I'm using Coldfusion Fusebox 3 and I would like to know how I can keep my app from throwing an error message if someone thoughtlessly removes the Circuit and fuseaction from the URL.
For example, if the original URL is:
...and someone removes the circuit information so it reads like the following: http://www.noname/Intranet/index.cfm?fuseaction=
...the app throws an error message. Can I code against something like this happening?
Here is my fbx_Settings.cfm file as it exists right now. Thank you.
<!--- In case no fuseaction was given, I'll set up one to use by default. --->
<cfparam name="attributes.fuseaction" default="Login.showLoginForm">
<!--- useful constants --->
<cfparam name="request.self" default="index.cfm">
<!--- should fusebox silently suppress its own error messages? default is FALSE --->
<cfset fusebox.suppresserrors = false>
What I've always done in cases like this is .. and assuming the URL vanished due to "malicious intent"; I do a
<cfif trim(url.whatever) is "">
if I am expecting an integer I do a <cfif not isnumeric()>
But then again, I always parse URL's looking for injections prior to sending to the stored procedure to run the query. If that is the next step.
Does that help?
I briefly used fusebox 3 several years back when I first learned of FB. I use 5.5.1 now but I have found the build in error handler to be difficult to deal with, particularly when dealing with missing circuits or syntax error in the circuit xml files. What I have done is to use CFERROR in the application.cfm (or .cfc) file and then structure the error page to be stand-alone and included whatever fuses necessary to execute error free. This may take some redesigning of some of the initialization logic for the request, session or application scoped global variables, but it's worth it.
If you have not already done so, you may want to post your question on a fusebox forum, especially since it deals with an old version of FB.