I'm very new to ColdFusion (this is my second day dealing with it) and I am implementing a simple HTML page. I have a feedback form on this page and when the user hits submit, I want to email the contents of the form to myself. I have to do it using cfmail.
To try it out before I implemented it, I created the following cfmail.cfm file:
<cfmail from="#form.from#" to="myemailaddress" type="html">
Some text
</cfmail>
and passed the name of the file to the action attribute of my form. Every time I click submit on my form, it just opens the above file.
All the examples I find online pretty much show the same thing, but obviously I'm way off here.
Am I using cfmail in the wrong manner?
Thanks in advance for your help!
Just like Evik said in the comments, add a subject because it is a required field for the cfmail tag.
<cfmail to="#form.mailto#" from="#form.mailFrom#" subject="#form.subject#">
#form.body#
</cfmail>
Also check the mail settings in the ColdFusion administrator under Setting > Mail. There is also a mail log in the administrator you can check.
I recommend using Adobe online docs for ColdFusion. I referrer to it almost daily, they are great.
Here is a link to the cfmail for CF8 but at the bottom it links to other version.
http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_m-o_01.html
If it's just opening the file and not throwing a ColdFusion error (which it should do without the subject) then you most likely have a problem in your ColdFusion installation or more likely in the setup of your development web server is not handling the cfm scripts (IIS or Apache depending on the platform).
Related
I have a created an Html body for a mail and I am sending the mail via Power Automate Flow.
In the html if I just give the link like href='C:\WINDOWS\system32\mstsc.exe' then it is opening the the remote desktop application but if I try to pass the argument as well like href='C:\WINDOWS\system32\mstsc.exe -v:<Server name>', it is giving me error saying Could find 'C:\WINDOWS\system32\mstsc.exe -v:<Server name>'
Does anyone know if there is a way to do so via html mail or any other way?
In HTML you can pass links but the links aren't necessarily intended to be able to run files like the way you are looking for. You are looking for a way to run an executable with parameters which is a major security risk and so technically there really isn't a documented way to do that. But I recommend you check this out HTML hyperlink to call exe with parameters
I'm getting this chrome flag when trying to post and then get a simple form.
The problem is that the Developer Console shows nothing about this and I cannot find the source of the problem by myself.
Is there any option for looking this at more detail?
View the piece of code triggering the error for fixing it...
The simple way for bypass this error in developing is send header to browser
Put the header before send data to browser.
In php you can send this header for bypass this error ,send header reference:
header('X-XSS-Protection:0');
In the ASP.net you can send this header and send header reference:
HttpContext.Response.AddHeader("X-XSS-Protection","0");
or
HttpContext.Current.Response.AddHeader("X-XSS-Protection","0");
In the nodejs send header, send header reference :
res.writeHead(200, {'X-XSS-Protection':0 });
// or express js
res.set('X-XSS-Protection', 0);
Chrome v58 might or might not fix your issue... It really depends to what you're actually POSTing. For example, if you're trying to POST some raw HTML/XML data whithin an input/select/textarea element, your request might still be blocked from the auditor.
In the past few days I hit this issue in two different scenarios: a WYSIWYG client-side editor and an interactive upload form featuring some kind of content preview. I managed to fix them both by base64-encoding the raw HTML before POSTing it, then decoding it on the receiving PHP page. This will most likely fix the issue and, most importantly, increase the developer's awareness level regarding the data coming from POST requests, hopefully pushing him into adopting effective data encoding/decoding strategies and strengthen their web application from XSS-type attacks.
To base64-encode your content on the client side you can either use the native btoa() function, which is supported by most browsers nowadays, or a third-party alternative such as a jQuery plugin (I ended up using this, which worked ok).
To base64-decode the POST data you can then use PHP's base64_decode(str) function, ASP.NET's Convert.FromBase64String(str) or anything else (depending on your server-side scenario).
For further info, check out this blog post that I wrote on the topic.
In this case, being a first-time contributor at the Creative forums, (some kind of vBulletin construct) and reduced to posting a PM to the moderators before forum access it is easy for one to encapsulate the nature of the issue from the more popular answers above.
The command was
http://forums.creative.com/private.php?do=insertpm&pmid=
And as described above the actual data was "raw HTML/XML data within an input/select/textarea element".
The general requirement for handling such a bug (or feature) at the user end is some kind of quick fixit tweak or twiddle. This post discusses the option of clearing cache, resetting Chrome settings, creating a new_user or retrying the operation with a new beta release.
It was also suggested that one launches a new instance with the following:
google-chrome-stable --disable-xss-auditor
The launch actually worked in this W10 1703 Chrome 061 edition after this modified version:
chrome --disable-xss-auditor
However, on logging back in to the site and attempting the post again, the same error was generated. Perhaps the syntax wants refining or something else is awry.
It then seemed reasonable to launched Edge and repost from there, which turned out to be no problem at all.
This may help in some circumstances. Modify Apache httpd.conf file and add
ResponseHeader set X-XSS-Protection 0
It may have been fixed in Version 58.0.3029.110 (64-bit).
I've noticed that if there is an apostrophe ' in the text Chrome will block it.
