Application.cfm Template

Hi. I want to place a template on every page, and the easiest way to do this would be to add a <cfinclude template="footer.cfm"> to my Application.cfm page. However, is there a way to make sure the template gets put on the bottom of the page? Thanks!

Search the CF documentation and/or Google for OnRequestEnd.
Mack

Similar Messages

Problem with application.cfm

I'm just getting back into coldfusion after a few years...and
i'm already running into a problem with the application.cfm
What could cause this simple error when I try to go to a
coldfusion page (the cfm page would load prior to adding the
application.cfm). Also, can the application name be pretty much
anything? Thanks!
"unknown context error reached at the end of the CFML
templateInvalid expression format. The usual cause is an error in
the expression structure. The last successfully parsed CFML
construct was the CFML template beginning occupying document
position (1:1) to (1:1)."

What are your Operating System, Coldfusion version and web
server? What happens when you experiment with an application file
as simple as this one?
Application.cfm
=============
<cfapplication name="myApp"
applicationtimeout="#createtimespan(1,0,0,0)#"
sessiontimeout="#createtimespan(0,0,20,0)#"
sessionmanagement="yes"
setclientcookies="yes">

Which to use application.cfm or application.cfc?

Hi,
Just a general question, i have been using application.cfm
for my applications so far. I came across a tag that would be used
under application.cfc, but i tried putting both templates together
in one application and boom, an error showed up.
So, which is better to use with most of the applications
application.cfm or .cfc?
Thanks for any help!
Syed

It's actually a bit easier to use session and application
scope variables with Application.cfc, I think.
Application.cfc has methods for specific "events" or states:
onApplicationStart() -- where to load application variables,
security logic, etc.
onSessionStart() -- initialize session varialbes, etc.
onRequestStart() -- runs at the start of each page request
onRequestEnd()
onSessionEnd()
onApplicationEnd()
onError() -- very nice place to get some good
Application-wide error handling code in place
onRequest() -- be sure to read the notes on this
method...it's a bit different.
Check out the MX7 reference page for Application.cfc:
http://livedocs.adobe.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/wwhelp.htm?cont ext=ColdFusion_Documentation&file=00000692.htm
CF* (if you're using that yet)
http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Part_3_CFML_Ref_1.html

Turning off application.cfm

Hello,
not sure about this but is there a tag or method whereby I
can overwrite the CF servers automatic inclusion of an
application.cfm (.cfc). I have one page in a sub-subfolder of a
website where the application.cfm is in the top (parent) folder. I
am having problems including this page in a programme and am
looking at any possible causes for this.
One thought was that some methods in my application.cfm may
be causing the error. Without removing or altering the
application.cfm in anyway... is it possible to just deactivate it
on certain pages?
Thanks

> not sure about this but is there a tag or method whereby
I can overwrite the
> CF servers automatic inclusion of an application.cfm
(.cfc).
No. There is not.
> I have one page in
> a sub-subfolder of a website where the application.cfm
is in the top (parent)
> folder.
To bypass this grandparent Application.cfm, you simply have
to a "nearer"
Application.cfm which is empty. But...
> I am having problems including this page
... Only the initial template referenced in a request
triggers the process
that seeks an Application.cfm. If you're simply including the
file,
Application.cfm plays no part in it (beyond what I already
said).
> One thought was that some methods in my application.cfm
There's no such thing as "methods" in an Application.cfm. Do
you mean
UDFs? Without you actually posting your error, it's a bit
hard to guess
WTF you're on about, to be honest.
> is it
> possible to just deactivate it on certain pages?
No.
Adam

How to manage application.cfm in SVN environment

Should the application.cfm page even be committed/updated?
With all the different locals, branches and tags to take into
account, wouldn't this render the application.cfm page huge? How
are folks handling the application.cfm page?
Right now, our application.cfm page takes into consideration:
4 dev locals, 1 dev server and 1 production server. I'd like to
introduce branching into our workflow, just not sure how this will
affect this file.

