Can anyone tell me, how I can enable exception handling in the theme level EventHandler.cfc in MURA CMS 6?
I have already had to remove the error handling in the Application.cfc error method, because the default routine wasn't displaying enough error detail. But, it seems like the whole CFC framework is wrapped in a <CFTRY> block, which quite frankly is bizarre.
I would prefer a solution that does not involve using <CFCATCH> to dump the errors to a file, which is the temporary solution that I am using at the moment.
I just want Adobe ColdFusion to behave the way it does with my non MURA websites. When there is an error in a CFC, it just displays it, plain & simple.
Of course, for production, my approach is different.
UPDATE:
Just to let you know, I am using Adobe ColdFusion 11, with robust error handling turned on, so I know for fact that this issue is nothing to do with Adobe ColdFusion. It is definitely a MURA CMS issue.
Don't remove the built-in error handling. They have put that in place to protect you from information disclosure. Instead make changes to the error handling to suit your needs.
Mura comes with basically three levels of error "catching". At the theme level, at the site level and then globally. (And I have found that even though an error may be caught at a lower level like 'site' that does not prevent the same error from bubbling up and also firing the 'global' handler.)
Steve Withington created a Gist example that should help you get started. See it here. Be sure to read the comments in the code as it explains where the files live and any configuration settings necessary to invoke them.
Copying his code examples here in case that resource is taken down in the future.Credit Steve Withington
Mura Error Handling: You could use any or even both of the attached methods to help with error handling in Mura CMS. This works better than the default "We're sorry, an error has occurred. Please try again later."
muraCustomErrorFile.cfm
<!---
1) Drop this file under /config/ directory.
2) Add errortemplate=/muraWRM/config/customErrorFile.cfm to the settings.ini.cfm file.
3) Set debuggingenabled=false in the settings.ini.cfm file.
4) Reload Mura CMS
--->
<cftry>
<cfset msg = 'MURA ERROR - MESSAGE: #arguments.exception.Message# DETAIL: #arguments.exception.Detail# ' />
<cflog type="ERROR" file="MuraError" text="#msg#" />
<cfcatch></cfcatch>
</cftry>
<cfparam name="url.debug" default="false" />
<cfoutput>
<!DOCTYPE html>
<html>
<head>
<title>Site Down For Maintenance</title>
</head>
<body>
<h3>Site Down for Maintenance</h3>
<cfif url.debug>
<cfdump var="#arguments#" />
<!--- You Have Access to arguments.eventName and aguments.exception --->
<!---
<h4>Exception Message</h4>
<p>#arguments.exception.message#</p>
<h4>Exception Detail</h4>
<p>#arguments.exception.detail#</p>
<h4>TagContext[1]</h4>
<cfdump var="#arguments.exception.TagContext[1]#" />
--->
<!--- you could also dump whatever else you want to inspect --->
<!---
<cfdump var="#cgi#" label="CGI" />
<cfdump var="#request#" label="REQUEST" />
<cfdump var="#session#" label="SESSION" />
<cfdump var="#application#" label="APPLICATION" />
--->
<cfelse>
<p>This site is temporarily down for maintenance.</p>
</cfif>
</body>
</html>
</cfoutput>
muraOnGlobalError.cfm
<cfscript>
// drop this method in either the Site or Theme eventHandler.cfc
public any function onGlobalError($) {
var tagContext = '';
var local = {};
param name='url.debug' default=false;
local.ex = arguments.$.event('exception');
local.errorMessage = 'GLOBAL ERROR - MESSAGE: #local.ex.Message# DETAIL: #local.ex.Detail# ';
try {
tagContext = local.ex.TagContext[1];
} catch(any e) {};
if ( IsStruct(tagContext) ) {
local.errorMessage = local.errorMessage & '
LINE: #tagContext.LINE#
TEMPLATE: #tagContext.TEMPLATE#
RAW_TRACE: #tagContext.RAW_TRACE#';
}
WriteLog(type='ERROR', file='muraGlobalError', text='#local.errorMessage#');
if ( url.debug ) {
WriteOutput('<h2>Debug Output</h2>' & local.errorMessage);
WriteDump(var=arguments, label='ARGUMENTS', abort=1);
}
}
</cfscript>
Related
i'm working on my legacy system old code of coldfusion, is there a way i can define cfcatch in application.cfc and catch all errors of my application with
Function name
Query name
Line Number of code
Template Name
To debug fast rather then writing everywhere in code.
application developer did not catch any error anywhere in code.i did insert cfcatch in code some of the places but still lot more to do, and because of production i don't want to modify so much of code.
im inserting cfcatch in databse and sending email to development team. because system is in production.
You can use the cferror tag, or onError to direct all errors to a given page/function.
If you use cferror, the exception will be passed in the error variable. If you use OnError, it's a parameter.
To help you along, my own error emails include the following. You will notice that we have special handling to help point out places where a blank may have been passed into a sql integer field, which happens more often than I'd like to admit.
