dans.blog

With all the chatter about recently SQL injections attacks, I thought I'd try and whip up a regex I could use in Eclipse/CFEclipse to find <cfquery> tags that have exposed variables (strings wrapped in #...#) that don't use the <cfqueryparam /> tag.

Well I'm far from a regex master, here's what I came up with:

<cfquery\s[^>]*>([^#]*(((?<!value=")#[^#]*#)))((?<!</cfquery)[^>]*?)</cfquery>

The query does not explicitly check for the token <cfqueryparam, but instead checks to make sure that CF variables are preceded with the string value="—which is the attribute used in <cfqueryparam />.

The query isn't perfect and may pick up occasional false positives, but from my testing it seems to work pretty well. If you have some improvements to the regex, make sure to post a comment and I'll update the post with the most recent version.

Posted by Dan on Jul 23, 2008 @ 11:13 AM

I was just looking over the song list announced for Rock Band 2 and the inclusion of Dream Theater really caught my eye. While I would have picked a song different from Panic Attack, I'm giddy to see Dream Theater show up in a game like this.

Some other song that caught my eye were:

• AC/DC - Let There Be Rock
• Alice in Chains - Man in the Box
• Billy Idol - White Wedding Pt. I
• Foo Fighters - Everlong
• Kansas - Carry On Wayward Son
• Megadeth - Peace Sells
• Metallica - Battery
• Ratt - Round & Round
• Rush - The Trees

For a complete song list, see Gizmodo's coverage of Rock Band 2.

Posted by Dan on Jul 15, 2008 @ 9:12 AM

[UPDATED: Friday, April 17, 2009 at 10:27:41 AM]

Two great posts by Mike Henke and John Whish over the past week cover some really important keyboard shortcuts for Eclipse & CFEclipse. They cover the gamut of some of my favorites (like CTRL+SHIFT+R) and some ones I always forget about (such as CTRL+DEL and CTRL+BACKSPACE.) These are definitely shortcuts you should be memorizing to make you work more efficient.

General Eclipse Shortcuts

[CTRL]+[SHIFT]+[L]

A list of all keyboard shortcuts (not mapped by default in CFEclipse--you can create a copy of this shortcut in the Keys preferences and map to [CTRL]+[ALT]+[K] which is open in CFEclipse.)

[CTRL]+[M]

Maximizes (or minimizes) the current pane (editor or view.) This is a handy way to maximize your editor to take up the full screen.

[CTRL]+[K]

Finds the next occurrence of the highlighted text. (NOTE: This is one of the best ways to jump around your document.)

[CTRL]+[SHIFT]+[K]

Finds the previous occurrence of the highlighted text.

[CTRL]+[H]

Brings up the Search & Replace dialog.

[CTRL]+[D]

Delete the current line.

[CTRL]+[SHIFT]+[DEL]

Deletes to the end of the current line.

[CTRL]+[DEL]

Deletes the next word.

[CTRL]+[BACKSPACE]

Deletes the previous word.

[CTRL]+[SHIFT]+[X]

Converts highlighted text to uppercase.

[CTRL]+[SHIFT]+[Y]

Converts highlighted text to lowercase. </DD

[CTRL]+[Q]

Goes to the last place you made a change.

[ALT]+[LEFT]

Goes "back" to the last open editor in your viewing history.

[ALT]+[RIGHT]

Goes "forward" to the next open editor in your viewing history.

[CTRL]+[E]

The Quick Switch Editor opens a list of all open editors and allows you to quickly switch to any open file.

[CTRL]+[SHIFT]+[R]

The Open Resource dialogs allows you to quickly open any files in your workspace. This is one I use all the time.

[CTRL]+[3]

The Quick Access menu pretty much helps you find anything in Eclipse by providing a keyword.

[CTRL]+[SHIFT]+[E]

The Switch to Editor brings up a list of all open editors (and can even span multiple windows.)

[CTRL]+[UP]

Moves the current (or highlighted) rows up one line.

[CTRL]+[DOWN]

Moves the current (or highlighted) rows down one line.

[CTRL]+[ALT]+[UP]

Inserts a copy of the currently highlighted line above the current line.

[CTRL]+[ALT]+[DOWN]

Inserts a copy of the currently highlighted line below the current line.