sk8, here goes. what we do isn't 100% what you're doing in
that we're not
dealing with different branches of code, but i'll try to
describe a way in
which i think this is easily accomodated. I'm certainly not
passing this off
as johnny-super-clever-normalized-i'm-so-smart...cause it's
not. but it has
worked for us for as long as i've been with this company and
has proven
extremely useful and extensible
first, we have two tables, applocations and applocationhosts.
applocations:
locationid | locname | webroot | codebaseroot | networkroot |
bunch of other
roots....whatver
1 | dev | / | \global\ | \\san\alpha\mysite | blah blah blah
2| test | /mysite/ | \global\ | \\san\\beta\mysite | blah
blah blah
3 | staging | /mysite | \global\ | \\someothersan\mysite |
blah blah blah
4 | prod | / | \global\ | \\prodsan\mysite\ | blah blah blah
5 | local | /mysite/ | \global\ | \\san\alpha\mysite | blah
blah blah
then applocations:
locationid | lochostname
1 | mysite.alpha.mycompany.com
2 | mysite.beta.mycompany.com
3| staging.mycompany.com
4 | mysite.com
4 | mysite2.com
4| mysite.org
5| localhost
then when the app is loaded, we have a query like this:
select * from applocations
where locationid = (select locationid from applocationhosts
where
lochostname = '#cgi.server_name#')
we then store the results in some application scoped
variables (i.e. this
query runs once until the application is reset)
then, in our code, we reference things like so:
<cfinclude
template="#application.codebaseroot#/blah/blah.cfm">
or
<img src="#application.webroot#\images\myimage.gif">
where codebaseroot is the root to the code (for cfincludes
and the like) and
webroot is used for all http-ish things like images,
cflocations, script
includes, etc.
now, in your case, with the different branches, you could
possibly just add
a few more rows onto applocations, like so:
7 | devtrunk | /mysite/trunk/ | \trunk\global\ | and so forth
8 | devtag | /mysite/tag | \tag\global\ | and so forth
and then possibly you could add another column onto
applocationhosts, like
so:
locationid | lochostname | key
8 | localhost | tag
and then your query might look something like this:
select * from applocations
where locationid = (select locationid from applocationhosts
where
lochostname = '#cgi.server_name#')
<cfif isDefined("url.key")>
and key = '#url.key#'
</cfif>
the only tricky thing about that would be that you'd
potentially have to
have a hook that recognizes that you're trying to change the
application's
variables, so you'd need to refresh the application. but that
shouldn't be
too tough.
at any rate, this works for us and has completely negated the
need to have
code that sets different paths based on environment.
Good luck Sk8!
"sk8save" <[email protected]> wrote in
message
news:[email protected]...
> That's the sort of things that I'm talking about yes.
>
> For each developer local (branch, trunk or tag), dev
server and production
> server there's an if statement that take cares of
application variables.
> There
> may only be 5-10, but I'm still curious to see how
people are dealing with
> this
> sort of thing.
>

Application.cfm in root and subdirectory, help.

I cannot figure this out. I understand that an application
will use the application.cfm file in it's current directory first
and not search further. However, my page in a subdirectory seems to
not see the application.cfm in it's own directory and instead uses
the root application.cfm. Can anyone explain? And I have tried
capitalizing the "A", etc. but I am not using Linux so I do not
think it matters anyway. (CF MX)

Hard to tell exactly, but in the subdirectory, is the ONLY
line the <cfset application.dsn_test = "DiningHall">?
If so, the subdirectory application.cfm would execute and the
parent would not, which would cause the undefined error since from
what I can tell, you haven't used the <cfapplication> tag in
the subdirectory.
What you can do is use a cfinclude in the subdirectory
application.cfm.
<cfinclude template="../application.cfm">
<cfset application.dsn_test = "DiningHall">
However.... That's a big no no if you're using this to
actually change application scope parameters, since someone
visiting the subdirectory would reset the DSN for someone that
might still be navigating around in the parent directory.
So what good is using the cfinclude method? Well, you can
lock subdirectories to roles this way.
<cfinclude template="../application.cfm">
<cfif getAuthUser() eq "" or not IsUserInRole("Admin")>
Access Denied!
<cfabort>
<cfif>
Consider changing the DSN setting to use the request.scope to
isolate the change to the user.
<cfset Request.appDSN = "DININGHALL">

