If you need to protect your FW/1-based site against SQL injection and cross-site scripting (XSS) attacks - and you do! - you can do a lot worse than use John Mason's Portcullis. It's a single CFC which scans and sanitises your Form,URL and Cookie scopes, and optionally sets up a blacklist of repeatedly-offending IP addresses.
As you may have noticed from some of my recent posts, I've recently started to use Sean Corfield's FW/1 as the framework for my sites, and it's revolutionised the way I write code.
One thing I feel is missing, though, is the ability to send emails from within the app. This seems to me to be a fundamental requirement of nearly every web app - although I also understand Sean's wish to keep FW/1 as lean and stripped-down as possible.
UPDATED: The functionality has now been rolled into the framework as of version 1.2, so the hack is unnecessary. The methodology for overriding a framework method still applies, but let me reiterate: be very careful what you change, and look out for any code changes to the overridden method in future releases!
Original post continues below...
My (first) FW/1 application consists of two subsystems: public and admin. The public subsystem is the default, so if I invoke a URL action without a subsystem specified explicitly, it will use 'public'.
Of course, if you use the buildURL() method to create your links (which you should be doing!) it will always prepend your action with public: - which I find a little untidy, especially when using SES URLs.
Just a quick tip for anyone using FW/1's populate() method to populate their objects.
I ran into a problem where my auto-generated setters were being called correctly by the populate() method, but my explicit setters were not. And because FW/1 ignores any error generated here, I couldn't work out why this was...
