2009
Strange Error When Using <cfsavecontent> Within <cfthread> On a Shared Server
ColdFusion , CFML Add commentsIn my previous blog post, I mentioned running into a "weird issue" involving the comment subscription functions in MangoBlog. That functionality worked perfectly fine on my development machine, but when I uploaded everything to my site on a HostMySite shared server, I discovered that the database records for subscribers weren't being created.
After a lot of digging and experimenting, I tracked down the error. There are several places during the subscription process where variables are created using the <cfsavecontent> tag (the SQL for the record insert, the text of the email templates, etc.). When that code tried to run, I'd get the following error:
access denied (java.io .FilePermission C:\ColdFusion8\wwwroot\WEB-INF\cftags\savecontent.cfm execute)
Normally, that's the kind of error you get when access to a certain CF tag is disabled by your hosting provider. But I was able to write a simple .cfm page that used <cfsavecontent> and run it without any problems.
So I did some searching on Google and came across this Atlanta CFUG discussion thread:
http://www.mail-archive.com/discussion@acfug.org/msg05438.html
Apparently, there is some scenario (possibly involving sandbox security) in which <cfsavecontent> will not run inside of a <cfthread> tag. Since it's very likely that HostMySite has my site within a sandbox, I looked in the MangoBlog code for instances of <cfthread>, and indeed it turns out that the code events triggered during the subscription process were being processed through <cfthread>.
Rather than taking the time to figure out which events needed to be prevented from running inside <cfthread>, I simply added code to avoid that usage of <cfthread> entirely. (Please note that I'm not by any means an expert on MangoBlog, so don't take this as a recommended fix. And MangoBlog is designed to run on CF 7: the use of <cfthread> is optional, but from what I gather the blogging engine will use it if it's available).
When Adobe released the public bug tracker for ColdFusion today, I did take a brief look through it to see if this type of scenario was documented, but didn't see anything. There's no point in reporting the bug until I know what the exact conditions are that cause it to occur: maybe if I have some time, I'll set up sandbox security on my CF 8 developer box and tinker with it.
Anyone else (besides me and the Atlanta CFUG folks) ever run into this particular problem?
Jul 14, 2009 at 1:19 AM Sandboxes are still, despite being available for quite some time, kind of hard to nail down exactly. I've been working on a list of directories needed and the corresponding tags that require access to them.