You have probably seen the special security warning that appears when a page has "a mix" of secure and not secure resources. I recently ran into a usability issue with regard to this message that I thought deserved a quick post on the Muse. Let's start with an example:
Hello muse readers. I apologize for my long hiatus (which means a stretch of time where I was absent - it's not a size joke). I have been swamped with closing out the old year and implementing plans for the new year. I'm afraid our little chats were put on the back burner temporarily. However, now that new year has begun I am committed to continuing our friendship. I'd like to start out with something simple. Indeed, some of you may find this to be ColdFusion 101.
This post is going to discuss Boolean values. A Boolean is one of those datatypes more defined by how it is evaluated than by what it contains. The muse definition is that if something can return a "true" or "false" in the context of a logic statement (cfif) it is a Boolean. It may be other things as well, but it has the properties of a boolean and returns one of 2 states - true or false. Interestingly, every language handles Booleans differently and many of them use the same wild west sort of approach that ColdFusion uses - where several things can be used as Booleans.
Even if you don't know it, you use Booleans every time you create a cfif statement. Still, it's surprising how many advanced developers do not fully grasp all the ways that ColdFusion has of evaluating something as True or False. And having said that I am fully aware that some smarty-pants developer will immediately inform me of some new way I haven't seen before of evaluating true or false (thank you sir, may I have another).
Anyway, I'd like to take a little journey into the world of Booleans to start off my 2010 blogging. Note: this post has a number of neat "tips and tricks" that you may have not seen before. Whether you choose to use them can depend greatly on your environment, the structure of your code and the standard you are using (especially in a team environment). I'm not advocating for or against, although I have my own preferences. I'm only putting it out there as another arrow in your quiver. So with that caveat taken care of, let's begin.
My good friend Jake Churchill was surfing dev shed and he found this post regarding cfmail. The question is pretty easy, but one of the comments further down caught his eye. A user named mackindlays makes the statement that "Many mail services bounce CF generated mails now". Personally I do not believe there is any evidence that mail servers bounce CF generated mail any more than .NET generated mail or PHP generated mail etc. Perhaps mail servers score mail that is obviously sent from a web server as "more likely to be spam". Certainly that was a contention of my previous post on the subject. At any rate, his solution was to spoof the mail headers for Microsoft Exchange using CFMAILPARAM.
Getting email to go through for your customer or newsletter can be tricky these days. An email has to work pretty hard to make it through all the barriers in its way. The problem is compounded when you have an automated email system like a newsletter or marketing apparatus. Even if you follow all the rules you may still achieve a marginal success rate. One of our customers (Tom Long of digbro.com) has a unique system for marketing that is clearly not spam. It involves users sending individual emails out to customers with whom they already have a relationship. It's not bulk email and there are clear opt out instructions. The email goes out in a small trickle of a few hundred an hour. The system tracks the lead internally and an elaborate reporting system allows the user to figure out success rates, run referral programs and keep track of the customer information.
In spite of the benign nature of this system it has still been difficult getting emails out to some domains - particularly large email domains like Yahoo and Hotmail. We have done some innovative things like creating a "scoring" system that utilizes calls to spam assassin to try and "rate" the email before it is sent. The user submits his email text, the system dummies up an email, pipes it to Spam Assassin, retrieves it back and extracts the score - all before the email is sent. Pretty nifty - but not a panacea. In spite of our best efforts the success rate to known good email addresses on larger email domains improved only marginally. This customer is one of those visionary men that simply can't help thinking outside the box. Check out his solution.
Now my readers know that I've seen enough Coldfusion code in my day that I can quote some livedoc articles verbatim (including the notes and comments). It takes a great deal to surprise me with something new. But here's a snippet I found the other day that made me sit up and take notice. The fact that it uses CFLOOP (one of the most ho-hum of all the CF tags) is even more surprising. This is a loop that iterates over time increments. You can use it to create incremental time objects that are n number of minutes or seconds apart. It doesn't look like you might expect either. Here is an example that loops from 8 to 5 in 45 minute intervals:
This little gem makes me giddy all over - and I don't get giddy easily. There was that one time at a Bette Midler concert in ‘99.... but I digress. Here's a method you may find useful during development, debugging and possibly for error handling. It's a method of the getPageContext() function that returns all scopes available to the request. That would be:
So you got hit with the latest SQLi attack eh? SQLi is the hip acronym for "sql injection" that fancy pants security people use. You've put in some stop gap measures and now you are slogging through 3000 queries trying to add cfqueryparam to everything. It's a laborious task to be sure. Here are some special tips from the muse that might help shorten it.
