaultDeleteIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/delete.png";

To this:

var defaultAddIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/addfile.png";
var defaultUploadIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/upload.png";
var defaultClearIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/clear.gif";
var defaultDeleteIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/delete.png";

The JavaScript variable _cf_ajaxscriptsrc was defined on the page before the script tag loads cffileupload_swf.js and it contains whatever value you have setup in the ColdFusion Administrator for the Default ScriptSrc path with ajax appended to the end.

Like this? Follow me ↯

Bug Loading Scripts for CFFileUpload and CFMediaPlayer was first published on September 02, 2011.

If you like reading about cfide, scripts, cffileupload, cfmediaplayer, or security then you might also like:

FuseGuard Web App Firewall for ColdFusion

The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.