Prior to ColdFusion MX 7, it was possible to redirect control to a different CFML/HTML template using the cflocation tag and passing encrypted data in the URL string.
Beginning with ColdFusion MX 7, the following error occurs instead:
ColdFusion was unable to perform the CFLOCATION operation. Location URL cannot contain (carriage return) CR or (line feed) LF characters
The ColdFusion encrypt function will generate an encrypted string that will contain carriage return (CR) and line feed (LF) characters, which is considered a security hole (see Additional Information section below). For this reason, beginning with ColdFusion MX 7, cflocation will no longer allow URL's to contain CR and/or LF characters.
The following example will not work with ColdFusion MX 7.
template1.cfm ---------------<cfset docid = encrypt("12345","password")><cflocation url="templatec2.cfm?docid=#urlencodedformat(docid)#" addtoken="Yes">
template2.cfm ---------------<cfset docid = decrypt(url.docid,"password")><cfoutput>docid=#docid#</cfoutput>
Instead of passing encrypted data from one ColdFusion template to another using URL variables appended to the URL specified in thecflocation tag, save the data to an Application, Client or Session variable (whichever makes sense for the data at hand) on the originating template and then read it out on the target template.
Keywords:
46ba02fd
Twitter™ and Facebook posts are not covered under the terms of Creative Commons.
