Every time a page on the site is visited I am getting the error message:
ColdFusion was unable to add the header you specified to the output stream. This is probably because you have already used a cfflush tag in your template or buffered output is turned off.
But, the header is being added. The line that is causing the error is <cfheader name="Content-Encoding" value="gzip">. If I remove the line then I don't get an error, but gibberish is displayed because the gzip is not decompressed.
I am not using any cfflush tags on the site. I also saw a suggestion that cftimer tags could cause problems, but I am not using any of those either.
You can also get this error if your resulting HTTP output is larger than your output buffer.
Check the "Maximum Output Buffer size" setting in CF Administrator and compare that to the size of your output.
Related
In my application.cfc file I have the following code:
this.mappings["/includes"] = "#expandPath('../../priv/inc/')#";
and then on a page I have the following CF include set up:
<cfinclude template="/includes/imageOptimise-thumbnail.cfm">
For the majority of the time when the page is submitted the imageOptimise-thumbnail page runs without any issue but occasionally it will error saying that it can't find the imageOptimise-thumbnail.cfm. If I resubmit the page, chances are it will work but the question is, why is it sometimes not being able to find the page?
I had a look in the CF Admin and I can't see anything in the logs saying that there was an error but it is clearly showing a Coldfusion 'template not found' error message when it fails.
Anyone got any ideas?
I think your issues stem from the fact that the path used for the mapping is relative.
According to advice in ColdFusion Mappings and Relative Paths,
the moral of the story is to NEVER use expandPath() to create a
mapping that’s relative to the webroot.
Try to make the webroot static as the blog suggests
<cfset this.mappings["/myapplication"] =getDirectoryFromPath(getCurrentTemplatePath())
and navigate to /priv/inc/ from the webroot
I have an application that contains a form which, until recently, I was able to save as a PDF using cfdocument. A few weeks ago we swapped out a server. The old server was running CF 9.0.1. The new server is CF 10. Since then, I've been getting this error when I try to save this particular form as a PDF.
--
An exception occurred when performing document processing. The cause
of this exception was that:
coldfusion.document.spi.DocumentExportException:
java.lang.IllegalStateException: This function should be called while
holding treeLock.
--
I have another page in the application that saves PDFs just fine. It's just this page that's throwing the error. I can't find anything about TreeLock anywhere on the web (at least, nothing that pertains to ColdFusion).
Has anyone else run into this, and if so, how did you fix it? Thanks!
I started getting the error upon promoting a new version. Rendered the content in HTML. Found I had forgotten to promote an image (got the dreaded X for image). Promoted the image, cfdocument pdf works again. (I'm using localUrl="yes")
In other words, you can debug CF errors that halt the process but cfdocument pdf blithely assumes HTML content you supply is correct and complete.
I had the same problem and by process of elimination found that cfdocument doesn't like textarea elements within the form. It is fine with input type=text, but whenever I tried to add textarea elements it fell over with this error. Hope this helps someone
I'm want to use CFFILE upload to detect only .txt file. I've tried to use file.clientfileext to detect the extension. When TXT is detected, I'm showing a pop up error message to users and delete the file. But I was told I should not even allow user's file to reach our server.
Then I use CFFILE accept attribute to only accept text/plain. This should do it but unfortunately on my test when I tried uploading non text file I got ColdFusion error:
The MIME type of the uploaded file application/pdf was not accepted by
the server. Only files of type text/plain can be uploaded. Verify
that you are uploading a file of the appropriate type.
I tried to use cftry and cfcatch but I still get the same error, this mainly due to the MIME Type that I don't know when the file is being uploaded by the browser.
I also found the same question in this forum and tried the suggested answer, it did not work, still got the same error message (see below)
I also found another posting in this forum that do not suggest the use of CF "accept" attribute. This link is provided for a further detail explanation: http://www.petefreitag.com/item/701.cfm
So my question is, since I'm still using CF8, I actually don't have many options to prevent my users from uploading other than .txt file securely?
If I can't use the accept attribute of the CFFILE, can I at least secure my file upload functionality by doing the following? but is doing it this way safe enough?
Upload the file to a temp folder that is not under the root dir
verify the file extension
change the file name even if the extension is detected to be a .txt
move the file to the destination file under the root dir
Even if I do these steps, I have to allowed the file to reach our server, the order is to NOT allow the file to reach our server.
Below is the answer/suggestion from previous question. But it doesn't work when I tested it:
<CFTRY>
<cflock name="write_lock" type="Exclusive" timeout="120">
<cffile action="upload" filefield="filepath" destination="#DestDir#"
nameconflict="Overwrite" attributes="Archive">
</cflock>
<CFCATCH>
<cfif FindNoCase("not accepted", cfcatch.Message)>
<script>
$(function(){
alert("Only the following file types are allowed: .jpg, .gif, .bmp,
.png.");
});
</script>
<cfabort />
<cfelse>
<!--- looks like non-MIME error, handle separately --->
<cfdump var="#cfcatch#" abort />
</cfif>
</CFCATCH>
</CFTRY>
I think your steps are reasonable if you don't like using the Accept attribute for validation. FYI you can set accept to .txt instead of the MIME types. The MIME type was determined by the client so it's safer to check the extension anyway.
