Feeds:
Posts
Comments

Archive for the ‘ColdFusion’ Category

I encountered this weird situation last week: while testing ColdFusion code from a previous decade, I would see the output of part of the screen twice. Just like that – I had not changed a thing to the logic of the code, just cleaned up a bit of what I consider to be “bad” formatting in code written by others a long, long time ago (2005 or so).

I spent hours of debugging the code, even invited a few colleagues to help me – and then suddenly it struck me: CFML may look like XML, but it isn’t XML. Some CFML tags do their thing a second time when the tag is explicitly closed. One of those tag is <cfmodule>. I never use it myself – I prefer components and functions. But the code under scrutiny included a <cfmodule template='whatever.cfm >, and to “clean things up” I had added a slash at the end, like this: <cfmodule template='whatever.cfm />. Hence the double execution. So don’t do that, will you? Avoid closing <cfmodule>!

You can imagine my state of mind when I realised my error, don’t you? Yeah… I had seen this problem before, but much too long ago to actively avoid it in practice.

Before lecturing me on the subject: I know, I should be writing cfscript… but I don’t have the luxury to rewrite code that is more than 10 years old. So it will stay as it is.

Also: I consider this to be a bug in Adobe ColdFusion (at least in versions 6, 8 and 11). There’s no logical reason for such behaviour. I don’t know if Lucee or BlueDragon act similarly, but I hope they’re smarter than that!

And for the record: for me, code is “badly” formatted when it is hard to read – by me. I know compilers and computers have no trouble handling things like whole programs on a single line, or lacking coherent indents (unless it’s Python, of course), or unclosed XML tags (elements), to name but a few examples. I want code to easily readable by humans, and certainly by me – especially if I’m responsible for its maintenance…

Advertisements

Read Full Post »

I noticed some interest in my earlier posts about ntlmHTTP, and that surprised me a bit. I wrote about the subject in 2011, and that is a long time ago, in IT terms!

So to clarify things: the ntlmHTTP project is no longer required: Adobe added NTML (aka. “Windows Integrated Authentication”) support to the CFHTTP tag in ColdFusion version 11. I did rework my code from 2011, and indeed: CFHTTP did suffice to call the Microsoft Exchange web services successfully with the credentials of a special technical account.

Although I did not test it I’m pretty sure NTLM is still there in later CF versions ;-)

Read Full Post »

At work I’m busy moving all the ColdFusion applications from Windows 2003 servers with CF8 to new virtualised servers with Windows 2012 running CF11. Configuring Windows and IIS are also much more complicated than ten or more years ago, but we have that under control now. Most of the ColdFusion (and Java) code transfers without a problem, and I spend more of my time deleting scripts and components that are no longer used than modifying code.

Until this week, when I stumbled over a script that shows an inventory of the active Scheduled Tasks on the server, together with the link to their respective output (which we write to a network drive)… To do that, the code gets the data from the file, and then we put all the data in a handcrafted Query object. The names of the tasks and the links displayed fine, but there was something wrong with the start and end times: “1899-12-30” is not a time!

It took me hours to figure out what was wrong, because I was focusing on the date and time formatting functions used to format the data before adding them the query. Why the formatting, you ask? Well, we wanted to sort the data on columns containing start and end times, and in previous versions of CF our solution was to prepare the strings before adding them to the Query – seemed like a good way to make sure that ‘11:00:00 AM‘ and ‘11:00:00 PM‘ turned up in the right place of a sorted column.

So what was wrong with our code? Let me quote the “Query of Queries user guide”:

If you create a query object with the QueryNew function and populate a column with date constants, ColdFusion stores the dates as a string inside the query object until a Query of Queries is applied to the query object. When ColdFusion applies a Query of Queries to the query object, it converts the string representations into date objects.

Our code added strings formatted as “hh:mm” to the Query object, but once we filtered or sorted that Query using QoQ those columns were transformed into datetime objects. ColdFusion 11 then adds that time to the default date used, i.e. “1899-12-30“.

Clearly, that was not the case in earlier versions of ColdFusion – at least not in CF8. There are multiple solutions to solve this problem, once you know what’s going on – so now our overview displays everything as intended.

Read Full Post »

I’m currently trying to automate the creation of datasources in ColdFusion server instances, in order to facilitate a number of migrations our machines and applications have to go through. For the record: this turns out to be reasonably simple, once you get the knack of using the ColdFusion Administrator API classes (if I find the time, I’ll write about that later).