[CTRL]+[ALT]+[RIGHT]

Shifts (indents) the current or highlighted line(s) to the right. Much faster than highlighting the line(s) and using the [TAB] key.

[CTRL]+[ALT]+[LEFT]

Shifts (un-indents) the current or highlighted line(s) to the left. Much faster than highlighting the line(s) and using the [SHIFT]+[TAB] key.

[CTRL]+[HOME]

Jumps to the beginning of the current file.

[CTRL]+[END]

Jumps to the end of the current file.

CFEclipse Shortcuts

[CTRL]+[3]

Wraps text inside #...#.

[CTRL]+[T]

Edit current tag.

[CTRL]+[SHIFT]+[A]

Inserts <cfabort/> tag.

[CTRL]+[SHIFT]+[D]

Inserts <cfdump/> tag.

[CTRL]+[SHIFT]+[O]

Wraps text inside <cfoutput>...</cfoutput> tags.

[CTRL]+[SHIFT]+[N]

When focus is inside of an HTML/CFML tag, it will jump to the matching open or close tag.

[CTRL]+[SHIFT]+[U]

Converts highlighted text to uppercase. (NOTE: I recommend using [CTRL]+[SHIFT]+[X] instead because it's a general Eclipse shortcut.)

[CTRL]+[SHIFT]+[L]

Converts highlighted text to lowercase. (NOTE: I recommend using [CTRL]+[SHIFT]+[Y] instead because it's a general Eclipse shortcut.)

[CTRL]+[SHIFT]+[P]

Wraps text inside <p>...</p> tags.

[CTRL]+[SHIFT]+[C]

Wraps text inside a contextual comment (i.e. <!--...--> for HTML, /*...*/ for scripts).

[CTRL]+[SHIFT]+[M]

Wraps text inside <!---...---> tags.

[CTRL]+[SHIFT]+[Z]

Opens the color picker.

[CTRL]+[\]

Expands or collapses the current code block (<cfif>, <cffunction>, <cfswitch>, etc.)

In CFEclipse, most of your standard shortcuts for formatting (i.e. [CTRL]+[B] = strong) work as well. Learning keyboard shortcuts can really speed up your development process, so I recommend trying to learn one or two a week and introduce them into your coding habits.

Posted by Dan on Jul 10, 2008 @ 10:53 AM

The Pencil Project looks like a pretty interesting tool for sketching out and prototyping a site design. It's based on XUL engine in Firefox 3 and looks to be a pretty impressive little open source application. From the Pencil Project website:

The Pencil Project's unique mission is to build a free and opensource tool for making diagrams and GUI prototyping that everyone can use.

Top features:

• Built-in stencils for diagraming and prototyping
• Multi-page document with background page
• On-screen text editing with rich-text supports
• PNG rasterizing
• Undo/redo supports
• Installing user-defined stencils
• Standard drawing operations: aligning, z-ordering, scaling, rotating...
• Cross-platforms
• Adding external objects
• And much more...

Pencil will always be free as it is released under the GPL version 2 and is available for virtually all platforms that Firefox 3 can run. The first version of Pencil is tested against GNU/Linux 2.6 with GTK+, Windows XP and Windows Vista.

Make sure to check out the quick tour/screenshots of the application.

Posted by Dan on Jul 10, 2008 @ 10:13 AM

Adam Lehman mentioned this the other day on a mailing list (and now has blogged about the CF 8 EULA change); the ColdFusion license changed in v8.01 and it now allows you to have a copy of CF installed for a warm backup server.

From the ColdFusion 8 EULA (PDF):

2.3 Backup and Disaster Recovery. Licensee may make and install a reasonable number of copies of the Software (ColdFusion) for backup and archival purposes and use such copies solely in the event that the primary copy has failed or is destroyed, but in no event may Licensee use such copies concurrently with Production Software or Development Software. Licensee may also install copies of the Software in a Disaster Recovery Environment for use solely in disaster recovery and not for production, development, evaluation or testing purposes other than to ensure that the Software is capable of replacing the primary usage of the Software is case of disaster.

This is great news for smaller shops that want to have a warm/hot backup server that they can easily push live if their production server runs into hardware problems.

Posted by Dan on Jul 10, 2008 @ 9:38 AM

A good way to start a Monday morning...

Posted by Dan on Jul 7, 2008 @ 8:14 AM