ColdFusion = OnRequest Error - coldfusion

Looking through the logs, we're getting hundreds of the following
"Error","jrpp-185","08/21/12","10:05:43","PATH","www.domain.com
Agent:Mozilla/4.0 (compatible; Synapse)
Error: An exception occurred when invoking a event handler method from Application.cfc.
The method name is: onRequest.
They seem to be mostly search bots. The on place on APplication.cfc that I can see reference to the function is below
<cffunction name="onRequest" returnType="void">
<cfargument name="targetPage" type="String" required=true/>
<cfsetting enablecfoutputonly="yes" requesttimeout="20">
<cfparam name="url.refresh" default="0">
<cfset request.strMember = Duplicate(session.strMember)/>
<cfset request.tNow = GetTickCount()>
<cfif url.refresh EQ 0>
<cfset request.iCacheHr = 12/>
<cfelse>
<cfset request.iCacheHr = 0/>
</cfif>
<cflogin>
<cfif IsDefined("session.strMember.sRoles")>
<cfloginuser name="#session.strMember.sFirstName##session.strMember.sLastName#"
password="12345"
roles="#session.strMember.sRoles#"/>
</cfif>
</cflogin>
<cfinclude template="core/incl/SessionLogger.cfm">
<cfinclude template="core/incl/LinkTranslator.cfm">
<cfinclude template="core/incl/udf.cfm">
<cfinclude template="urlcheck.cfm"/>
<cfinclude template="#Arguments.targetPage#">
</cffunction>
From that, can anyone please advise on what's wrong and how to fix it? I'm fairly new to CF and this is making me pull out what little hair I have left

1) You use two different coding styles
<cfparam name="url.refresh" default="0">
<cfset request.strMember = Duplicate(session.strMember)/>
Invalid/left open XML tags in first line and valid (closed) XML tags in the second line.
Try to stick to one (preferably the last one).
2) You are using old way of checking variable being defined
IsDefined("session.strMember.sRoles")
read about newer (and better and faster)
StructKeyExists(session.strMember, "sRoles")
3) Most likely your code is calling
<cfloginuser ... >
at every page request
4) Make sure that paths for all includes are correct and they themselves don't have any errors.
Simplify your method until you stop getting an error and then investigate what exactly is causing it

Are the bots hitting a page that doesn't exist?
Maybe try changing the last line to:
<cfif fileExists(expandPath(Arguments.targetPage))>
<cfinclude template="#Arguments.targetPage#">
<cfelse>
<cfabort>
</cfif>

Maybe you could detect if they are a bot and server them something else? depends on how search friendly you want your site to be:
http://www.bennadel.com/blog/1083-ColdFusion-Session-Management-And-Spiders-Bots.htm

Related

Coldfusion set time out in .cfc page?

I have one .cfc that I use for all communication between client and server code. This cfc page has about 10 different function. Each function has different purpose and I have queries for Select, Insert, Update and Delete. I'm wondering if I should set timeout on the top of the .cfc page inside cfcomponent tag or this should be set inside of the each function or do I even need this? In our current system we have some many error messages like: The request has exceeded the allowable time limit Tag: CFQUERY.
I would like to prevent any similar error messages in my app. Here is example of my cfc page:
<cfcomponent>
<cfset currentDate = DateFormat(Now(),'mm/dd/yyyy')>
<cfset currentTime = TimeFormat(Now(),'hh:mm tt')>
<cfinvoke component="appEntry" method="getRecord" returnvariable="CHKAccess">
<cfinvokeargument name="user" value="userdata"/>
<cfinvokeargument name="app" value="myApp"/>
</cfinvoke>
<cfset adminAccess = false>
<cfset userAccess = false>
<cfif CHKAccess.RecordCount EQ 1>
<cfif CHKAccess.pd_hfmAccess EQ 'A'>
<cfset adminAccess = true>
</cfif>
<cfif CHKAccess.pd_hfmAccess EQ 'U'>
<cfset userAccess = true>
</cfif>
</cfif>
<cffunction name="getData" access="remote" output="true" returnformat="JSON">
<cfargument name="keyVal" type="string" required="true">
<cfset fnResults = structNew()>
<cfif userAccess>
<cfquery name="getRec" datasource="tes">
SELECT some columns
FROM Test
</cfquery>
<cfset fnResults.status = "200">
<cfelse>
<cfset fnResults.status = "400">
<cfset fnResults.message = "Invalid access attempt.">
</cfif>
<cfreturn fnResults>
</cffunction>
<!--- More functions below --->
</cfcomponents>
If anyone have suggestion what would be the best fix please let me know. Thank you.
You should set the requesttimeout in the method that contains that long-running cfquery.
You don't want to "punish" all methods for just one method. If you set it for all, how do you know which one is slow and which one is okay, unless you don't care?

