All geek questions in one place

What file extensions is affected by ColdFusion Trusted Cache

What file extensions are cached by the trusted cache? CFM and CFC are obvious, but what about CFR? Are there any other file extensions that fall into Trusted Cache?

In some places that I know / suspect that the files go into the template cache:

  • directly specified in the url ( cfm , cfml , cfc , more?)
  • cfinclude (any file extension used by cfinclude, for example <cfinclude template="./some.css"> )
  • cfmodule ( cfm , more?)
  • cfimport ( cfm , also jar and tld ?)
  • cfobject, createobject ( cfc , also .net, com, java and web services?)
  • cfreport ( cfr , which can be done using the cfcompile utility?)

Are there other tags that will have the same effect of adding content to the template cache?

+6
source share
3 answers

Unfortunately, there is no official source for this information. However, with a lot of work, you can test each tag to see if the files fall into the trusted cache.

Your first two bullet points are covered by the answer of Sean Holmes and the answer of Sean Corfield respectively.

Bullet 3: cfmodule is limited to cfm files, so the extension is the only one you need to worry about.

Bullet 6: cfreport should not enter the template cache, because it converts the file, and does not compile it to execute code.

0
source

Adobe ColdFusion (and Railo) compiles CFML templates into JVM bytecode and, if configured, writes the compiled classes to disk as .class files. The template cache is a mechanism for saying: if the target class is already loaded, do not look at the file (source) on the disk to see if it needs recompilation - trust what is in memory.

Recent improvements to ACF and Railo allow you to indicate that (source) files can always be checked (not trusted), once per request, never (always trusted).

This should not be news to everyone.

Obviously, ACF and Railo will compile any .cfm or .cfc file that will be asked to process so that they "fall" into the trusted cache, if it is enabled.

If you include a file - any file - ACF and Railo will also compile this into the JVM bytecode (and create a .class file on disk, if configured for this). Since the compiled file is compiled, it will also โ€œendโ€ in the trusted cache. What happens if you include a CSS file? It compiles to bytecode, which outputs the entire contents of the CSS file as a string into the response stream. Since this is a compiled class that now outputs a hard-coded string, if you change the CSS source file and include the trusted cache, ACF and Railo will trust that in the class loader and not recompile it (it is assumed that the source is never checked by admin setting).

You can verify this by clearing the cfclasses folder, restarting your CFML engine, and running the code. You will see a .class file for your CSS file (assuming you saved the class files to disk).

So, cfinclude force compiles โ€œanyโ€ file and the usual rules of the trusted cache apply to classes loaded into memory.

I no longer use ACF, so I canโ€™t talk in detail about .cfr files (Railo does not support report files), but this will most likely depend on whether the ACF compiles the .cfr file or not. This should be easy to verify (by looking at the cfclasses folder).

+7
source

By default, ColdFusion comes with the * .cfm, * .cfc, and * .cfml extensions displayed in JRun as trusted names. You can view these mappings by opening the j2ee-web.xml and web.xml configuration files in \ JRun4 \ servers \ cfusion \ cfusion-ear \ cfusion-war \ WEB-INF \ (or next to it, based on your installation)

 <servlet-mapping id="coldfusion_mapping_3"> <servlet-name>CfmServlet</servlet-name> <url-pattern>*.cfm</url-pattern> </servlet-mapping> <servlet-mapping id="coldfusion_mapping_4"> <servlet-name>CFCServlet</servlet-name> <url-pattern>*.cfc</url-pattern> </servlet-mapping> <servlet-mapping id="coldfusion_mapping_5"> <servlet-name>CfmServlet</servlet-name> <url-pattern>*.cfml</url-pattern> </servlet-mapping>

However, you can also manually configure completely new mappings here, which will allow ColdFusion to parse / compile CFML tags in files with a different extension (I worked with CF servers that were configured for .shtml parsing, for example)

Note. You will also need to do additional configuration for your web server, be it Apache, IIS or something else.

Once the CF is configured to process a file with a specific extension, it is added to the list of files that are processed in the trusted cache, since this file is ultimately equated to a compiled .class file under the hood.

+5
source

Source: https://habr.com/ru/post/902390/

More articles:


All Articles