Application.cfm /cflocation and redirection of changed link

I have a link on my site http://www.mysite.com/ssl/oldpage.cfm that I have renamed to http://www.mysite.com/ssl/newpage.cfm.
Many of my users have the old page bookmarked etc..................
Is there a way to put code in the application.cfm that says if user trys to go to old page automatically redirect them to the new page?

Not in the application CFC.
But there is a great place to put code like that in most web server configurations.
If not that, then the next level would be defining the "missing template handler" in the ColdFusion administrator.
Finally, if you can't do either or those, keep the old file, but replace all of it's code with a <cfheader...> redirect (or a <cflocation...> permanent redirect if you are on a new version of ColdFusion.
But, really, this is a web server level task and that is the best place to put this if you have contorl of yours.

Errors in Application.cfm

Yes, I'm one of the few who still uses Application.cfm... perhaps this will be the final straw.
How do I prevent cf debugging errors from showing up if there is an error in my Application.cfm???
Every once in a while users of my site get a bizzare struct error or session error in my Application.cfm but I have no way of knowing unless they contact me. Is there a way to prevent this? Can I wrap my Application.cfm in a cftry?

idesdema wrote:
Can I wrap my Application.cfm in a cftry?
You could, but that would only take affect of the line of code that throws the error is in the Application.cfm file. It would have no affect for code in the template that was called.
You could look at the <cferror....> tag. Or the Site Wide Exception Handler that can be configured in the Administrator or any of the other exception handling options provided by ColdFusion and discussed in the documentaiton.

Cfm template updating cfc variable scope

Don't know if anybody's run into this before, but I ran into a strange issue with the variable scope in a cfc. Basically, I have some application settings stored in a database table, and then I have a cfc saved to application scope in which I store the contents of the table in a variable scope query. Within the cfc, I have a getter function that preforms a query of queries to pull the data I need. I then have an admin screen within the application to update the settings.
This is (very generally) what my cfc looks like:
<cfcomponent name="settings.cfc">
     <cffunction name="init" returntype="settings">
          <cfset setAppSettings() />
          <cfreturn this />
     </cffunction>
     <cffunction name="setAppSettings">
          <cfquery name="variables.qrySettings" datasource="#application.dsn#">
               SELECT *
               FROM SETTINGS
          </cfquery>
     </cffunction>
     <cffunction name="getAppSettings" returntype="query">
          <cfargument name="id" />
          <cfset var local = structNew() />
          <cfquery name="local.qryResult" dbtype="query">
               SELECT *
               FROM variables.qrySettings
               WHERE ID = <cfqueryparam value="#arguments.id#" cfsqltype="cf_sql_numeric" />
          </cfquery>
          <cfreturn local.qryResult />
     </cffunction>
</cfcomponent>
In onApplicationStart in Application.cfc, I have this line:
<cfset
application.objSettings = createObject("component","settings").init() />

Sorry, accidentally posted before I was done...
Basically, the problem is that I have an admin screen that updates the settings. I call the getter function in a cfm template, and I save the result to a variable called variables.qrySettings (same name as in the cfc) like this - <cfset variables.qrySettings = application.objSettings.getAppSettings(url.id) />. For some reason, this seems to overwrite variables.qrySettings in the cfc. Any ideas????

