Recently we ran into several situations where we needed to lay out content either vertically or horizontally based on data available at run-time. In an effort to keep the conditional processing to a minimum and accomplish this goal, Chafic and I came up with a technique where we store the current position as properties of an object, and based on orientation set two variables, changeTarget and changeSource, to determine how to change the position at each iteration without having to check the orientation inside the loop.
Since the contitional is outside the loop, this improves performance, reduces the amount of duplicated code, and improves reusability.
Here’s an example of this implemenation that lays out a set of colored boxes both horizontally and vertically using the same layout code with only one conditional.
var data:Array = [0xFF0000, 0x00FF00, 0x0000FF];
var contentDepth:Number = 1;
function layoutContent(x:Number, y:Number, direction:String):Void {
var pos:Object = new Object();
pos.x = x;
pos.y = y;
var changeTarget:String;
var changeSource:String;
if (direction.substr(0, 1).toLowerCase() == "h") {
changeTarget = "x";
changeSource = "_width";
} else {
changeTarget = "y";
changeSource = "_height";
}
var max:Number = data.length;
var contentClip:MovieClip;
for (var i:Number = 0; i
There was some discussion today on CF-Talk about using CGI variables to secure an application and some confusion as to which CGI variables can be spoofed and if some are safe. Particularly there’s interest in blocking out specific IP addresses from accessing a web-application.
After some testing, I confirmed that even REMOTE_ADDR, the client’s IP address, and REMOTE_HOST, the client’s host name, can be spoofed very easily. ColdFusion can do this with the CFHTTP and CFHTTPPARAM tags and I’m sure other tools are available.
These spoofs worked with JRun’s built-in web server and through IIS. I’ve also spoofed REMOTE_HOST previously with an iPlanet installation to demonstrate poor security in a client’s application.
So if you’re thinking about using CGI variables to secure a site, you need to think again. If you need to secure by IP address, then do it at the router and not in application code.
I just stumbled upon this search engine I wasn’t aware of previously. LookSmart.com allows you to search the contents of magazine articles and displays the articles within the LooKSmart site itself. ColdFusion Developer’s Journal is one of the available magazines.
You can search CFDJ archives and come up with interesting things like all my articles (includes articles where I’m mentioned). The same search on the CFDJ web-site turned up nothing, so LookSmart seems like a winner.
I just finished the custom actiosn portion of our BLDoc project and ran across Gregg Wygonik’s blog entry asking about code hints for custom components.
When you create your custom actions file as long as you use the form id="[com.blinex.charts.AreaChart]" for your classes then you’ll get code hints on strongly typed variables. The id must be the fully qualified class name and must be enclosed inside square brackets. This provide code hints both for variables declared using the fully qualified name and when the class is imported.
To get the code-hinting on the colon, the list of classes, you need to add a new folder to you custom actions that lists types. Here’s an example from our B-Line Charting Components 3.0, which will be released any day now.
<folder
name="Types"
id="Types"
index="true"
tiptext="Types that can be used for strong typing"
helpid="0">
<string
name="AreaChart"
tiptext="AreaChart type"
text="AreaChart"
helpurl="Help/BLineCharting30/content_72c6061a.htm" />
<string
name="BoxChart"
tiptext="BoxChart type"
text="BoxChart"
helpurl="Help/BLineCharting30/content_23f3e2f8.htm" />
<string
name="BubbleChart"
tiptext="BubbleChart type"
text="BubbleChart"
helpurl="Help/BLineCharting30/content_8497b033.htm" />
.
.
.
</folder>
There is a big catch though, the suffix style code hints don’t support id’s that have a period in them. If you’re going to set up suffixes you have to use an id such as id="comblinexchartsAreaChart" which of course breaks the typed hints.
So, component developers have to choose–do they want to support typed hints or suffixed hints?
I’ve been working with a lot of XSLT recently related to our BLDoc project. In the case of one of the translations, I had a need to create a resulting document that used only empty XML elements, such as:
<element />
However, no matter what I did the XSLT always produced elements like this:
<element></element>
Technically, the above two are equivalent according to XML guidelines. However, there are two situations where one might prefer the first over the second. (1), it saves bandwidth in large documents and (2) not all XML handling engines are really XML compliant.
In my case, I’m dealing with Flash MX 2004 help content which is not an XML compliant parser. It throws errors when you have closing tags in the custom actions file.
A search of Google Groups turned up about a thousand responses as usual, most of which politely said “it doesn’t matter, they’re the same thing, and if the XML parser you’re working with thinks they’re different then it’s not a compliant parser.” Unfortunately, I’m stuck with the parser built into Flash MX 2004 which is non-compliant.
I finally came across one helpful post that suggested creating the elements as text instead of using real tags.
<xsl:text disable-output-escaping="yes"><identifier text="</xsl:text><xsl:value-of select="@name" /><xsl:text disable-output-escaping="yes">" /></xsl:text>
Which worked great.
This helpful answer actually came from an official support address at Microsoft. Kudos to them for answering the question and holding off on the theoretical slander.
One caveat is that it’s real easy to create invalid XML documents when creating elements from text–you have to make sure they’re well formed and all content is entity encoded.
I have made some minor changed to Flash Tray Tools. A lot of the requests received didn’t make it into this one. I’m hoping to add more features sometime next month. For now here are the additions
- Added Flash Resource Manager Support, if you have not downloaded this already I highly recommend you do here
- Fixed some minor issues with memory allocation
- Added Components folder
- Added initial configuration file
- System wide shortcut added (default is ctrl+alt+L)
- Added Context Menu Item Shortcuts
The installation process is a bit different than before. If you are upgrading delete the previous version and follow the instruction in the readme.txt
Download Flash Tray Tools
Posting my material for my session at FlashintheCan, Flash MX 2004 Component Development Using the Version 2 Architecture. The session went really well, thanks to everyone who attended. From the feedback I received after the presentation, everyone seemed to have found it informative.
The presentation material includes the PowerPoint presentation file, and the simple sample component (StatusIcon) built during the session.
Download the presentation material
Just got back from FlashintheCan. All I can saw is wow, what a great conference it was. Shawn and the rest of the team put a lot of work into the conference and it showed. It was my first time at Fitc and will definitely be on my list of conferences to go to next year.
My presentation and Ask the Pros session went pretty well. I will be posting my presentation material tomorrow and will include some details on sessions/event in a separate blog entry tomorrow too. Right now I need some much needed sleep!
We recently added a JSP page to one of our CFML applications. Everything was working fine until one of us typed in the full path to the application instead of using a bookmark, at which point we got this error:
500 jrun__move2test__act_checkout2ejspd
(wrong name: jrun__Move2Test__act_checkout2ejspd)
The problem is that JSP applications, at least running under JRun, are case sensitive in matching the entire file name including the path. In our case we’re not concerned with the file name of the JSP page itself since the user never sees it; it’s used intenrally. However, the user can type in the path and that is what’s causing the problem.
To address this issue we came up with a short routine that checks the path entered by the user against the real path for differences in case. If there is a difference it relocates, correcting the case. This will cause form submissions to fail if the problem is with your own code using the wrong case but works fine for pages where the user enters the URL directly.
function getPathFromFilePath(filePath) {
var l = len(getFileFromPath(filePath));
if (l) {
return left(filePath, len(filePath) - l);
} else {
return filePath;
}
}
Macromedia has a technote about capitalization in JRun.
