Copy link to clipboard
Copied
For the life of me I can't locate a script I once came across that prevented CFINCLUDE files from being directly accessed.
Does anyone have something along these lines?
Copy link to clipboard
Copied
<cfif StructKeyExists(variables, "some variable from the page including this template">
code
<cfelse>
error handling
</cfif>
Copy link to clipboard
Copied
Thanks Dan, that certainly works, and is similar to what I currently do.
I just thought I recall seeing some form of ColdFusion function that specifically generated an error if the file was not being included via CFINCLUDE.
Copy link to clipboard
Copied
IIRC you can put the includes into a directory(ies) outside of the web root so that they can not be accesssed directly from a browser.
But I always have to double check myself on the differences between includes, custom tags, modules and components and who can easily be in outside directories and who can't and which need mappings and which not.
HTH
Ian
Copy link to clipboard
Copied
Shouldn't be too hard to roll your own. You can use getBaseTemplatePath() or getCurrentTemplatePath() to detect what the parent/current CF template is. If the two functions match up, throw an error.
Copy link to clipboard
Copied
Although you got your answer, u can also try something like this:
<cfif listlast(cgi.script_name, "/") eq "admin.cfm">
<cflocation url="index.cfm?action=config" addtoken="no">
</cfif>