Fixing Application.cfm

First of all, I'm dealing with a poorly written app. I have
add a directory off the webroot called checkout. I've placed the
.cfm files to handle processing cards using a secure link. I'm able
to post the amount to charge to the page that gets the customer's
info (cc, expdate, name, etc). This page is accessed securely
through https. But when I want to post the entered card num, etc to
the following page i'm presented with a login prompt. I should be
presented with the following page where the data was posted but i'm
not. I know this has to do with some logic in the Application.cfm
file in the webroot because it has a section of code that allows
only certain requests to go through based on defined variables,
where the default action if no variable is defined is to cfinclude
the login.cfm template.
I dont' know how to get around this (much less, fix it)
without breaking other code. The reason for the logic in
Application.cfm is just to keep non-logged in users out of the
members only webpages.
Any ideas on how I can circumvent or better yet fix this
issue? Enclosed is application.cfm

My first thought, because I have made this mistake several
times is that the "A" in Application.cfm needs to be capital on
*nix systems. I am not sure if that includes Macs.

Messy Application.cfm issue

First of all, I'm dealing with a poorly written app. I have
add a directory off the webroot called checkout. I've placed the
.cfm files to handle processing cards using a secure link. I'm able
to post the amount to charge to the page that gets the customer's
info (cc, expdate, name, etc). This page is accessed securely
through https. But when I want to post the entered card num, etc to
the following page i'm presented with a login prompt. I should be
presented with the following page where the data was posted but i'm
not. I know this has to do with some logic in the Application.cfm
file in the webroot because it has a section of code that allows
only certain requests to go through based on defined variables,
where the default action if no variable is defined is to cfinclude
the login.cfm template.
I dont' know how to get around this (much less, fix it)
without breaking other code. The reason for the logic in
Application.cfm is just to keep non-logged in users out of the
members only webpages.
Any ideas on how I can circumvent or better yet fix this
issue? Enclosed is application.cfm

My first thought, because I have made this mistake several
times is that the "A" in Application.cfm needs to be capital on
*nix systems. I am not sure if that includes Macs.

OT: Application.cfm but for PHP?

All,
I'm doing some maintenance on a PHP site for a friend. I've
never messed
with PHP before. what i'm looking for is an
application.cfm-style thing
where i can set request variables in one place and have all
pages get those
vars. Anyone here who knows PHP know if this can be done? or
do I have to
just make a globals.php and include it in all pages?
thanks a lot.
Marc

So, I'm wondering if there is any way to allow a certain page to be exempt from login. Or, find out if anyone has any other ideas that may work.
You're pretty much describing the solution in narrative form there.
Put a conditional in your Application.cfm that bypasses the login if the requested URL (or template, depending on how your site is designed) is one of these "special" ones.
Or if your template is in a subdirectory (which, by the sounds, it ought to be), then put a different Application.cfm in that subdir. One that restricts access based on IP address or something rather than login authentication (because you'd not want just anyone accessing that URL, obviously).
Adam

Trying to understand an application.cfm attack

I have a site that I've been running without issue, for years now - I sniff and block for cross site scripting, sql injection, executable file uploads, and employ honeypot fields on forms...
This past week I wanted to watch some slow page loads for performance, noting their time to execute. I chose to use an application.cfm and an onrequestend.cfm to set a timestamp and to place it on the end of my pages. Prior to this, I have not utilzed an application.cfm. I'm pragmattic and look upon the application.cfm as a catch-all to do things that I should be planning better for in my application.
I soon found myself the recipient of a cross site scripting attack. I realised easily that I opened myself wide to this because the application.cfm runs _before_ everything, including my sniffer code. Derrrr!
I deleted the application.cfm and onrequestend.cfm and cleanded up my files having caught it same day and experiencing little damage. The attack was only inserting javascript into my index pages via the application.cfm . Rather ingenious and it was fun to find and consider. Payday loan spam.
I've been google'ing and reading on uploading vulnerabilities, but I can only find one instance where someone described their application.cfm file having been modified in similar fashion, the vector being a vulnerability in fckeditor - which I do not use. Nor do I use any other third party editor plugin.
An article I found mentions vulnerable files in legacy CFDOCS folder that allow access and uploads. I have a fresh install of CF9 so this did not exist. There was a cfx folder tree with some "example" code folders. I've zipped and deleted these.
I have changed ftp to use a non-standard port. Something that I used to do, but failed to re-instate when I moved to a different host. I have a ticket submitted to get help in blocking CFIDE path requests to the outside world (so that it will only be accessable locally via RDP).
If someone/something could modify the application.cfm file, why look for just it, unless it was just a lazy scripted attack looking for application.cfm files specifically. And while I did not have one before, why did someone not just upload their own?
How and why was my application.cfm changed, and why not the index.cfm files directly if they had some other avenue of access?
My question is this - can the application.cfm be tricked into modifying itself?
Thanks in advance!