An error occurred: http://#cgi.server_name##cgi.script_name#?#cgi.query_string#<br />
Time: #dateFormat(now(), "short")# #timeFormat(now(), "short")#<br />
<!--- Smarter error catching for form fields --->
<cfif (error.message contains "Invalid data '' for CFSQLTYPE CF_SQL_INTEGER") and isdefined("form")>
<!--- This stores a list of the Id fields --->
<cfloop collection="#form#" item="thisField">
<!--- Get the last two characters of the field name --->
<cfset lastTwoChars = right(thisField, 2)>
<!--- Get the value of the field --->
<cfset thisFieldValue = evaluate('form.#thisField#')>
<!--- Check to see if this is an Id field and if it's value is blank. --->
<cfif lastTwoChars eq 'Id' and thisFieldValue eq ''>
<h3 style="font-weight: bold; color: red">#thisField# is blank and it's possibly an integer field.</h3>
</cfif>
</cfloop>
</cfif>
<cfdump var="#error#" label="Error">
<br/>
<cfdump var="#form#" label="Form">
<br/>
<cfdump var="#url#" label="URL">
<br/>
<cfdump var="#session#" label="session">
Well, I have been experiencing same error as discussed here:
Coldfusion 10 File Not Found Error
I am using Coldfusion 11 , developer edition on my Laptop , Windows 8.1 Pro (OS).
People have suggested two approaches over there to overcome this problem:
1) Setting Missing Template in CFAdmin
2) Setup onMissingTemplate function in Application.cfc
I am basically not sure with any of the approaches , however, I would like to go with the first approach. Could anyone tell me how should I set up missing template in CFadmin?
Why do you prefer letting the server handle the missing template? Myself, I like to handle it on a per-application basis. Some applications should never have links leading to non-existing files, others may operate on that as part of its core.
Straight from adobe's docs, you can use (I accidentally pulled this info from cf8 docs, but the link is to current docs and the result is largely the same.
<cffunction name="onMissingTemplate" returnType="boolean">
<cfargument type="string" name="targetPage" required=true/>
...
<cfreturn BooleanValue />
</cffunction>
For a few of my projects, I've written a CMS (Content-Management-System) that stores all the content in the database in fashion.
CMSPages
------------
PID PTitle PFile PContent
1 Home /index.cfm <b>Hey!</b> Welcome to our gollygizmo website.
And then I (my real code actually uses cfincludes rather than directly in the document. You can do it either way, but it was easiest for me to demonstrate with inline code).
<cffunction name="onMissingTemplate" returnType="boolean">
<cfargument type="string" name="targetPage" required=true/>
<cftry>
<cfquery name="FindPage">
select * from CMSPages
where pFile = <cfqueryparam cfsqltype="nvarchar" value="#Arguments.targetPage#">
</cfquery>
<cfif FindPage.recordcount eq 1>
<cfoutput query="FindPage">show page stuffs</cfoutput>
<cfreturn true>
<cfelse>
<!--- Page not found, log some stuff or email stuff
include cgi data so you know where the link came from --->
Hey, this page doesn't exist, sorry about that.
<cfreturn true>
</cfif>
<cfcatch>
<!--- Something went wrong, log/email error info and --->
<cfreturn false>
<!--- We return false here to pass it back to the default error handler, which can be a handler set in cfadmin. --->
</cfcatch>
</cftry>
</cffunction>
In such a scenario, it's probably beneficial to cache queries based on query name, you can do something like
<cfquery name="local.FindPage#hash(arguments.targetpage)#" cachedWithin="...">
...
</cfquery>
<cfset request.FindPage=local["Findpage#hash(arguments.targetpage)#"]>
So that the queries are cached by unique names, even though it's easily accesible in your document by a common name.
However, if you still prefer server-centric missing template handling, a simple search for cold fusion admin missing template will bring you here.
In the ColdFusion Administrator, click on "Settings" to view the "Server Settings" page
Specify the absolute path that ColdFusion will use to find your error handling template
I make a REST service call using cfhttp with the throwonerror attribute set to true.
When I use a try/catch statement to capture the error, I can't seem to find a way to output what error the REST service call tried to return, which would reside in the cfhttp.filecontent variable.
I also tried putting the result in a variable. Coldfusion keeps telling me that cfhttp and that variable dont exist. It seems like the call and its result get thrown out the door when an exception is raised.
I've read some advice on setting throwonerror=false and capturing the statuscodes myself, but that seems like silly work. Anyody have any thoughts on this?
<cftry>
<cfhttp url="#restUrl##arguments.method#/#arguments.params#" charset="utf-8" throwonerror="true" result="haha" />
<cfcatch type="any">
<cfdump var="#haha#" />
<cfdump var="#cfcatch#" abort />
</cfcatch>
</cftry>
UPDATE:
I've submited a bug report to Adobe, as Adamn suggested: https://bugbase.adobe.com/index.cfm?event=newBug. I can confirm it works in Railo, but doesn't work on CF10. Adam could also confirm it doesn't work on CF11.
I am working with a very old login system that my company used before on a website that used frames.
Before, when someone tried a wrong user/pass combination the frame would load a simple cfinclude file with the login form and an error message on top of it.
Now I am using a form in a popup window that calls the application.cfc but instead of getting the error message back on my popup window the page load the cfinclude file from the application component to a new page.