One thing slowed me down: a typical error message without much meaning. This is what I received when recreating (or at least trying to recreate) an Oracle RAC datasource:

java.sql.sqlrecoverableexception: IO Error: NL Exception was generated

I wonder why developers often invent error messages that do not tell us what really went wrong. In this case, it turned out that I forgot to copy a single closing parenthesis at the end of the JDBC connection string. Let’s call that a syntax error, Oracle, and please give a significant message if I mess up! Or is it Adobe’s ColdFusion that is hiding more explicit and clear details about what went wrong?

Read Full Post »

Last weekend, I spotted two old BMW motorcycles on the road in the port of Antwerp (Belgium). I had my camera in my hands, so I managed a few badly-framed photos – you can see them on Flickr.

By chance, I also spotted an advertisement for a similar bike. I don’t pretend to be a specialist on the subject, but I haven’t seen many BMW R50/2’s in this color scheme (not even on Google Images), and I find this combination quite flattering!

A fine-looking oldie, as seen in one
of the last advertisements on Kapaza

When I said I found this “zoekertje” by chance, I meant that I just had a quick look at the Kapaza website, because the site announced just last week that it will be closing down in a few days. I have visited that site, with its thousands of advertisements for second-hand stuff in many categories, while on the prowl for say another bike or a special lens for my camera. Kapaza is (was) one of the few big Belgian websites that used ColdFusion for at least parts of its site, and that made me pay a bit more attention to it also. This is one more website that won’t last half a century and more, unlike the motorcycle shown here!

Read Full Post »

Last week, I did loose a lot of time in what should have been a quick ColdFusion hack. My colleagues and I were just trying to set up a web service-based solution for a simple problem: they had a JavaScript page that needed a bit of data for which I already had the code in ColdFusion. So I created a new directory in an existing application, whipped up the required code in ‘index.cfm‘ to return a bit of JSON and tested the result from my browser… only to get an “Error 500 - Application index.cfm could not be found“.

Weird, heh? The required file was there, so why could CF11 not find it? Adding an ‘Application.cfm‘ did not help, neither did repackaging the code in a CFC. On CF8, on the other hand, everything worked as expected. So what was going on?

It took some time, but I did find the explanation: CF11 reserves the directory name ‘api’ for special treatment, so you can’t use it like any other directory name – and of course that was the name I had chosen! Adam Tuttle described the situation nicely in 2015:

Funny you should mention that the issue is inside an /api folder. I’m trying to track down the same problem, except I’m directly accessing an index.cfm (sort of — onRequest intercepts the request and redirects to CFCs as appropriate — it’s a Taffy API) and I’ve found that renaming the folder from /api to … literally anything else… works fine. It’s almost as if something in CF has special meaning at /api, like the special /rest mapping does.

Indeed, renaming my directory solved the problem – too bad it took me so long to find the cause. On to the next problem!

PS. Adam Tuttle has more to say on the subject, but his post on the subject has disappeared: the URL ‘http://fusiongrokker.com/post/coldfusion-11-sometimes-chokes-on-api‘ no longer points to the relevant text, but is redirected to another blog also belonging to Adam Tuttle. There, unfortunately, the post is NOT available. I won’t call this a case of linkrot, but it’s not good either. Luckily, the Wayback Machine has a copy of the page, including a few comments…

Read Full Post »

I just spent yesterday afternoon debugging a somewhat older ColdFusion+JavaScript application: some of the administration functions were not working. A partial explanation for my time spent on the issues is that the application was developed in the days of Internet Explorer 5. We’re still running IE6 on a substantial number of the several thousand PC’s in use in the company… in combination with an older version of Chrome. So refactoring the JavaScript code (to make it work in both browsers) was part of the ‘fun‘.

In the end, the real cause of the core problem I encountered was to be found in a few SQL statements that I had neglected to check out, wrongly assuming they had been working in the past. The reason they continued to slip under the radar was simple: the original developer had managed to “hide” that SQL code in a <cftry> statement with an empty <cfcatch>. So there was nothing in the logs, of course.

From the OWASP website

From the OWASP website

Finding the root cause reinforced a lesson I had learned a long time ago: only catch exceptions if you’re going to do something serious and meaningful with them. No, swallowing them whole isn’t meaningful. OWASP summarizes: “Swallowing exceptions is considered bad practice, because the ignored exception may lead the application to an unexpected failure, at a point in the code that bears no apparent relation to the source of the problem“.

This story teaches a second lesson as well. In the future, I will scan code for exception swallowing situations before I start debugging – that could have saved me a lot of time today!

Read Full Post »

Older Posts »