trycf

<!---
Intent (goal): return one submission record.
[BAD] url.submissionId is user input.
[BAD] tenant-only scoping without object-level checks.
[BAD] serialise and return without a policy decision.
--->
<cfparam name="url.submissionId" type="string" />
<cfset tenantId = session.tenantId />
<cfset submissionId = url.submissionId /> <!--- [BAD] user-controlled identifier --->
<cfquery name="qSubmission" datasource="appDSN">

trycf

<!---
Intent (goal): return one submission record.
[BAD] url.submissionId is user input.
[BAD] tenant-only scoping without object-level checks.
[BAD] serialise and return without a policy decision.
--->
<cfparam name="url.submissionId" type="string" />
<cfset tenantId = session.tenantId />
<cfset submissionId = url.submissionId /> <!--- [BAD] user-controlled identifier --->
<cfquery name="qSubmission" datasource="appDSN">

trycf

<!---
Intent (goal): return one submission record.
[BAD] url.submissionId is user input.
[BAD] tenant-only scoping without object-level checks.
[BAD] serialise and return without a policy decision.
--->
<cfparam name="url.submissionId" type="string" />
<cfset tenantId = session.tenantId />
<cfset submissionId = url.submissionId /> <!--- [BAD] user-controlled identifier --->
<cfquery name="qSubmission" datasource="appDSN">

trycf

<!---
Intent (goal): return one submission record.
[BAD] url.submissionId is user input.
[BAD] tenant-only scoping without object-level checks.
[BAD] serialise and return without a policy decision.
--->
<cfparam name="url.submissionId" type="string" />
<cfset tenantId = session.tenantId />
<cfset submissionId = url.submissionId /> <!--- [BAD] user-controlled identifier --->
<cfquery name="qSubmission" datasource="appDSN">

trycf

```cfm
<!---
Intent (goal): return one submission record.
[BAD] url.submissionId is user input.
[BAD] tenant-only scoping without object-level checks.
[BAD] serialise and return without a policy decision.
--->
<cfparam name="url.submissionId" type="string" />
<cfset tenantId = session.tenantId />
<cfset submissionId = url.submissionId /> <!--- [BAD] user-controlled identifier --->

trycf

<cfscript>
cfapplication( action="update", nullSupport=true );

function testPositional( arg1, arg2 ) {
	return arguments;
}

function testProxy( arg1, arg2 ) {
	return testPositional( argumentCollection=arguments );
}

trycf

<cfscript>
batchsize = 3
batches = []
arr = [1,2,3,4,5,6,7,8,9,10]
while(arr.len() > 0) {
    thissize = min(batchsize, arr.len());
    batches.append(
        arr.slice(1, thissize))
    )
    

trycf

<cfscript>
	writeOutput( "<h2>Strict Equality Operator (===) Test</h2>" );

	writeOutput( "<h3>String Case Sensitivity</h3>" );
	writeOutput( "'k' === 'K' : " & ( 'k' === 'K' ) & "<br>" );
	writeOutput( "'k' === 'k' : " & ( 'k' === 'k' ) & "<br>" );
	writeOutput( "'hello' === 'HELLO' : " & ( 'hello' === 'HELLO' ) & "<br>" );
	writeOutput( "'hello' === 'hello' : " & ( 'hello' === 'hello' ) & "<br>" );

	writeOutput( "<h3>Type Strictness</h3>" );

trycf

<cfscript>
    function sumOfFiveSeven() {
        x = 5;
        y = 7;
        
        return (x + y)
    }
</cfscript>

<cfoutput>

trycf

<cffunction name="callme">
	<cfargument type="integer" name="integer" default=1234 />
		<cfargument type="integer" name="integerwithquotes" default="1234" />
		
			<cfargument type="numeric" name="num" default="1234" />
			
		<cfargument type="integer" name="integerwithexpr" default="#CGI.SERVER_PORT#" />	

	
		<cfreturn arguments.num.ucase />