When I update href from javascript:void(0) to # in the page of POST request, it works.
For example:
login
Change to:
login
I solved the problem!
In my case when I make the submmit, I send the HTML to the action and in the model I had a property that accept the HTML with "AllowHTML".
The solution consist in remove this "AllowHTML" property and everything go OK!
Obviously I no longer send the HTML to the action because in my case I do not need it
It is a Chrome bug. The only remedy is to use FireFox until they fix this Chrome bug. XSS auditor trashing a page, that has worked fine for 20 years, seems to be a symptom, not a cause.
recently i have been trying to so make a contact form work and i finally did after hours of struggle.
http://trulyamped.com/democon/contact2.php
This contact form works perfectly and the email gets sent to my account.
The only thing i wanted to know was how do i make the contact form work in an .html file. I do not want it to be in a .php file. I already tried to save the file as an .html file but it did not work. Please let me know.
so pretty much i want it to be contact2.html and still be able to work.
First of all, why does it matter?
But assuming for a moment that it does matter, you probably have a couple of options. They depend on where your code resides and what it currently does. If the page has PHP code that needs to execute server-side then it needs to be processed by the PHP interpreter server-side. To do that with an HTML file you'd need to configure the server to treat .html files just like .php files for server-side processing. This isn't ideal, though. HTML by itself doesn't need to be run through the PHP interpreter. So it's best to keep the PHP and HTML files separate.
Another option could simply be to separate the client-side HTML form and the server-side PHP code into two separate files. Something like contact.html and contactProcessor.php. In the HTML file you'd just post to the PHP file in the form. Something like this:
<form action="contactProcessor.php" method="post">
This would cause the form to post the data to the PHP file. Then the PHP file can process the data, do whatever you're currently doing server-side, and redirect the user to another HTML file as a response. So at no point would the user be "viewing" a PHP file. There's just be one used to handle the form post.
Again, I can't imagine why it matters though.
You would need to create a 2nd page that only has the email processing logic, let's call that email.php you could then update your form to post to email.php and change this page to be contact2.html as long as it posts to a .php file it will work.
<form id="contact-us" action="email.php" method="post">
Your bet is to use AJAX for the main form but will still need a server side script page to handle the mail sending. As far as I know, it's not possible to send mails from the client side.
So
Have the PHP page that actually sends the mail in a separate script file
Create your form in HTML and use AJAX to call the mail sending script from within your HTML page.
This way you can have your page in html and do the mail sending at the background.
Regarding saving your page with .html extension, of course it wouldn't work. Because your page contains PHP which is server-side and needs a web server to run, while html can be run on any simple browser on any device.
From the google site, I cam across a code that lets me display the recaptcha box. Although I must admit I have only started html today and hence, have no basics at all. The site does not have a verify code in html although it does in jsp and I dont know how to link it all since data from the html went to the servlet.
https://developers.google.com/recaptcha/docs/verify
specifis a list of parameters to be 'posted'
I am using Tomcat 7 and no Spring.
My doubts:
Can I have multiple forms in an html file
How do i send parameters from the precious form to the second form?
How do I link a jsp file that will verify it to be run through the java class invoked by the html file
How do I get the user (accessing my app through a local server) remote IP address?
Got sorted out. Since I did not understand the problem in that, I proceeded to simple captcha itself. I must admit I feel like a fool saying I din't know html/jsp. The second day it was all so clear. I must have been positively psyched. Unwilling to see the not working code again, I started fresh.
Answers :
I can have multiple forms in a html
as set and get parameter as a session and request functions respectively.
through a form itself or response.sendredirect("")
Remote address class and methods.
I have drupal 7 installed on my live server. I want to edit the default text emails to Html emails which are present in user.module file. I tried changing the core file, deleted cache, deleted browser cache, but it does not work. I have also changed the permission to 777, but it did not work.
I know it is not a good idea to change the default core files, but is it possible to change the drupal core files ??
Thanks
Update
I have installed Html mail module, and i can change the look of the html, however i wish to change the actual text of the default emails.
Update 2
As mentioned in the answer below, i tried checking the the settings page in Drupal, however i could not get the forget password email and new comment email text. Is it possible to add this or edit this using the HTML mail module??
It is really simple.
Goto http://www.yourdomain.com/admin/config/people/accounts/settings
There is an "Emails" section in which you can edit all emails sent by the core user module.
Add HTML Mail module to be sure that Drupal will add the good headers and you are done !
It's definitely possible, at the end of the day the Drupal core files are just plain old PHP. While it's an extremely bad idea to hack core files (it sounds like you already know why) all you'd need to do is change the code to do what you want it to do.
The good news though is that someone has already written a module to do what you want: HTML Mail.
This module allows you to theme emails leaving the system as you would theme a normal Drupal site, and replaces the outgoing emails with those HTML versions per your settings.
All the emails are being sent from the system and the content is editable as we want. To stylize the emails, i am using html mail module as suggested by CLive.
The new account creation, account cancellation emails can be found in "Account settings" page when you login as a admin.
All other emails are set from "Actions" settings page.
I could use html tags in the emails content, i think it worked because i was using html mail module.
I hope this comment helps someone trying to change the core email content from drupal.