Ok, so I know “Validate Your Form Fields” is one of the ten commandments of web development, but even Jedis can screw this up at times. Here is a great, and maybe a bit subtle, example of something I screwed up in BlogCFC. Over the weekend a slew of error emails came in to our blog at work and then this morning another user reported the same error. The error was:
The SUBSCRIBE argument passed to the addComment function is not of type boolean.
This came from the Add Comment code. When you post a comment to my blogware, there is a subscribe checkbox. The checkbox will pass a true value, and since it is a checkbox, nothing at all will be passed if you leave it be. Therefore this code:
<cfparam name="form.subscribe" default="false">
Will handle setting that state to false. That works fine until some spammer/script kiddie does a form post with subscribe set to a non-boolean value.
I fixed this easily enough (BlogCFC users can download the fix in about 5 minutes) by adding:
<!--- validate boolean --->
<cfif not isBoolean(form.subscribe)>
<cfset form.subscribe = false>
<cfif not isBoolean(form.rememberme)>
<cfset form.rememberme = false>
Pretty simple mistake on my part. What’s interesting/sad is that this is exactly the same type of thing I’ve had to worry about since I started ColdFusion development 10+ years ago!