tracker issue : CF-4203901

select a category, or use search below
(searches all categories and all time range)

csrfGenerateToken generates error in Update 15

| View in Tracker

Status/Resolution/Reason: To Fix//BugVerified

Reporter/Name(from Bugbase): Michael M. / ()

Created: 01/11/2019

Components: CFComponent

Versions: 2016,11.0

Failure Type: Crash

Found In Build/Fixed In Build: Update 15 /

Priority/Frequency: Normal / All users will encounter

Locale/System: ALL / Win 2008 Server

Vote Count: 0

We recently updated to Update 15
When we use  csrfGenerateToken( forceNew = true )  it generates the following error:

A built-in ColdFusion function cannot accept an assignment statement as a parameter, although it can accept expressions. For example, CSRFGENERATETOKEN(d=a*b) is not acceptable. 

Steps to Reproduce:

Actual Result:

We would expect the function to generate a Token that we use to deter cross site scripting.

Any Workarounds:



Hi Michael, Named parameter syntax `csrfGenerateToken(forceNew=true)` isn't valid until CF2018. Pre-CF2018 that'd be positional syntax `csrfGenerateToken("", true)`. It's a bug if it worked pre-CF2018. Hi Adobe, If you run `csrfGenerateToken(forceNew=true)` in CF2016, you'll see typo in exception message: "coldfusion.compiler.validation.FunctionInvalidParamterExceptionVaradic". The "Paramter" should be "Parameter". Could that be fixed w/o another ticket? Thanks!, -Aaron
Comment by Aaron N.
30109 | January 12, 2019 03:36:07 AM GMT
My coworker found information that agrees with this. You can close this ticket. We were only using it in a couple of places. We can work around it. Thanks! Michael Miller
Comment by Michael M.
30117 | January 14, 2019 07:14:05 PM GMT
We will fix the exception message, "coldfusion.compiler.validation.FunctionInvalidParamterExceptionVaradic". Thanks for pointing it  Aaron. Thanks, Suchika
Comment by Suchika S.
30119 | January 15, 2019 07:35:10 AM GMT