Can't edit/use variable in expression but I can output it

I've got the following code in a method:
<cffunction name="serviceTicketValidate" access="public" output="yes" returntype="void" hint="Validate the service ticket">
<cfargument name="service_ticket" type="string" required="yes" hint="The ST to validate" />
<!--- Contact the CAS server to validate the ticket --->
<cfhttp url="#Variables.cas_server#serviceValidate" method="get">
<cfhttpparam name="ticket" value="#Arguments.service_ticket#" type="url" />
<cfhttpparam name="service" value="#Variables.service#" type="url" />
</cfhttp>
<!--- Received a valid XML response --->
<cfif IsXML(cfhttp.FileContent)>
<cfset XMLobj = XmlParse(cfhttp.fileContent)>
<!--- Check for the cas:user tag --->
<cfset CASuser = XmlSearch(XMLobj, "cas:serviceResponse/cas:authenticationSuccess/cas:user")>
<!--- Set the username to the value --->
<cftry>
<cfif variables.username NEQ ''>
<cfdump var="#Variables.username#" /><cfreturn/>
</cfif>
<cfif ArrayLen(CASuser)>
<cfset Variables['username'] = CASuser[1].XmlText />
</cfif>
<cfcatch>
<cfdump var="#cfcatch#" /><cfabort/>
</cfcatch>
</cftry>
<!--- Search for cas:attributes --->
<cfset CASattributes = XmlSearch(XMLobj, "cas:serviceResponse/cas:authenticationSuccess/cas:attributes")>
<!--- Go through all the attributes and add them to the attributes struct --->
<cfif ArrayLen(CASattributes)>
<cfloop array=#CASattributes[1].XmlChildren# index="attribute">
<cfset StructInsert(Variables.attributes,RemoveChars(attribute.XmlName,1,Find(":",attribute.XmlName)),attribute.XmlText)/>
</cfloop>
</cfif>
</cfif>
Note I added the cftry and cfcatch to see what is going on exactly. I've also added the if username != blank to debug as well. This method is called in another method like so:
<cfinvoke method="serviceTicketValidate">
<cfinvokeargument name="service_ticket" value="#service_ticket#" />
</cfinvoke>
<cfdump var="test2" /><cfabort/>
Again I've added the dump and abort for testing. The variable.username is defied and set to an empty string when the component is initiated and the component is initiated into a session variable.
So get this... when the whole process runs the first time I get output on my screen test2 as expected. Then, the next time the same thing is run, the session exists, thus the variable.username is set to something. In the first code block I can dump variables.username and see the username. However if I try to use variables.username in a conditional expression (like in that if statement) or if I remove the if statement and let the script try to change the value of variable.username, there are no errors, it just breaks out of the script completely. It ends that method, and the method that called it and I don't see test2 like I would think. It all just ends for some reason.
If you need further details I can provide more code but I tried to trim out as much as I thought was relevant. All methods are in the same component, all methods are public. Why can't I change the value of variables.username and why is there no error?
EDIT:
I think it may have something to do with the cflock but I'm debugging some stuff right now. I had a redirect inside the code block that is inside the lock. So I guess it never unlocks. But I even waited after the timeout and it still remained locked. I thought the lock was supposed to expire after the timeout.
I'm a little confused but it seems like you're trying to use a cfc's variables scope to set caller variables. The variables scope is not available to the caller the way it seems you are trying to use it.
index.cfm
<cfoutput>
<cfset objTest = createObject("component", "testscope").init()><br><Br>
<cfset objTest.checkValue()><br><br>
Calling page is checking the existence of testvar: #isDefined("variables.testvar")#
</cfoutput>
testscope.cfm
<cfcomponent displayname="testscope">
<cffunction name="init" access="public">
init() just set variables.testvar.
<cfset variables.testvar = "Okay, set">
<cfreturn This>
</cffunction>
<!--- Set some more variables --->
<cffunction name="checkValue" access="public">=
<cfoutput>Checkvalue is checking the value of testvar: #variables.testvar#</cfoutput>
</cffunction>
</cfcomponent>
The output is
init() just set variables.testvar.
Checkvalue is checking the value of testvar: Okay, set
Calling page is checking the existence of testvar: false

Assign one error log file per application

We have multiple applications running on the same server and default log files end up being a mess of everything, especially the Exception log for which the admin panel does not offer search capacities.
Is it at all possible to have Coldfusion log things pertaining to a given application (as defined by Application.cfm or .cfc) to a separate log?
If not, any alternative solutions to this issue?
I'd recommend application.cfc onError method to log uncaught errors in separate log file. Also this doc could be helpful: Handling errors in Application.cfc
Here's a basic example of using the onError function in application.cfc to log errors to an application-specific log file.
<cfcomponent output="false">
<cfset this.name = "myApp">
<cffunction name="onError">
<cfargument name="exception" required="true">
<cfargument name="eventName" type="string" required="true">
<cfset var myAppName = this.name>
<cfset var details = "">
<!--- You need to specify and check for the exception details you want to include in your log text --->
<cfif IsDefined( "exception.type" )>
<cfset details = "Type: #exception.type#. ">
</cfif>
<cfif IsDefined( "exception.message" )>
<cfset details = details & "Details: #exception.message#">
</cfif>
<cflog type="error" file="#myAppName#" text="#details#">
<!--- Specify how you want the error to be handled once it's been logged --->
<cfdump var="#exception#">
</cffunction>
</cfcomponent>
You need to specify which parts of the exception details you want to include in your log entry, bearing in mind that the keys of the exception struct will vary according to the type of error thrown. It's therefore best to check for their existence before adding them to the log text.
Official onError docs for ColdFusion MX7 (since your question's tagged with that version - which is also why I've used tags rather than cfscript in my example to be on the safe side).