So I need a few things to happen for this application. First, I need the initial popup window to stay up and the page should not submit if the combination of user/pass is wrong, and finally I need the error message to appear somewhere on the popup.
If anyone did something like this before I would really appreciate your feedback.
This is a partial of my code:
Login Form:
<!--- loginErrMsg display - to tell why login is denied --->
<cfif isdefined("loginErrMsg")><span style="color:red">#loginErrMsg#</span><br /></cfif>
<form name="LoginForm" id="LoginForm" action="<cfif test is false>https://secure.example.com</cfif>#loginFormAction#" method="post" target="_top">
</cfoutput>
<input type="hidden" name="loginPost" value="true">
<p>
Login below to take advantage of the great services we offer:
</p>
E-mail:<input name="j_username" class="loginform" type="text" size="30" maxlength="50" id="j_username">
Password: <input name="j_password" type="password" size="30" maxlength="16" class="loginform">
<br />
<input type="submit" name="btn" value="Submit" class="bluebuttonnormal">
</form>
Application.cfc Code:
<cflogin applicationtoken="swmadmin">
<cfif NOT IsDefined("cflogin")>
<cfinclude template="login.cfm">
<cfabort>
<cfelse>
<cfquery name="userlookup" datasource="#ds#">
SELECT clientadminID, roles, isFaxOnly, acctEnabled FROM clientadmin
WHERE
username=<cfqueryparam value="#cflogin.name#" CFSQLTYPE="CF_SQL_VARCHAR" maxlength="50">
and password=<cfqueryparam value="#cflogin.password#" CFSQLTYPE="CF_SQL_VARCHAR" maxlength="16">
</cfquery>
<cfif userlookup.recordcount eq 0>
<cfset loginErrMsg = "Invalid login.">
<cfinclude template="login.cfm">
<cfabort>
</cflogin>
I am working with a very old login system that my company used before
on a website that used frames.
If this is a new website, don't use it. Login forms are a dime a dozen and can be done in your sleep. Start fresh and do it right.
So I need a few things to happen for this application. First, I need
the initial popup window to stay up and the page should not submit if
the combination of user/pass is wrong, and finally I need the error
message to appear somewhere on the popup.
You're going to want to use an AJAX solution here, either write your own or use a good library like jQuery. Once you check the login values you can use jQuery or simple javascript to unhide or update the innerHTML of an empty element to display your error message.
<cflogin ...>
...
</cflogin>
CFLogin makes me sad. Another one of ColdFusion's tags meant to simplify something commonly done that doesn't really help much and sacrifices flexibility. You can get far more control over your application without it. instead of CFLogin, try something like this pseudo code
<cfcomponent>
<cffunction name = "onRequest" ...>
<cfargument name="targetPage" type="String" required = "true" />
<cfif !structKeyExists(session, "roles") and !findNoCase("loginHandler.cfm",cgi.script_name)>
<!--- notice I prevent the redirect on the form handler, otherwise the ajax will get redirected to the login.cfm page --->
<cfinclude template = "login.cfm">
<cfelse>
<cfinclude template = "#arguments.targetPage#">
</cfif>
</cffunction>
</cfcomponent>
Your login.cfm would then contain your form but your button would fire something like jQuery.post() to "loginHandler.cfm", then depending on the result of the login, your callback function may use jQuery.html() to display the error or window.location.replace / window.location.href if the login was successful. Of course, in the event of a successful login, your ColdFusion page would have to create their session variables and do whatever else you want it to do before sending the result back to your AJAX call.
When a user logs in and is redirected to a secured page, the url is getting appended twice like a list. This in turn causes a 404.
(example: http://uwf.edu/something.cfm,http://uwf.edu/something.cfm)
Currently, the site has a custom login tag which I am unable to edit as I do not have control over it. (It's just a custom cf tag that allows people to login at the university.)
I have to do additional processing after this tag to verify that they are eligible to login on this particular site. Once they have been verified, they are re-directed to another page with cflocation.
<custom login tag>
<cfinvoke component="#application.path#cfc/security" method = "constructSession" returnvariable = "status">
.. params excluded..
</cfinvoke>
<cfif status eq 1>
<cflocation url="#someurl_invalid#" addtoken="no" />
<cfelse>
<cflocation url="#someurl#" addtoken="no" />
</cfif>
The custom login tag refreshed the current page already, but I obviously do not want that and thus had used the above method to re-direct. This worked in ColdFusion 8.
I read this article: http://www.bennadel.com/blog/2050-Changes-In-CFLocation-OnRequestEnd-Behavior-In-ColdFusion-9-s-Application-cfc.htm
The article gave me some insight as to what is going on...but I am unsure how to fix the issue.
Does anyone have any solutions?
Since you don't have control over the custom tag, you'll have to work around the issue instead of fixing it.
I would recommend changing the code:
<cfif status eq 1>
<cflocation url="#ListFirst(someurl_invalid)#" addtoken="no" />
<cfelse>
<cflocation url="#ListFirst(someurl)#" addtoken="no" />
</cfif>
It's not pretty but will work whether the URLs are lists or not.