I'm a big fan of ColdFusion on Linux. Not that I know half as much about Linux as I do about Windows. Still, we have a good number of Linux servers here at CF Webtools and CF Linux Guru Ryan Stille keeps them all humming a happy tune. I think both platforms have advantages. If you have ever tried to write ColdFusion code that is able to run on both Linux and Windows you will know there a few differences. One difference is case sensitivity for file names.
On windows if you include a file called "myfile.cfm with a cfinclude that is something like <cfinclude template="myFile.cfm"> it will work just fine. Move the same code to Linux and it will generate a "File Not Found" error because of the capital "F" in your include statement. The good news is that once you fix this problem on Linux you can move it back to Windows and it will now work on both platforms. The other common problem is a bit more challenging. It has to do with file paths.
Mike Henke reminded me of this slick little tool called varscoper. Pass in a directory and it will ferret out all the places where variables are not correctly scoped. For example, it will sshow where you have not correctly var'ed variables in a function. The project was produced by Mike Schierberl who's blog has some excellent goodies and tips.
varscoper won't catch the cfhttp scope, but it would catch a variable declared as a result attribute. Either way, it could save you some headaches - especially when dealing with a large pool of code, or taking over someone else's code.
Over the past few days on CF Talk Ian Skinner has been struggling tuning an application that makes use of CFTHREAD. In his application a process spawns threads for creating report files. Ian Reports that the process would spawn the threads, but the threads themselves would neither complete gracefully nor respond to a "terminate" action (<cfthread action="terminate" ...>). No suggestions from the muse or anyone else seemed to help. Finally he upgraded to ColdFusion 8.0.1 and the problem appears to be resolved. Threads complete gracefully without hanging around.
Nothing in the 8.0.1 release notes raises any red flags with me that would indicate why updated to 8.0.1 resolved the issue. I suspect that something very specific about his JVM was causing it. Still, it's nice to know if you run into this ticklish issue there is a way around it.
It's pretty common to use the application scope to cache components. If your component is a collection of methods or data access functions it's often faster to put them into the application scope than it is to create an instance with each request. Now you probably know that you should quality all of the variables in a function with the "var" key word. This insures that the variable exists inside the "scope" of the function call. This allows multiple function calls to be made to the same instance without one set of variables over writing the other.
One of the areas where this can be difficult to manage is when using a ColdFusion tag that creates its own scope. Take CFHTTP as an example.
Here's a quick public service announcement for all the muse readers. Apparently Coldfusion Weekly (a popular podcast) is ending its run. To pick up the slack, community member and CF Guru Brian Meloche has started a new podcast called CF Conversations. His first release is a round table discussion with Rick Mason, Adam Haskell, Aaron West, and Jeff Coughlin. There is also an i Tunes link.
Recently on CF Talk Bobby Hartsfield presented an interesting problem. A vendor required a submission of data as an XML packet. Since the data all came from a form post Bobby wanted to simply loop through the form fields to build his XML file. Each of the form field names would become a node in his XML doc. Sounds simple right?
Actually there is a problem with this approach. XML is typically case sensitive. If the vendor uses all upper or all lower case that's not a problem because you could simply UCASE() or LCASE() the field names. But what if the XML node names need to be mixed-case? For example, what if a node name was AdminUserName? You could add a form element to the form called AdminUserName, but when it is posted Coldfusion turns it into all upper case - as in ADMINUSERNAME. It's too bad there is no way to access the original case of the form elements before ColdFusion intervened. As it turns out (and thanks to some nifty code from both Bobby and the very bright Barney Boisvert) there is a way....
From a reference on an email list I stumbled onto Pete Freitag's cheat sheet for CFSCRIPT and I thought it was worth mentioning. I use Cfscript for any largish block of logic. With the advent of CFC's it has become even more useful. I think the inline commenting is more readable and the syntax translates to other languages with a few modifications. To Pete's tips I would add the following:
Here is one of those finicky nuances that might surprise you about Coldfusion. Many languages have list functions or something similar to list functions. In many of these languages there is some version of split or splitf that allows you to specify any string as a delimiter regardless of length. This might lead you to believe that you can use a multi-character string as a delimiter in list functions in Coldfusion. Not only is this not the case but the way delimiters behave can cause you to believe it is working when in fact it is not. Let me explain.
 |
|
|
|
|
|
|