Variable scope in CF 10 versus CF MX7

I am running into a weird issue with my ColdFusion 10 code. I am new to ColdFusion, so go easy on me. The reason it is weird is because it does not seem to occur in older versions of this platform (i.e. MX 7).
A little info first:
I have two environments. A ColdFusion 10 and a ColdFusion MX 7 (IIS 7 and IIS 5, respectively). In the ColdFusion 10 environment, I have an Application.cfc file with the following statement...
<cfset CompanyLogoText = "Acme Company">
This Application.cfc file is in the web root (mydomain.com). I also have a CFM file in a sub folder of the web root at mydomain.com/pages/default.cfm. It contains the following markup...
<cfoutput><p>#CompanyLogoText#</p></cfoutput>
The issue
When I navigate to mydomain.com/pages/default.cfm, I get an error from coldfusion. The error is "Variable COMPANYLOGOTEXT is undefined."
The weird part
I am not getting this error in the ColdFusion MX 7. The only difference is that the CF MX 7 environment uses a Application.cfm file, but with the same exact line.
Question
How can I get the pages/default.cfm file to see my variable CompanyLogoText in the CF 10 environment?
Here is the full markup
Application.cfc
<cfcomponent>
<cfset This.name = "test_cf">
<cfset This.Sessionmanagement="yes">
<cfset This.Sessiontimeout="#createtimespan(0,0,10,0)#">
<cfset This.applicationtimeout="#createtimespan(5,0,0,0)#">
<cfset This.setclientcookies="no" >
<cfset This.clientmanagement="no">
<cffunction name="onApplicationStart">
<cfset CompanyLogoText = "Acme Company">
</cffunction>
<cffunction name="onRequestStart">
<cfargument name="requestname" required=true />
<cfset CompanyLogoText = "Acme Company">
</cffunction>
</cfcomponent>
Pages/Default.cfm
<cftry>
<cfoutput><p>#CompanyLogoText#</p></cfoutput>
<cfcatch>
<p>Could not read CompanyLogoText<br/><br/>
<cfoutput>
<br/>Message: #cfcatch.message#
<br/>Details: #cfcatch.detail#.
</cfoutput>
</cfcatch>
</cftry>
That's the difference between Application.cfm and Application.cfc
Use onRequest(), set the variables, then cfinclude the target file. That's the only way to share the variables scope.
https://wikidocs.adobe.com/wiki/display/coldfusionen/onRequest
e.g.
<cffunction name="onRequest" returnType="void">
<cfargument name="targetPage" type="String" required=true/>
<cfinclude template="globalVars.cfm">
<cfset variables.foo = "bar">
<cfinclude template="#Arguments.targetPage#">
</cffunction>
QUOTE: CF8: Migrating from Application.cfm to Application.cfc
Put in the onRequest method any code that sets Variables scope
variables and add a cfinclude tag that includes the page specified by
the method's Arguments.Targetpage variable.
As mentioned your application.cfc needs to be formatted correctly. Your best bet is to give this a read and format your .cfc accordingly.
http://www.bennadel.com/blog/726-ColdFusion-Application-cfc-Tutorial-And-Application-cfc-Reference.htm
Don't see an answer marked yet. If you have an application.cfm file in the sub-directory it will override the application.cfc in the root. Just a possibility ...

Catching an error message

I'm using Coldfusion Fusebox 3 and I would like to know how I can keep my app from throwing an error message if someone thoughtlessly removes the Circuit and fuseaction from the URL.
For example, if the original URL is:
http://www.noname/Intranet/index.cfm?fuseaction=Bulletins.main
...and someone removes the circuit information so it reads like the following: http://www.noname/Intranet/index.cfm?fuseaction=
...the app throws an error message. Can I code against something like this happening?
Here is my fbx_Settings.cfm file as it exists right now. Thank you.
Try something along these lines, haven't had chance to test but should go something like this in your index.cfm file.
<cfprocessingdirective suppressWhiteSpace="yes">
<cftry>
<!--- Include the config file --->
<cfinclude template="../config.cfm">
<cfset variables.fromFusebox = True>
<cfinclude template="fbx_fusebox30_CF50.cfm">
<cfif Len(fusebox.fuseaction) EQ 0>
<!--- Error Handle --->
</cfif>
<cfcatch type="Any">
<!---<cfset SendErrorEmail("Error", cfcatch)><cfabort />--->
</cfcatch>
</cftry>
</cfprocessingdirective>
or better still, in your switch file have a default case such as:
<cfdefaultcase>
<cfinclude template="act_HandleError.cfm">
<cflocation url="hompage.cfm" addtoken="false">
</cfdefaultcase>
Hope this helps!