Sorry about that - a misunderstanding. When you said you "deleted the application.cfm and onrequestend.cfm and cleanded up my files...", I took that to mean you only deleted the code. I assumed the files to still be on the file system. For, to run a ColdFusion application of any substance, you do need an Application file.
aotgnat wrote:
The attack was only inserting javascript into my index pages via the application.cfm .
Not necessarily via the application file. What the attacker may very likely have exploited is a ColdFusion Cross Site Scripting (XSS) vulnerability. This link shows you that a cfform, user-agent HTTP header, etc. may be used in an XSS attack. (See the XSS vulnerabilities relevant to CF9, which include CVE-2009-3467, CVE-2010-1293, CVE-2011-0583, CVE-2011-0733, CVE-2011-0734, CVE-2011-0735, CVE-2011-2463, CVE-2011-4368).

Application.CFM not loading?

Hi,
I've built several sites under prior versions of CF - but
just recently installed CF MX 7. I'm also new to Linux
installations.
On a site I've built - the pages seem to be working
correctly, except that variables being set in application.cfm are
not being recognized.
When I go to the pages that are utilizing the variables and I
replace them with static values -they are working fine. So I know
the CF server is running and there are no issues from that side.
Is there some CF Admin setting that can be turned off that
I'm not aware of? I know linux is case sensitive with file names -
I have application.cfm in all lower case. Is that wrong??
Any help would be greatly appreciated. My workaround would be
to add a <CFINCLUDE> to the top of all pages that need to
reference those global variables. I'd prefer not to do that.
Thanks!!

Make sure the filename is "Application.cfm" (note the capital
A). Linux is case-sensitive.

Symbolic Links do not work for Application.cfm in CF10

I have a Web, that use a symbolic link for centralized code.
The Application.cfm, stored in the original web-root, will not read from code
in the linked directory.
Thank you for your assistance.

Adam,
it seems to be a bug.
The "Application.cfc/Application.cfm lookup order" in the ColdFusion Administrator seems not functional as expected. I did several tests and it happens not only at symbolic links. This happens on every subdirectory.
Am I wrong, when I expect, that the "highest" Application.cfm found in a tree should be executed?
Example:
Application.cfm
aaa.cfm
"subdir1"                                 "subdir2"
bbb.cfm                                   Application.cfm
                                                ccc.cfm
Settings in the ColdFusion Administrator
Default order:
- aaa.cfm: should execute the Application.cfm in root (/) only.
- bbb.cfm: should execute the Application.cfm in root (/) only.
- ccc.cfm: should execute the Application.cfm in subdir2 only.
Until Webroot
- aaa.cfm: should execute the Application.cfm in root (/) only.
- bbb.cfm: should execute the Application.cfm in root (/) only.
- ccc.cfm: should execute first the Application.cfm root (/) and then in subdir2
In Webroot
- aaa.cfm: should execute the Application.cfm in root (/) only.
- bbb.cfm: should execute the Application.cfm in root (/) only.
- ccc.cfm: should execute the Application.cfm in root (/) only.
Am I wrong with this?
In my case, only "In Webroot" work as expected.
Torsten

Application.cfm Template

Similar Messages

Maybe you are looking for