cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

How to prevent CFINCLUDES from being accessed directly?

bentdesigns
Participant ,
Apr 27, 2009 Apr 27, 2009

Copy link to clipboard

Copied

For the life of me I can't locate a script I once came across that prevented CFINCLUDE files from being directly accessed.

Does anyone have something along these lines?

TOPICS
Advanced techniques

Views

750

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
Dan_Bracuk
LEGEND ,
Apr 27, 2009 Apr 27, 2009

Copy link to clipboard

Copied

<cfif StructKeyExists(variables, "some variable from the page including this template">

code

<cfelse>

error handling

</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
bentdesigns
Participant ,
Apr 27, 2009 Apr 27, 2009

Copy link to clipboard

Copied

In Response To Dan_Bracuk

Thanks Dan, that certainly works, and is similar to what I currently do.

I just thought I recall seeing some form of ColdFusion function that specifically generated an error if the file was not being included via CFINCLUDE.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
ilssac
Valorous Hero ,
Apr 27, 2009 Apr 27, 2009

Copy link to clipboard

Copied

In Response To bentdesigns

IIRC you can put the includes into a directory(ies) outside of the web root so that they can not be accesssed directly from a browser.

But I always have to double check myself on the differences between includes, custom tags, modules and components and who can easily be in outside directories and who can't and which need mappings and which not.

HTH

Ian

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
insuractive
Advocate ,
Apr 27, 2009 Apr 27, 2009

Copy link to clipboard

Copied

In Response To ilssac

Shouldn't be too hard to roll your own.  You can use getBaseTemplatePath() or getCurrentTemplatePath() to detect what the parent/current CF template is.  If the two functions match up, throw an error.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
newchickinCF
Explorer ,
Apr 30, 2009 Apr 30, 2009

Copy link to clipboard

Copied

LATEST

Although you got your answer, u can also try something like this:

<cfif listlast(cgi.script_name, "/") eq "admin.cfm">
  <cflocation url="index.cfm?action=config" addtoken="no">
</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices