I just modified my tournament pool application from last year to be a Galleon Forums add-on.  It works nicely in Galleon 1.5, and requires CFAJAX.

Here's the project page, and join the OpenSourceCF.com forums to see the example.

Rob Gonda announced in his blog the other day that he's changed the license for ajaxCFC from a restricted open source license in which permission was required to redistribute it, to a more formal open source license.  He's chosen the Apache 2.0 license.

Thanks Rob!

There was a discussion on cf-talk today about message boards in coldfusion versus phpbb, easily the world's most popular message board application.

I suggested that if I ever started working on a bulletin board solution again (like I was with cfmbb), I'd probably start with Ray Camden's Galleon Forums, and then I'd add the following two features:

• Private Messaging
• BBML Support

Ray is not a fan of BBML / Smilies, but he said if I wrote it, he'd implement it.

So I did.

My implementation is based on Galleon 1.5 which I downloaded a week or so ago.  The changes are pretty innocuous, and you can download them here:

Here's an example thread with all the BBML in use, along with a description of the changes made is here:

I've also submitted these changes to Ray for inclusion in the main Galleon project.

Now eventually, I may dig into Galleon and add some of the other features that I want to see, like private messaging, avatars, and signatures.

Thanks to Brian Renaldi for compiling and mainting the Open Source Coldfusion List.  There are CF projects (like mine) scattered all over the place and until now there's never been a good single location for finding open source software.

And it's even current enough to have the correct project links for CFFM and ImageCFC - both of which appeared on THIS site fairly recently.

Check it out.

The following applies to CFAJAX version 1.3.  I don't know about previous versions, and I certainly don't know about future versions!

I've noticed that CFAJAX seems to have with Safari. I've also noticed that other people have noticed as well.

Although my chat room worked for Safari users, Safari seemed to urlencode the parameters, and cf did not decode them.  Almost as if Safari URL encoded the parameters, and then URL encoded the whole XML packet.. so when coldfusion received the XML packet, it URL decoded it, and the parameters were still urlencoded.  Crazy!

So a safari user would type "hey just checking this out", and it would get passed to my functions as "hey%20just%20checking%20this%20out".

Here's my solution to this problem:

In the "convertDataPassedToCFFunctionParam" function, around line 90ish, just after the <cfelse> tag, I replaced the single line that was there (that starts with <cfset variable.param = listAppend ... >) with the following:

Basically, if the browser is safari, URLDecode the parameter value before placing it into the list. Otherwise, don't.

For my CFAJAX Chat application, I needed an event gateway that would allow me to simly call a CFC method every 10 seconds, so I wrote one.

That chat application doesn't require it, but if you don't have the ability to use an event gateway, then you need to do stuff via scheduled task.  The scheduled task can only run once every minute, and it makes requests to the web server.  The gateway allows me to do the same thing every 10 seconds without making a web server request.

Go to the SimpleGateway Project Page for more details and the download link.

In an effort to teach myself Ajax, I've written what I think is a pretty nice chat room application that I'll be releasing the source for soon.

I've just released version 2.00 beta 3 of my Image Manipulation CFC. It includes some bug fixes, and addition error trapping.

Download Now

While working on my new chat room project using CFAJAX, I discovered a pretty nasty security flaw in the cfajax framework.

Basically, if you have built an application that takes user input as a text string, and passes that text string to a coldfusion function on the server, then chances are good that your application allows people to execute CFML code on your server that you don't want them to.

I discovered it when I was having trouble with my chat application and the double quote mark ".  Any time I used a double quote in whatever I typed and sent to the server, it would cause a CFML error on the back said.

I realized that if I typed the following line, the CFML in the middle would be executed:

foo " & now() & " foo

And then someone else noticed that you could type in #Now()# and it would be executed on the server.

The flaw is basically in the way cfajax (in the file cfajax.cfm) constructs the functionName variable.

To resolve the problem, on or around line 92, in the listAppend() command that appends to the variables.param list, you have to escape both quotes and pound signs by doubling them up, as follows:

Welcome to my new Coldfusion Open Source Blog, where I will publish my own open source applications, and comment on other open source issues and projects in the CF Community.

Coldfusion Developers have slowly, over the last few years, been embrassing the open source movement.  4-5 years ago, if you looked for anything free and redistributable, chances are you came away disappointed.  The PHP community has always been way ahead of us in that respect.

What is Open Source?

For the purposes of this Blog, i'm referring to any coldfusion application or component that is distributed free of charge, with source code, and is redistributable.  There are many things out there that meet the first two requirements, but there are some things that don't meet the third requirement.

Anyway, I've got some software to release...