The exception thrown by cffile failing attribute validation may not have a type, so the code you posted tried to detect it with FindNoCase() by looking at the exception's message. You can dump the exception out and find out why the FindNoCase() failed to catch the exception.
Make sure you treat whatever uploaded as something potentially malicious and do not process them (e.g. cfinclude them). Forcing the file extension to be .txt should be safe enough, but I'll let other security experts charm in.
You can use the below code:
<cffile action="upload" filefield="BidDoc"
destination="C:\upload\"
nameconflict="makeunique"
accept="text/plain">
The other mime types which you may use are:
application/pdf
application/msword
application/vnd.ms-excel
application/vnd.openxmlformats-officedocument.wordprocessingml.document
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
As discussed in this answer, there really is no 100% fool-proof way.
If you don't want to trust the "accept" attribute, I would suggest allowing the user to upload the file and then checking the mime type of the uploaded file using the cffile.contentType property. Check against whatever mime types you wish to allow/restrict and reject with the appropriate message. You may also choose to employ a check of the file extension as an added layer of error checking.
It must be noted that like file extensions, mime types can not be 100% trusted to be accurate as they can be edited by the user. But using a combination of checks you can be reasonably that most files uploaded are of the correct type.
Coldfusion will not prevent a file from being uploaded to a server. You can set a maximum file size but this is processed during the upload. The cffile tag kicks in after the file is uploaded. Furthermore it is rather difficult to really determine if a file is a text file or a jpg, exe, rar etc file. The following q & a may help:
Determining binary/text file type in Java?
In my opinion it is best to follow the tips given by pete freitag and use a java class to determine the file type. Then you can delete all non text files.
I am going through the following code:
<cfset x_dt = LSDateFormat(Now(), 'yyyy-mm-dd') &" "&
LSTimeFormat(Now(), 'HH:mm:ss')>
<cfif VerboseDebug gt 0>x_dt = #x_dt#<BR><cfflush></cfif>
I didn't understand the usage of <cfflush> here. Wondering since I haven't defined interval here, how does it works here?
I read the documentation.
Normally when you run a CF script, the server does not return any output to the client until after all of the CF code has executed. CFFlush allows you to return output as it is becomes available, rather than waiting until the end. Useful in cases where you want to display results incrementally, such as for some sort of progress indicator.
I didn't understand the usage of here. Wondering since I
haven't defined interval here, how does it works here?
When you do not specify an interval, CF automatically flushes any new output when you invoke the tag. From the docs:
The first occurrence of this tag on a page sends back the HTML headers
and any other available HTML. Subsequent cfflush tags on the page send
only the output that was generated after the previous flush.
It looks like your code is using that technique for debugging purposes. When that line of code is reached, the server returns that date string to the client if VerboseDebug is enabled.
I'm having a vexing time displaying a remote RSS feed on an intranet site. I'm using the MM_ XSLTransform.cfc version 0.6.2 to pull in the feed and a basic xsl to output. The feed url is www.fedsources.com/FedsourcesNet/RssFeeds/RSS_MarketFlash.aspx. If you open it in a browser, you'll see it appears to be an ordinary RSS feed. But when I try to display it in CF, I get the following" MM_ XSLTransform error.
www.fedsources.com/FedsourcesNet/RssFeeds/RSS_ MarketFlash.aspx is not a valid XML document.
Parsing www.fedsources.com/FedsourcesNet/RssFeeds/RSS_ MarketFlash.aspx
An error occured while Parsing an XML document.
Content is not allowed in prolog." (the actual error included http:// in the urls. Then the feed is dumped as part of the error message.
What's especially frustrating is if I view the source of the RSS and copy and paste it into a text file, then parse that text file, it displays fine.
Running CF version 7.
I tried changing the charset from UTF-8 to windows-1252, but that added some weird characters at the beginning and didn't help. I also tried stripping out everything between <channel> and <item> but that didn't help.
I've successfully parsed other RSS feeds outside our firewall using the same code. Is there something about the aspx extension that's causing the error? Any thoughts? Anyone?
Thanks.
What's the exact code that you're using to parse the XML document? This particular error normally happens if you have some data before the <?xml?> tag in the document, even a single space can cause a problem.
I'm not familiar with the particular CFC you mentioned, so I can't troubleshoot that one for you, but make sure that you use the Trim function around any XML content you're going to try to parse.
UPDATE: A quick Google search led me to this post from Ben Nadel: http://www.bennadel.com/blog/1206-Content-Is-Not-Allowed-In-Prolog-ColdFusion-XML-And-The-Byte-Order-Mark-BOM-.htm
You need to remove the Byte-Order-Mark from the feed. This code works without an error:
<cfhttp method="get" url="http://www.fedsources.com/FedsourcesNet/RssFeeds/RSS_MarketFlash.aspx" />
<cfset xmlResult = XmlParse(REReplace( cfhttp.FileContent, "^[^<]*", "", "all" )) />
<cfdump var="#XMLParse(xmlResult)#" />