I inherited a coldfusion website that is written in ColdFusion 8 and it was written VERY poorly.
First: the Application.cfm is encrypted
Second: no one know how to decrypt the Application.cfm so I have no idea what are listed in this Application.cfm
Is there a way to get and display the applicationtimeout set in cfapplication?
I'm able to cfdump the "#Application.applicationName#" but not sure how to cfdump the applicationtimeout, sessiontimeout attributes from the cfapplication
Can anyone help?
It's easy enough to decrypt the files. Just google "coldfusion cfdecrypt.exe" and track one down. Examples:
cfdecrypt.exe
AdeptCFDecrypt
Note that the encryption scheme used changed for - I think - CF10, so these solutions won't work on that or later versions of CF. However it should be fine for your purposes.
Related
I am working on a lot of ColdFusion legacy code. I am seeing
<cfform action="xxxx.cfm" method="POST" enablecab="No">
I am working on retiring <cfform> but I am at a loss as to what enablecab="No" does.
QA has spotted the change, but I am at a loss as to how to describe the change. This system was recently updated from CF10 to CF2016
The enableCAB attribute was around when Java applets were still a thing and ColdFusion used them to make things such as <cfform> (and its input parts) "more rich". Enabling enableCAB prompted the user to download the required applet classes as a .cab file (Microsoft's archive format) speeding up the transfer. It was thus only available for Internet Explorer and required Microsoft's Code Signing (Authenticode).
The attribute's functionality was removed without substitution in ColdFusion MX (ColdFusion 6) back in 2001. However, the attribute is still read and completely ignored in newer versions.
Short answer:
It does nothing
Long answer:
Normally, when <cfform> gets an attribute that is not on its official list, it will do a passthrough. enablecab does not. It just disappears into the æther.
Also it does not do any kind of validation. It used to have to be truthy or falsy. But now it takes anything.
Is there a way to stop ColdFusion 11 from caching Fusebox circuit.xml.cfm files?
I have to restart the coldfusion service every time I make a change to a fuseaction file and it's getting tiring.
There are 2 settings in play here. One is "trusted cache" - a setting in the CF admin that does not "check" for a modification once a class has been compiled. You can turn trusted cache off and CF will begin to check for modifications.
The second (and more likely) setting is "parsed" setting. This setting actually saves all your include files into a "parsed" directory and compiles the from there. You can try adding the following to your URL:
Fusebox.parseall=true or alternately Fusebox.loadclean=true - one of these might work.
Finally there is a "mode" setting you can modify to "development" from "production" - that will cause the whole thing to be reparsed.
This is from memory - but maybe it will be enough to get you going. good luck! :)
I'm seeing a difference in how HTMLEditFormat works in CF9 and CF10.
HTMLEditFormat(">")
In CF9: showing up as ">" (no difference)
In CF10: showing up as ">" (double-escaped, which seems correct to me)
I've looked through the CF10 notes and reviewed the HTMLEditFormat documentation, but cannot find any mention of there being a difference in how this function works. Does anyone know of a difference, or know of documentation that proves there is no difference? ...Or know of any other settings (ColdFusion or web server) that might cause this to work different?
(This question is not a duplicate because am not asking about encodeForHTML. I understand that is the ideal solution, but am asking to understand why HTMLEditFormat might be different in CF9 vs. CF10.)
I can't imagine why that function would behave differently. Especially when it's was planned for deprecation going into CF 10. By chance, are you calling it from within a CFINPUT tag?
<cfinput id="foo" value="#htmlEditFormat(someValue)#" />
If so, in CF6 - CF9, that tag uses HTMLEditFormat() on values automatically. Calling a 2nd instance of HTMLEditFormat() doesn't affect the output. But CF 10+ updated the tag to use encodeForHTML() on values. If you also throw in an HTMLEditFormat(), then you're double-encoding the output.
For better security, you should stop using HTMLEditFormat() and start using encodeForHTML() if it's available (CF10+). As of ColdFusion 11, HTMLEditFormat() has been officially deprecated and by ColdFusion 12, the function should be removed completely.
