Skip to main content
J
jfrobishow
Known Participant
March 14, 2011
Answered

cfchart /cfide/graphdata.cfm issue

  • March 14, 2011
  • 4 replies
  • 5940 views

Hi,

Debated a bit between posting this in the  Administration forum or the main forum since it's a little bit of both.   Hopefully I picked right

We  don't make heavy usage of cfchart so we never noticed this issue, but I  believe the issue is present since upgrading to CF 9, from CF MX.

Problem: When using cfchart, the code is generated on the page where the chart should be

<img  name="Images_1442197870100010_PNG" id="Images_1442197870100010_PNG"  src="/CFIDE/GraphData.cfm?graphCache=wc50&graphID=Images/1442197870100010.PNG">

Issue is with the src attribute: /CFIDE/GraphData.cfm from what I gathered online that file doesn't really exist on the file system it's just a special alias for ColdFusion.

Problem  is that we restricted access to the /CFIDE with a url rerwrite rule to  prevent external access to the Administrator from the outside, the rule  is for everything in /CFIDE.  If I modify it to only lock  /CFIDE/Administrator the charts work again.

My concern  is that is there any danger to exposing CFIDE to the public? I seem to  recall a bug with the bundled version of fckeditor that would allow  anyone to upload files if the access wasn't restricted.

--

JF

    This topic has been closed for replies.
    Correct answer Adam Cameron.

    Can you just mod your rewrite rule, along these lines:

    RewriteCond %{REQUEST_URI}    !/CFIDE/graphdata.cfm [NC]
    RewriteRule /CFIDE/            /bog/off/mate.html [NC,L]

    ?

    --

    Adam

    4 replies

    A
    Anonymous
    November 8, 2012

    I'm running into this same problem.  I recently upgraded from CF9 to CF10 and for some reason my chart images stopped displaying.  When I right click the x'd out image it says not found /CFIDE/GraphData.cfm.

    However, I did find that the images are indeed getting created but are being stored in the ColdFusion10/cfusion/charting/cache/ directory.  So at least they are getting created, I just need to figure out a way to point to that folder so the images display when the graph is being generated.

    Any ideas how to get that cache directory to output?

    J
    jonrider
    Inspiring
    March 5, 2013

    I just ran into the exact same problem, idesdema.  Did you ever get an answer or figure it out? 

    D
    davecordes
    Known Participant
    March 6, 2013

    Same thing here. Upgraded to ColdFusion 10 last night and now all my charts are broken. Who has the answer?

    Owainnorth
    Owainnorth
    Inspiring
    March 14, 2011

    Basically you're right on every level

    Yes the mapping is needed for any CF ajax or standard charting stuff to work. Yes this can be an issue, so I tend to use rewrite rules just on the /administrator and /adminapi folders. In the past I've completely deleted the fckeditor rubbish if I know I won't be using it.

    There is one way around it - in your code you can write cfchart to a variable rather than just outputting it, using <cfimage action="write"...> you can then write that to any folder on the server. Create yourself a mapping to that folder IIS/apache and just use a standard <img> tag to reference it.

    Obviously you'll need to make sure the names are unique, uuid or whatever. And you'll also need some method of mopping them up once you're done with them, but that's probably easier than dealing with the whole /cfide security issue for the sake of a few charts



    A
    Adam Cameron.Correct answer
    Inspiring
    March 14, 2011

    Can you just mod your rewrite rule, along these lines:

    RewriteCond %{REQUEST_URI}    !/CFIDE/graphdata.cfm [NC]
    RewriteRule /CFIDE/            /bog/off/mate.html [NC,L]

    ?

    --

    Adam

    J
    jfrobishowAuthor
    Known Participant
    March 14, 2011

    Good point!

    That's the solution I'll use for now... tad bit more flexible if we ever need the other fancy stuff in /CFIDE the rule can be modified.

    I really wish Adobe would get their act together, shared components that need to be publicly accessible shouldn't be in a directory with Administrator stuff...

    Owainnorth
    Owainnorth
    Inspiring
    March 14, 2011

    Basically you're right on every level

    Yes the mapping is needed for any CF ajax or charting stuff to work. Yes this can be an issue, so I tend to use rewrite rules just on the /administrator and /adminapi folders. In the past I've completely deleted the fckedited rubbish if I know I won't be using it.

    There is one way around it - in your code you can write cfchart to a variable rather than just outputting it, using <cfimage action="write"...> you can then write that to any folder on the server. Create yourself a mapping to that folder IIS/apache and just use a standard <img> tag to reference it.

    Obviously you'll need to make sure the names are unique, uuid or whatever. And you'll also need some method of mopping them up once you're done with them, but that's probably easier than dealing with the whole /cfide security issue for the sake of a few charts

    J
    jfrobishowAuthor
    Known Participant
    March 14, 2011

    Thanks Owain,

    Very good idea to not use the CFIDE at all outputing to an image instead.  For now I'll use the rewrite rule suggested in this thread as it's definitely easier, but next time I play with a chart I'll take the time to implement that solution as a custom tag probably.

    Lot safer until Adobe decide to fix the underlying issues with using stuff from CFIDE.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices