Copy link to clipboard
Copied
Hi,
Debated a bit between posting this in the Administration forum or the main forum since it's a little bit of both. Hopefully I picked right
We don't make heavy usage of cfchart so we never noticed this issue, but I believe the issue is present since upgrading to CF 9, from CF MX.
Problem: When using cfchart, the code is generated on the page where the chart should be
<img name="Images_1442197870100010_PNG" id="Images_1442197870100010_PNG" src="/CFIDE/GraphData.cfm?graphCache=wc50&graphID=Images/1442197870100010.PNG">
Issue is with the src attribute: /CFIDE/GraphData.cfm from what I gathered online that file doesn't really exist on the file system it's just a special alias for ColdFusion.
Problem is that we restricted access to the /CFIDE with a url rerwrite rule to prevent external access to the Administrator from the outside, the rule is for everything in /CFIDE. If I modify it to only lock /CFIDE/Administrator the charts work again.
My concern is that is there any danger to exposing CFIDE to the public? I seem to recall a bug with the bundled version of fckeditor that would allow anyone to upload files if the access wasn't restricted.
--
JF
Can you just mod your rewrite rule, along these lines:
RewriteCond %{REQUEST_URI} !/CFIDE/graphdata.cfm [NC]
RewriteRule /CFIDE/ /bog/off/mate.html [NC,L]
?
--
Adam
Copy link to clipboard
Copied
Basically you're right on every level
Yes the mapping is needed for any CF ajax or charting stuff to work. Yes this can be an issue, so I tend to use rewrite rules just on the /administrator and /adminapi folders. In the past I've completely deleted the fckedited rubbish if I know I won't be using it.
There is one way around it - in your code you can write cfchart to a variable rather than just outputting it, using <cfimage action="write"...> you can then write that to any folder on the server. Create yourself a mapping to that folder IIS/apache and just use a standard <img> tag to reference it.
Obviously you'll need to make sure the names are unique, uuid or whatever. And you'll also need some method of mopping them up once you're done with them, but that's probably easier than dealing with the whole /cfide security issue for the sake of a few charts
Copy link to clipboard
Copied
Thanks Owain,
Very good idea to not use the CFIDE at all outputing to an image instead. For now I'll use the rewrite rule suggested in this thread as it's definitely easier, but next time I play with a chart I'll take the time to implement that solution as a custom tag probably.
Lot safer until Adobe decide to fix the underlying issues with using stuff from CFIDE.
Copy link to clipboard
Copied
Can you just mod your rewrite rule, along these lines:
RewriteCond %{REQUEST_URI} !/CFIDE/graphdata.cfm [NC]
RewriteRule /CFIDE/ /bog/off/mate.html [NC,L]
?
--
Adam
Copy link to clipboard
Copied
Good point!
That's the solution I'll use for now... tad bit more flexible if we ever need the other fancy stuff in /CFIDE the rule can be modified.
I really wish Adobe would get their act together, shared components that need to be publicly accessible shouldn't be in a directory with Administrator stuff...
Copy link to clipboard
Copied
Basically you're right on every level
Yes the mapping is needed for any CF ajax or standard charting stuff to work. Yes this can be an issue, so I tend to use rewrite rules just on the /administrator and /adminapi folders. In the past I've completely deleted the fckeditor rubbish if I know I won't be using it.
There is one way around it - in your code you can write cfchart to a variable rather than just outputting it, using <cfimage action="write"...> you can then write that to any folder on the server. Create yourself a mapping to that folder IIS/apache and just use a standard <img> tag to reference it.
Obviously you'll need to make sure the names are unique, uuid or whatever. And you'll also need some method of mopping them up once you're done with them, but that's probably easier than dealing with the whole /cfide security issue for the sake of a few charts
Copy link to clipboard
Copied
I'm running into this same problem. I recently upgraded from CF9 to CF10 and for some reason my chart images stopped displaying. When I right click the x'd out image it says not found /CFIDE/GraphData.cfm.
However, I did find that the images are indeed getting created but are being stored in the ColdFusion10/cfusion/charting/cache/ directory. So at least they are getting created, I just need to figure out a way to point to that folder so the images display when the graph is being generated.
Any ideas how to get that cache directory to output?
Copy link to clipboard
Copied
I just ran into the exact same problem, idesdema. Did you ever get an answer or figure it out?
Copy link to clipboard
Copied
Same thing here. Upgraded to ColdFusion 10 last night and now all my charts are broken. Who has the answer?
Copy link to clipboard
Copied
I am in touch with CF support to see if they can give me an answer. I will also check with my hosting provider to see if they're encountering problems, now that they are pushing us to migrate to to CF10. I am sorry but I have become accustomed to having CF functionality work right out of the box and am wondering what other surprises are in store. (e.g., CGI.PATH_INFO going blank).
Copy link to clipboard
Copied
Just as an FYI, here is what CF Support told me to do after sending them a ton of info.
Just so you know, it didn't work.
Copy link to clipboard
Copied
Simple answer: I uninstalled CF10 and CF8, in that order, and then reinstalled CF10 and all the updates and, voila, charts worked. I guess CF10 and CF8 didn't play well together. CF support, take note, as you were of no help in this!