Skip to content

Instantly share code, notes, and snippets.

View mjclemente's full-sized avatar

Matthew J. Clemente mjclemente

View GitHub Profile
@mjclemente
mjclemente / gist:31abdfe8ac97c43940ed
Last active September 14, 2015 14:05 — forked from ghidinelli/gist:e01b83b6a2e628c17cd5
getRemoteAddress() for ColdFusion with or without common load balancers/firewalls
<cffunction name="getRemoteAddress" output="false" access="public" returntype="string" hint="Identify the remote user IP address">
<cfset var pc = getHTTPRequestData().headers />
<cfset var arrIP = "" />
<cfif structKeyExists(pc, "X-Forwarded-For") AND len(pc["X-Forwarded-For"])>
<!--- the x-forwarded-for header sometimes includes values that are too long like "172.27.156.64, 67.98.222.16". The regexp picks out just the matches. http://support.f5.com/kb/en-us/solutions/public/12000/200/sol12264.html --->
<cfset arrIP = reMatch('\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b', pc["X-Forwarded-For"]) />
<cfif arrayLen(arrIP)>
<cfreturn arrIP[1] />
<cfelse>
@mjclemente
mjclemente / bean.cfc
Last active November 20, 2015 16:59
Bean using properties
component accessors=true {
property name="userService";
property name="user_id" default="0";
property name="first_name" default="";
property name="last_name" default="";
property name="email" default="";
function init() {
return this;
@mjclemente
mjclemente / xss-owasp-cheatsheet
Created May 12, 2016 21:44 — forked from sseffa/xss-owasp-cheatsheet
xss-owasp-cheatsheet
#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#
# XSS Locator 2
'';!--"<XSS>=&{()}
@mjclemente
mjclemente / pbkdf2.cfm
Created June 23, 2016 20:10 — forked from ryanguill/pbkdf2.cfm
PBKDF2 in CF: This is an example and test of hashing passwords in CFML using PBKDF2. Save this file as pbkdf2.cfm and run it for more information.
<cfscript>
struct function hashPasswordPBKDF2 (required string password, numeric iterations = 10000, numeric saltByteLength = 8) {
if (iterations < 100000) {
throw(message="Iterations must be greater than or equal to 100000");
}
if (saltbytelength < 8) {
throw(message="SaltByteLength must be greater than or equal to 8");
}
@mjclemente
mjclemente / QueryExecuteExample.cfc
Created September 21, 2016 21:38
Example of Insert Statement with QueryExecute
var params = {
fieldName = { value = stringVariable, cfsqltype = "CF_SQL_VARCHAR" },
otherFieldName = { value = otherVariable, cfsqltype = "CF_SQL_VARCHAR" }
};
var sql = "INSERT INTO theTable(
fieldName,
otherFieldName) VALUES (
:fieldName,
:otherFieldName)"
@mjclemente
mjclemente / compressHtml
Created February 16, 2017 22:52 — forked from kevindb/compressHtml
ColdFusion Compress HTML
/**
* @hint Removes whitespace from HTML code
Originally authored by Jordan Clark (JordanClark@telus.net)
*/
public string function compressHtml(
required string html,
numeric level = 2
){
local.response = this.trim(arguments.html);
@mjclemente
mjclemente / application.log
Created July 26, 2017 01:02
Commandbox Docker Image Application Log
"Severity","ThreadID","Date","Time","Application","Message"
"Information","XNIO-2 task-11","04/30/17","21:10:35",,"/Users/jonclausen/Sites/ortus/commandbox-engines/workbench/ACF11/Engine/WEB-INF/cfusion/logs/application.log initialized"
"Information","XNIO-2 task-11","04/30/17","21:10:35",,"Session rotated successfully."
"Information","XNIO-2 task-3","04/30/17","21:17:03",,"Session rotated successfully."
"Error","XNIO-2 task-1","07/26/17","00:57:01",,"Error thrown by site-wide exception handler:"
"Error","XNIO-2 task-1","07/26/17","00:57:01",,"The Security service is not available.This exception is usually caused by service startup failure. Check your server configuration. The specific sequence of files included or processed is: /root/serverHome/CFIDE/administrator/templates/secure_profile_error.cfm'' "
"Error","XNIO-2 task-1","07/26/17","00:57:01",,"The Security service is not available.This exception is usually caused by service startup failure. Check your server configuration. The specific sequence of file
@mjclemente
mjclemente / Word and Character Count.scpt
Last active November 22, 2017 01:11 — forked from markschwarz/Word and Character Count.scpt
Word and Character Count service for Mac OS X
-- Word and Character Count service for Mac OS X
-- Adds a Word and Character Count option to the text selection context menu
-- Use Automator to create a new service, then select the Run AppleScript action. Make
-- sure the service is set to receive "text", at the top of the window. Paste in this code
-- and save as "Word and Character Count". Now switch to a new app, select some text,
-- right-click, go to Services, and find the new option.
-- Copyright 2015, Noah Slater <nslater@apache.org>
@mjclemente
mjclemente / parseArn.cfc
Last active January 11, 2018 22:49
Parses an Amazon Resource Name (ARN) and returns its component parts as an object.
/**
* @hint Parses an Amazon Resource Name (ARN) and returns its component parts as an object.
* This follows the general format of ARNs outlined by Amazon (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html), but does not fully account for all possible formats
* Derived from https://gist.github.com/gene1wood/5299969edc4ef21d8efcfea52158dd40
*/
public struct function parseArn( required string arn ) {
var elements = arn.listToArray( ':', true );
var result = {
'original' : arn,
'arn' : elements[1],
@mjclemente
mjclemente / isEmailDomainValid.cfm
Last active January 30, 2018 21:35 — forked from JamoCA/isEmailDomainValid.cfm
ColdFusion UDF to validate if an email address' MX record exists.
<!--- NOTE: This technique is not 100% accurate because some DNS servers don't allow MX queries or may be slow to respond,
but this will identify addresses that are potentially bad or suspicious. --->
<!--- some elements are incorporated from @pfreitag's post here: https://www.petefreitag.com/item/487.cfm --->
<cfscript>
public boolean function isEmailDomainValid( required string email, string dnsServer = '8.8.8.8', numeric timeout = 2000, numeric retries = 1 ){
var mxRecords = [];
var emailDomain = email.listLast( '@' ).trim();
if ( !isValid( 'email', email ) )
return false;