adfVersion = "1.7.2"; adfFileVersion = "13"; // Initialize the RESET TYPE variable // Determine what kind of reset is needed (if any) adfResetType = ""; force = false; // Check if the ADF space exists in the SERVER and APPLICATION if ( NOT StructKeyExists(server, "ADF") ) { adfResetType = "ALL"; force = true; } else if ( NOT StructKeyExists(application, "ADF") ) { force = true; adfResetType = "SITE"; } // Setup the "Session.ADF" space if it doesn't exist for the users session if ( NOT StructKeyExists(session, "ADF") ) session.ADF = StructNew(); // Command to reset the entire ADF if( StructKeyExists(url,"resetADF") ) { adfResetType = "ALL"; } else { // Check the SERVER or SITE reset commands if(StructKeyExists(url,"resetServerADF") and StructKeyExists(url,"resetSiteADF")){ adfResetType = "ALL"; }else if(StructKeyExists(url,"resetServerADF")){ adfResetType = "SERVER"; }else if(StructKeyExists(url,"resetSiteADF")){ adfResetType = "SITE"; } } adfCore = createObject("component", "ADF.core.Core"); resetResults = adfCore.reset(adfResetType); adfDumpMsg = ""; if ( StructKeyExists(url,"ADFDumpVar")) { // Verify if the ADF dump var exists // [MFC] - Changed "isDefined" to "LEN" // [RAK] - 2010-11-01 - Fixing security issue with cfscript code being passed into the evaluate from any logged in user // [RAK] - 2011-06-02 - Added * to end of regular expression because it was only validating the first character instead of every character in the string // [DRM] = 2014-01-08 - Moved msg to cfhtmlhead, same reasoning as with reset msg above //Anything that is not a-z or 0-9 or '.' or '[' or ']' regularExpression = '[^a-z0-9\.\[\]]]*'; if ( Len(url.ADFDumpVar) GT 0 and !ReFindNoCase(regularExpression,url.ADFDumpVar) ) { utilsObj = CreateObject("component","ADF.lib.utils.utils_1_2"); // [GAC] 2014-05-27 - Added a security fix for the ADF dump var command adfDumpVarData = utilsObj.processADFDumpVar(dumpVarStr=url.ADFDumpVar,sanitize=true); // [GAC] 2014-05-27 - Dump the processed ADFdumpVar data if ( IsSimpleValue(adfDumpVarData) ) adfDumpMsg = utilsObj.dodump(adfDumpVarData, url.ADFDumpVar, true, true); else adfDumpMsg = utilsObj.dodump(adfDumpVarData, url.ADFDumpVar, false, true); } else { // 2012-01-10 - MFC - Added span tag with ID around the reset message. adfDumpMsg = "ADFDumpVar Failed : Variable '#url.ADFDumpVar#' does not exist."; } }