When using <cffile action=“upload” accept=“text/html” . . I cannot upload an .htm or .html file. I get an error like:
Upload of files with extension [htm] is not permitted. You can configure the lucee.upload.blacklist System property or the LUCEE_UPLOAD_BLACKLIST Environment variable to allow that file type
I understand the security reasons, but this is not an issue for my system.
Does anybody know how to configure Lucee to accept those files in upload?
I have no idea how I could “configure the lucee.upload.blacklist System property or the LUCEE_UPLOAD_BLACKLIST Environment variable” as suggested by the error message.
I could not find any info.
The same code works with no problem with Adobe ColdFusion
Thanks in advance
Don’t forget to tell us about your stack!
OS: Windows 10 Pro Java Version: 11.0.7 (AdoptOpenJDK) 64bit Tomcat Version: Apache Tomcat/9.0.35 Lucee Version: Lucee 5.3.6.61
Thanks Zac, however I have no idea where to find my "constructor for your Application.cfc "
I added the line in the Application.cfc, restarted Lucee and still have the same error. So I guess I need to know where "constructor for your Application.cfc " is.
Best regards,
Paul
the constructor is just the section at the start of your Application.cfc before any functions
component {
// this is the constructor section
this.name = "myCoolApp";
this.blockedExtForFileUpload="asp,aspx,cfc,cfm,cfml,do,jsp,jspx,php";
function onApplicationStart() {
// do thing here if you need/want to
}
}
Thanks again Zak.
Unfortunately, I converted a ColdFusion application of a million + lines of code which was written at the time ColdFusion was Allaire and Application.cfc did not exist. My application uses many application.cfm and it would be a nightmare to convert to .cfc with absolutely no advantage (the application runs just fine as it is with Application.cfm, if not broken don’t fix it!).
Is there any possibility to fix the problem without using application.cfc?
Adding some code at the beginning of my Application.cfm’s ?
All my best to you,
Paul
Thanks again Zac. Your solution works however I have some remarks on applicability and Application.cfm versus application.cfc.
You seem to believe that it “shouldn’t be that hard” to go from .cfm to .cfc. Well, it took me 3 weeks for one application. I had always suspected that this .cfc thing based on the general idea of object oriented was a mistake. And, yes, big mistake trying to convert application.cfm to application.cfc.
To my disbelief, I discovered that application.cfc runs ONLY ONE aplication and needs to be duplicated with its environment if you have multiple aplications running on the same system.
In my case, I had 15 different web sites all running the same code, all running under a SINGLE Application.cfm. When I converted to Application.cfc I discovered that every-time one of the web site was accessed it killed the (only!) other one running. Unless I am profoundly mistaken (correct me if so), the only solution I found was to duplicate 15 times Application.cfc and its environment to finally have a working system. Talk about progress: a single few pages of code now needing to be duplicated 15 times, with the nightmarish maintenance associated. 10 pages of code going to 150 pages of code. What a great progress!
This brings me to a point which maybe would deserve another blog entry : the original Allaire ColdFusion was developed to have a concise and very rapid development system using a high level language. Knowing only Java, the Adobe developers quickly made it a stupid copy of Java. Then ColdFusion has really no more reasons to exists. Why use ColdFusion when it became almost identical to Java?
A single page of code using the “old” style Coldfusion usually corresponds in 3 to 4 pages of the “object oriented” ColdFusion. This is not progress: it is going backwards.
If I was part of Lucee, I would go back to the basics and develop Lucee as ColdFusion was originally intended to be: a higher level language (much higher than Java, but I am not sure the Adobe engineers even understand that notion), easy and fast to develop. Get rid of this cfc crap! Be the real next generation language builders!
The goal of commercial computer languages is to allow an easier access to computers, an easier and faster programming, debugging and maintenance than using assembler code. It is not and SHOULD NOT BE to develop something based on a beautiful ideology on paper. There are languages like Lisp to do that, they are very interesting for university teaching, not for real world applications.
All of this being said, I want to thank all the Lucee team for the incredible work they do.
Hi Paul, thanks for posting your experience and thoughts. I’m chiming in because I would really like to know what experiences you had in more details. I know it’s possible to run different sites with one and only code base, but it all depends on how you want to run your applications and how you are setting it up. What was the problem in detail? Did your apps get in conflict because all contexts were being served by one WEB-INF folder? I think one possible solution could be pulling the WEB-INF folders out of the webroot. Did you try that?Securing /WEB-INF/ by moving it outside of the web root :: Lucee Documentation
Andreas, Zac:
Very schematically this is how one of my systems worked (and still works with Application.cfm).
Let’s suppose we have two web sites web1.com and web2.com. Both use the same ColdFusion code but are very different.
Index.cfm (or any page) implicitly calls Application.cfm (a single one).
Application.cfm looks at CGI.SCRIPT_NAME to find which one of the two sites called.
Application.cfm queries a database common to all web sites and find the Application name associated with the caller. Ex: it find Application name = App1 for web1.com and sets AppName = “App1”
Application.cfm executes a <CFAPPLICATION Name=“#AppName#” . . .
A single check on the existence of one Application variables (ex Application.Language) tells Application.cfm if this application just started or not.
If the application just started (Application.Language was undefined) Appliocation.cfm runs a query on a database for this App1 application. The database contains pairs of (name,values) for all Application variables we want to set for App1. A simple loop then sets the 150 to 200 specific Applications variables we want for App1
That has worked like a charm since ColdFusion Allaire
That does not work with Application.cfc as let’s suppose a call was made by Web1.com. It starts (Wonderful, I thought my Application.cfm was working!) BUT BUT
As soon as Web2.com calls the stupid Application.cfc triggers on Application start , creates a new application with the name App2 and the environment of App1 which was running for Web1.com is gone! Now App2 runs but App1 is dead and as soon as Wedb1.com calls a page it restarts App1 (losing all the session and other App1 environment which was running before) and . . .kills App2!
I believe the problem is due to the fact that this stupid object structure makes Application.cfc part of the application it created when Application.cfm was “outside” the context of any application.
The only solution I found (after a few days of thinking, but maybe there is a better solution? Don’t hesitate to call me dumb if I missed something obvious) was to create a new “environment” folder for each application web1.com, web2.com, web3.com . . . and to duplicate Application.cfc and a few other necessary templates into each of those folders. For this to work, I created links into wwwroot to the folders for web1, web2, web3 . . .
This works but is very ugly and makes debugging and maintenance a nightmare.
Waht did I gain with Application.cfc? Nothing, Zilch, Niente, Rien du tout
O Yeah, the line OnApplication start did not exist and had to be replaced by a simple <CFIF IsDefined("Application.xxx Big deal! What an advantage for .cfc!
What did I lose: a lot, un sacco, beaucoup, mucho mucho
Thanks again to both of you for your precious help.
this is not the problem: the application name is set correctly. the problem is that as soon as an application name is set by application.cfc any other application which existed before is gone. the only solution l found was to duplicate application.cfc in different directories. you can try it yourself with a very simple setting (l did to try to figure out what was going on).
takes 10 minutes to try:
write a simplistic application.cfc. make it read a name on startup (from a file or whatever) do the cfapplication with this name. just to try, set a single application variable to whatever.
change the name in the file and browse to the code in a different tab or browser. application.cfc is executed and INSTEAD of creating a new application independent of the first one still running, it creates a new application environment destroying the first one. try to run the first browser the first app is gone.
Adding to my answer above:
After checking that Application.cfc does not run two different applications, simply change Application.cfc to Application.cfm.
Now you can run the two apps at the same time, browsing from two different places.