HTMLEditFormat() only encodes 4 characters: <, >, &, ".
encodeForHTML() encodes almost every character, including UTF-8 characters. The updated "encodeFor" functions are contextual, so you have to pick the right on for the right context (html, htmlattribute, js, css, xml, etc.).
I am attempting to create Word documents with ColdFusion, but it does not seem there is any way to do it with only ColdFusion. The best solution seems to be docx4j. However, I can't seem to find any in-depth docx4j and ColdFusion examples (Aside from this question). Where can I get some doc4jx and ColdFusion examples?
pulling the data from a database.
https://stackoverflow.com/a/10845077/1031689 shows one approach to doing this. There are other ways, as to which see http://www.slideshare.net/plutext/document-generation-2012osdcsydney
The document needs page numbers and to
Typically you'd add these via a header or footer. You might find it easier to start with an almost empty docx structured appropriately, rather than creating the necessary structures via ColdFusion calling docx4j. You could still do it this way in conjunction with the final paragraph of this answer below.
create a table of contents.
Search the docx4j forums for how to do this.
In general, it looks like the easiest approach would be to create a Java class file which does everything you want (by invoking docx4j), and for your ColdFusion to just invoke that Java class. In other words, do a bit of Java programming first, get that working, then hook it up to your ColdFusion stuff.
I am not sure what exactly you mean with creating word document, which in my opinion is pretty simple. Manipulating yes, a bit tricky with docx4j or so.
<cfsavecontent variable="variables.mydoc">
Your content here
</cfsavecontent>
<cffile action="write" file="#yourFile.doc#" output="#variables.mydoc#">
Also see this post
Creating a Word document in Coldfusion - how to have pagenumbering?
I'm starting some work on an existing ColdFusion application with no version control and what look like unused cfm files (test.cfm, test2.cfm etc.). I'd like to get a picture of what files are actually part of the application so I can get it into git or subversion in a manageable state.
How would you go about this? A regex and some methods to find and map cfinclude and cfcomponent tags? Is there some existing tool that does this?
Ben Nadel has a method to examine the live stack trace from a running template. It seems to me that you could easily plop this into your application and log the results to a database. Once you've done that, you've got a good idea of what's in use and what's not.
I think the easiest way, however, is to enable debugging (standard caveat here about development server, etc). The standard ColdFusion debugger will give you a complete list of every file used during the execution of a single page. ColdFire will do the same thing in a handy Firebug extension (click ColdFusion then click Exec Times).
It should be pointed out that the built-in debugger even shows you the files included from CFC calls, and the files included from within those calls as well. It is all inclusive.
Ben Nadel on Stack Traces
Ray Camden's ColdFire
Sample of CF Debugging from a live page:
Put it into git first! Then, if you screw up, you can easily roll back.
(If you're concerned about having a 'clean' repository, when you're finished and fully tested, you have the option to just remove the single .git folder and create a new one.)
Then, as Tomalak suggests, use cflog on every file. Infact I'd say maybe even log twice, at the top and bottom of each script, could potentially help you to map out how the application runs.
A regex is not advisable. Since ColdFusion is quite flexible in the way files can be included or referenced, there will be no way to determine the definitive list of dependencies from the source code alone.
You could insert a <cflog> into each file and build a log from the running application. Examine the log after the application was active for a while and all functionality had been accessed at least once.
Don't bother instrumenting each file, just cflog the page name in OnRequest inside application.cfc - the target page is an argument.
Of course then the issue becomes code coverage and the ability to fully excercise the app.
<cffunction name="onRequest" returnType="void">
<cfargument name="targetPage" type="String" required=true/>
<cflog file="Usedpage" text="#Arguments.targetPage#">
<cfinclude template="#Arguments.targetPage#">
...
</cffunction>
cfinclude won't tell you if a url is supposed to load the file directly. I've seen system where some files are not included via an index.cfm even when the framework expects it. I have it in my own work where index.cfm loads most code but reset.cfm bypasses the framework to reset configs and session data.
Download a trial of Dreamweaver and define a ColdFusion site. DW can create a site map and tell you which files are not included, linked, cfmoduled and so forth. I don't know if it can figure out unused CFCs, but CFMs should be easy. Note that I haven't used DW for years, but it had this functionality around CF 4/5.